Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy
Penn+Box: Share With Care
Penn+Box is a useful and powerful collaboration tool. Thanks to end-to-end data encryption, you can securely share resources with other collaborators and also enjoy versioning, commenting and online editing features.
But with great power comes great responsibility: It’s always vital to be aware of what you are sharing and how the data is being shared.
Unlike the University’s Secure Share service, which confines sharing to only users with PennKeys, Penn+Box permits sharing with those outside of Penn. Follow these steps to help protect the confidentiality of the data you are sharing with non-Penn collaborators:
- Before you share, assess the level of data sensitivity based on Penn Data Risk Classification. For guidelines on the type of data you can store or share on Box, visit https://www.isc.upenn.edu/security/data-box-amazon
- Grant collaborative access only to those with a functional need to access a working file or a document.
- Regulate access to a particular collaborative file or document by setting specific controls over editing and permission for collaborators.
- Secure access by sharing a link that works only for those who are designated as collaborators. (Although you can share a link which works for anyone who receives the link, such an action is not a recommended security practice.)
- Remove collaborators’ access when the need for collaboration ends.
Both Box and the University have created documentation to help you make the best choices when sharing and collaborating with Box. Please contact your computing support provider for assistance with Penn+Box.
For additional information visit:
Information Systems & Computing’s Penn+Box service page at https://www.isc.upenn.edu/pennbox
Information on individual Box accounts at https://cloud.app.box.com/v/BoxPersonalEditions
Locate your computing support provider at https://www.isc.upenn.edu/get-it-help
For additional tips, see the One Step Ahead link on the Information Security website: