How Secure Is Box Cloud Storage

Jan 26 2024 - Category: Blog

Box is a widely used cloud storage service that allows users to store and share their files and documents online. As with any cloud storage service, security is a top concern for users of Box.

In this article, we will explore the security measures implemented by Box to protect user data, as well as the potential risks and vulnerabilities associated with its use. We will also discuss measures that can be taken to enhance the security of Box cloud storage and provide recommendations for users to protect their data.

Box does have good security, though it is not known as one of the more secure cloud storage providers. If you’d like to know who has the most secure cloud storage, read my article Most Secure Cloud Storage 2023.

What Box Does For Security

  1. Box offers strong encryption with AES-256-bit encryption for when your data is at rest on their servers.
  2. They use TLS 1.2 for encryption while your data is in transport back and forth from their servers.
  3. Box uses 2 Factor Authentication. 2FA is one of the most important security features. It adds an extra layer of security. Even if your password is compromised, hackers would still need to get your second-factor authentication, effectively making it twice as hard to gain access.
  4. Strong controls for collaborating and sharing.
    • There are seven different types of user accounts. You can assign other users to the account type that gives them only the access level that you decide.
    • Password-protected links for sharing data. You can set the expiration date for these links.
    • The ability for administrators to add restrictions to collaborators.
  5. Box gives you the ability to allow access only to users from certain IP addresses that you choose.

What Box Does Not Offer

  1. Zero-Knowledge Encryption, also known as Client-Side-Encryption.
    • Zero-Knowledge encryption is a data privacy tactic that means only the user can unencrypt the data. The password that is used to encrypt the data is created and applied on the user’s computer before the data ever leaves their computer. This means that no one other than that user can decrypt the data. The storage provider cannot decrypt the data even if there is a court order to do so.
    • Another benefit of using Zero-Knowledge encryption is that if the data at the data center is breached, it is encrypted, and the decryption key is not at that location, it is on your computer.
  2. Another security feature not offered by Box is open-source code. To be fair, very few cloud storage providers offer open-source code. The benefit that open-source code brings is:
    • Because the code is visible to everyone, the creators of the code cannot put in anything that their users would not want, like spyware or back doors.
    • The code is visible to anyone who wished to view it. That means that any weakness in the code is like to be found as there are more people looking at it.
    • Open source code often encourages community contribution which means that there is potentially a wider group of people scrutinizing and building the code base.

Things You Can Do To Make Box More Secure

While Box is lacking a few key security features, here are some steps that you can take to make sure that you are making use of the security it does offer, and even add some extra security to it.

  1. Always activate 2-Factor-Authentication. This nearly cuts in half the likelihood that your account will be compromised.
  2. Use strong passwords. The strongest passwords are created by password generators.
  3. Use a unique password that you haven’t used before. If a hacker gets the username and passwords from one company, they will then start trying them across all of the most popular websites in the world.
    • Don’t even try remembering your passwords and do not write them down. Use a password manager.
  4. If you are allowing others to have access to your data, understand the different access levels allowed through the type of account roles you assign to people, and always follow the concept of “least privilege” – never give anyone more access than they need.
  5. Use software to encrypt the data on your computer before you send it to the cloud. Software like:
    1. Boxcryptor
    2. Veracrypt
    3. Cryptomator


Overall, Box has pretty good security, but definitely not the best. I would recommend making every effort to keep your data safe and private by choosing a cloud provider with the highest levels of security and privacy.

Your data is very important and you have every reason to get the most secure data storage available. Especially considering that you can have top-notch security and privacy at the same price as the mediocre providers.

Make sure you consider the more secure options and if you still decide to use Box, encrypt your data before you send it over to the Box cloud.

Check my article Most Secure Cloud Storage 2023.