Box CEO: Security is Core in Ever-Changing Business World - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
Commentary
8/29/2019
08:30 AM
Connect Directly
Twitter
RSS
50%
50%

Box CEO: Security is Core in Ever-Changing Business World

CEO of Box, analyst from Gartner, others take a look at the increased demand for security in the cloud.

Improving cloud security can be as much about changing behavior within organizations as updating technology -- that was the message from the team at Box and the experts they invited to New York recently.

The private gathering was part of the unveiling of Box Shield, which offers new security controls for Box. The event included conversations about cloud security with insight from the likes of Gartner and others.

Box CEO Aaron Levie related the need for advanced ideas in security to the evolution of his company. When Box got its start more than 14 years ago, he said, the aim was to make it easy to access and share data from any device at anytime from anywhere. Change became necessary, though, as the company and the cloud matured. Levie joked that initially there was a risk that Box might have contributed to the shadow IT problem. When the company pivoted in 2007 to focus entirely on the enterprise market, he said new considerations were made out of necessity to securely manage, share, and organize content. “Fundamentally, we have to reinvent content management for the cloud age.”

Aaron Levie, Box CEOImage: Joao-Pierre S. Ruth
Aaron Levie, Box CEO

Image: Joao-Pierre S. Ruth

Part of that reinvention, Levie said, included trying to provide end users with the type of interface they wanted, otherwise they might turn to outside, unauthorized software -- the shadow IT problem.

Levie said he sees security increasingly become a core focus across many sectors beyond banking and financial services, where compliance and data privacy have been central for a very long time. “Now we’re seeing this be top of mind in every single industry -- life sciences, media, entertainment, sports, real estate,” he said. “Every single industry has sensitive data that is being shared and managed.”

The strategy at Box, he said, has adapted with the transformation under way in business, where the rules are fundamentally changing. For example, many work and business processes are extending beyond the organizations’ boundaries as contractors, customers, partners, and colleagues exchanging data digitally. That also can increase exposure to threats. “This is the first big challenge of security today,” Levie said.

How security is handled, though, can make or break employee productivity, he said. Onerous security measures might sway employees to choose tools that make it easier to get work done even if it conflicts with the rules. Employees who are unsatisfied with user experience might download their own software despite the escalation of risk. The potential for such exposure seems to be escalating. “The intellectual property we work with is now digitized and that digital content is being shared across numerous devices,” Levie said.

Such trends, he said, raised the need for new, secure methods of content management for the future of work and the cloud. “The way organizations collaborate and manage data is going to be essential to responding to these mega-shifts happening in business,” Levie said. “You can’t solve this problem and modernize how we work with legacy approaches.”

The burden of improving security rests in many hands, according to Neil MacDonald, vice president and distinguished analyst with Gartner. He said there is a tendency to frame security questions around whether AWS, Microsoft Azure, or other cloud services are adequately protected. “That is not where the issue is.”

Neil MacDonald, GartnerImage: Joao-Pierre S. Ruth
Neil MacDonald, Gartner

Image: Joao-Pierre S. Ruth

How things are set up and configured, he said, are the crux of the matter. That includes knowing who can do what and when. If organizations lose sight of that as they undergo transformation, they can invite in trouble. “This is where mistakes are being made,” MacDonald said.

Those mistakes may increase in the years to come. MacDonald offered up a projection, based on Gartner research, that 99% of cloud security failures expected to occur through 2023 will be the responsibility of the customer rather than a service provider that has been hacked. The way systems and processes are set up and configured can be a root cause of vulnerability, he said.

In some instances, a series of factors fall into place that creates gaps in security that are exploited. Such was the case with the recent breach at Capital One, MacDonald said. “There was a vulnerable application that was in production.”

He said in the Capital One instance, the server-side request forgery protection was not activated, which then led to a snowball effect that culminated in the breach.

Organizations should review their operations and ask themselves if they are monitoring for unusual behavior, especially when sensitive data was involved, MacDonald said. Enterprises should also examine their configurations for excessive risk, he said, such as users who have more permissions than they need. Improved such monitoring can help differentiate malicious activity from the normal functions. “The clouds are secure,” MacDonald said. “Are you using them securely?”

Joao-Pierre S. Ruth has spent his career immersed in business and technology journalism first covering local industries in New Jersey, later as the New York editor for Xconomy delving into the city's tech startup community, and then as a freelancer for such outlets as ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Is the Computer Science Degree Dead?
Guest Commentary, Guest Commentary,  11/6/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll