Forum Discussion

keithkelly's avatar
2 years ago

Box.com Security (for file attachments)

Our security team is getting the heebie jeebies about Khoros attachments (potentially containing PII) being stored on box.com. 

How much of a concern is this?  I'm aware Microsoft & other major tech companies use Khoros - how do they handle the security on this front?

  • keithkelly, Could you kindly offer additional details regarding your inquiry? If it's related to our company's storage practices, Khoros doesn't utilise Box as a primary enterprise tool. Instead, it is an optional sub-processor within Care and Community if you choose to turn on the "file preview" feature, and it is outlined in our list of sub-processors associated with our products.

    • keithkelly's avatar
      keithkelly
      Leader

      Primary concerns

      • Our secret / internal / proprietary information being stored in a box.com account that does not belong to us.
      • Our security team is unable to simply unblock the subdomain khoros.app.box.com, as there are default box.com domains that are necessary to access - such as app.box.com.   I just ran a network trace (via Chromes dev tools) & found a few others like cdn10.boxcdn.net, api.box.com, dl.boxcloud.com, and more.
      • Who owns/controls the files?