Get your copy of Security Service Edge (SSE) for Dummies. Get the eBook

Blog Data Protection Netskope + Box Shield: Advanced DLP for Cloud Data Protection
Feb 12 2020

Netskope + Box Shield: Advanced DLP for Cloud Data Protection

Netskope and Box are excited to announce our joint integration to enable customers to leverage advanced DLP capabilities that enhance data-at-rest enforcement of sensitive files stored in Box.

How does the integration work?

Through Netskope, customers can enable enterprise DLP capabilities within Box Shield to classify documents, via security classifications, to identify and label highly sensitive or regulated data managed in Box. Pre-configured policy templates in Netskope (PCI, PHI, HIPAA, GDPR) can speed up implementation times for customers, enabling them to quickly meet their unique requirements. From the Box Shield admin console, customers can configure access policies per classification – such as restricting public shared links, downloads, or 3rd party applications. As Netskope’s policies scan and classify files stored in Box, the classifications as will automatically invoke controls inside Box as configured in Shield. Netskope provides the option to leverage advanced DLP capabilities that include “exact match”, finger-printing, Optical Character Recognition (OCR) to ensure that the proper files are marked accurately. This empowers customers to enable granular security enforcement against content (files) that have been uploaded or created within Box.

Netskope and Box Shield Integration Overview

Together, Box can leverage the granular classifications applied by Netskope, or natively through the Box UI, to control and limit sharing and collaboration in-line – for example:

  • Shared link restriction: Specify who can access shared links
  • External collaborator restriction: Limit external collaboration to approved lists of domains, or block it completely based on the sensitivity of the content
  • Download restriction: Restrict file or folder downloads modalities
  • Application restriction: Specify which 3rd party applications and custom apps can download content from Box
  • And more…

Below are some key use cases where Netskope and Box Shield work better together to reduce risk and protect our customers’ most valuable content.

Key Use Cases

Financial Services

A financial services company has built a client portal using Box to better serve their wealth management clients. As part of the onboarding process, clients upload documents that contain PII – social security numbers, credit card numbers, addresses, and more.

To secure this process, the company can use Netskope’s API introspection to scan for PII upon upload, classify the files appropriately in Box, and enforce a set of admin-defined access controls using Box Shield. For example, all client documents can be labeled “Restricted”, which may prevent public shared links from being created, and only allow access from approved collaborators.

Life sciences

A pharmaceutical company is developing a new drug and is ready for clinical trials, which involves internal and external collaboration between Contract Research Organizations, auditors, and research scientists.

Using Netskope, the company can scan for PHI, including custom patient identifier numbers and Exact Match to reduce false positives. Netskope can automatically apply a predefined Box classification e.g., “Partner Only”, and Shield’s controls can ensure that only trusted CRO partners can be invited into the folders and access the sensitive data.


Organizations in regulated industries aren’t the only ones that need to protect sensitive information. For example, many premier sports leagues in the U.S. use Box to manage their content – sharing and collaborating on scouting reports, videos, and competitive insights. With Netskope + Box Shield, teams can ensure that all player information – such as health and injury reports which may contain PHI – are classified and protected by Shield’s access controls.