New Box for Government Aims to Reconcile Security and Collaboration

Content management company Box today unveiled its Box for Government initiative, which brings together different product suites designed for government and enables agencies to work remotely, collaboratively, and with an assurance of security.

Box for Government has already received a FedRAMP Provisional Authority to Operate (P-ATO) from the Defense Information Systems Agency, making it more accessible to Federal agencies.

“With FedRAMP, we’re now ensuring that the government can get the level of security, protection, and control of data they need to accelerate their move to the cloud and deliver critical government services more efficiently,” said Aaron Levie, co-founder and CEO at Box.

Though Box already works with more 6,500 government agencies across Federal, state, local, and international sectors such as the Department of Justice, Department of Energy, the U.N., and states such as New York and California, the FedRAMP P-ATO will enable a greater range of agencies to securely share and access data.

Kittner_20140506_8050
Sonny Hashmi, head of Box’s government strategy, says mobility and security are not mutually exclusive. (Photo: Box)

According  to Box’s head of government strategy Sonny Hashmi, Box’s security and usability go far beyond what is contained in the certification.

“There’s a baseline expectation when government agencies use a cloud service like Box,” Hashmi said. “That’s just half the picture.” He said that Box is also working to incorporate security and protection measures at every stage of product development and to institute a program of constant security monitoring.

The company will also provide an audit of Box for Government’s implementation across Federal, state, and local agencies, to ensure that compliance is passed to its customers.

“We feel that with Box technology, we can actually make a meaningful impact on this sector,” Hashmi said. Some of those security impacts include an increased visibility and detection of cyber threats, as well as Box KeySafe, which will allow agencies to directly manage their encryption keys. Box also hopes to improve field and mobile communication, by enabling government agencies to access sensitive files through mobile devices while still remaining secure.

“The balancing of things like BYOD [bring your own device] against security is probably one of their top three concerns,” Hashmi said of agency CIOs. “[Employees] are going to bring mobile devices to work whether agencies like it or not.”

While most agencies see this as a situation in which they will have to sacrifice some amount of security to increase mobility, Hashmi said that the two concepts of mobility and security are not mutually exclusive.

“Behind the scenes, IT should have more control than they ever had before,” he said, noting that a cloud service like Box could end up being more secure than traditional agency servers.

Hashmi also feels that security concerns are no excuse for a lack of collaboration in government, and sees Box as a way of removing the silos around government data.

“There’s not one difficult problem that government agencies can solve by themselves,” Hashmi said. “The challenge is not that agencies don’t want to work together.” Instead, agencies are simply unable to effectively share documents and information without compromising security, or going through a long and arduous network of IT red tape. The option of a secure and usable software that is incorporated across agencies, as the FedRAMP certification would provide, removes those kinds of boundaries.

Box also hopes that its product will ensure collaboration across governments.

“Especially with the globalization of policy, we’re seeing more and more opportunities for governments to work together,” Hashmi said.

Box’s certification will go far beyond government, however, as the company intends to extend the security enhancements from its Federal compliance to cover all its customers.

“As we go through FedRAMP compliance, it’s not just about building a separate little enclave for compliance,” Hashmi said.

Jessie Bur
About Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.
No Comments

    Leave a Reply