Box boosts security credentials with ISO 27001 Certification

News Maggie Holland May 15, 2013

Cloud content and collaboration giant Box gets validated for how it protects and secures customer data

Box today continued on its standards-acquiring spree by confirming it has been accredited with the ISO 27001 Information Management Systems badge.

This follows hot on the heels of achieving HIPAA compliance, which it announced last month, in addition to the acquisition of HTML5 document rendering and viewing specialist Crocodoc, which was confirmed just last week.

This latest standard will prove a boon for Box as the lack of independent standards and security fears remain a key barrier to cloud adoption.

It demonstrates the company’s commitment to securing and controlling customers’ data, according to a blog post by Grant Shirk, Box’s enterprise group product marketing manager.

Specifically, the ISO 27001 standard mandates how companies should go about the building, management and verification of content, data and other information.

Box also hopes the news will help further strengthen its success with customers in Europe, the Middle East and Africa (EMEA) where numbers have more than doubled in the past year.

The fact Box is relatively young – it was founded in 2005 – gives it a head start over competitors, which include Dropbox, iCloud and SkyDrive, as it can be more agile and responsive to customers’ needs, according to the company’s enterprise general manager Whitney Bouck.

“This is a big one for us. It really speaks to our enterprise-grade security. It’s a major milestone for us and I think now we’ll get some of the business that may not have to go through a custom security audit and take our certificate as enough,” she said.

“When you have an independent standard like HIPAA or ISO 27001 you at least have something common that people can refer to and say you’re that or better. I think that’s a very important mechanism for people to feel some level of security and safety and comfort that this is a safe provider and somebody who is serious about business and who can work with me and be a valid solution for me to look at.”

And users can certainly expect more in the way of standards and best practice, not just when it comes to security, in the future, Bouck told Cloud Pro. She added she would like to be able to produce a list with the key standards that matter ticked off a year from now.

“Companies really need something that is vendor independent they can rely on as a base level of measure as to compliance and security and so forth,” Bouck said.

“We’re working on a whole variety of other standards we want to comply with. We think there are some key ones that really matter. It gives us much more credibility and entry to specific businesses.”