Box Cloud Mobility Information Sharing 2013

Page 1


A Perfect Storm? Cloud, Mobility and Information Sharing for the Federal Government Addressing the Government’s requirement to better share and collaborate – securely from any device, anywhere. The military and civilian students who attend the U.S. Army

Global Institute’s July 2012 report, The Social Economy:

Unlocking Value and Productivity through Social Technologies, found that there is significant impact for those businesses that allow employees to interact with each other as well as

War College are used to having their hands full at the beginning

customers, partners, and prospects. According to the report,

of each academic year – literally.

the average worker spends about 28 percent of his or her

“Over the course of our 10-month program where people

workweek dealing with emails, and another 20 percent of their

get Master’s of strategic studies, we issue a stack of printed

time looking for information or colleagues who can help them

books — ­ printed PDFs and other types of reading materials,”

do their jobs.

explains Col. Steve Sobotta, director of educational technology

Indeed, until now, most collaboration has been done via

at the U.S. Army War College. “That stack might be two-to

email, but that model is no longer sustainable or smart, says

two-and-a-half feet tall when placed on top of each other. Not

Laurence Hart, CTO at AIIM, a non-profit industry association

only is that a heavy load to carry for the student, but it’s also

providing education, research, and best practices to help

a heavy financial burden for the College to print those books

organizations find, control, and optimize their information.

for each of the 400 students

“E-mail is inherently

who attend our school.”

insecure,” says Hart. “If you

The other issue the

are sending an email you

College faced: It was

don’t know who receives

difficult to provide access

it, if it has been forwarded,

to materials online since

or what happens to your

students had to be located

information once it leaves

within the physical institution

your organization. There’s

to log on to the classified

also no version control.”

network. About a year ago

Improving communication

the War College piloted a

and collaboration could

program using Box that gives

raise the productivity

all of its students the ability to access those printed materials

of “interaction workers” by between 20 and 25 percent,

from any mobile device or Web browser. Today students

according to the McKinsey Global Institute report. Box’s

are able to go online to read their coursework, including

vision – simple, open, and secure content collaboration – is a

copyrighted texts. But even more important, they can discuss

panacea for those looking for ways to do this. It certainly helps

those texts, highlight them electronically, and merge them with

people like Col. Sobotta and countless other agency heads

other types of media including audio and text files.

who are experiencing the need for constant communication

Thinking Outside the Box With its efforts, the U.S. Army War College, like many federal

and information sharing first hand but can’t find the technology to make it happen. “Across the board, there’s a need to be able to collaborate

organizations, is fulfilling the Cloud First policy mandate, which

and share much more effectively, and right now the technology

directs organizations to prioritize the use of of cloud computing

out there impedes our ability to make that happen,” agrees

offerings to reduce costs, among other things. It’s also

Aaron Levie, the CEO and co-founder of Box. “When you have

moving to facilitate collaboration, something that is becoming

technology that doesn’t support collaboration, and when you

increasingly important within enterprises as well as public

have information systems that are really meant to lock down

organizations and agencies.

data and knowledge, it’s very, very hard to be able to have

There is research to back this up. For instance, McKinsey

people share information as quickly and easily as possible.”


Cost is also an issue since the federal

In addition, even those agencies that

budget crisis is affecting every agency

can handle security and compliance have

out there, according to Alex Rossino,

infrastructure that is stove-piped. It’s

principal research analyst at Deltek’s

nearly impossible for them to even fathom

Federal Industry Analysis arm. “Agencies

re-architecting their existing content

are looking for any way that they can cut

infrastructure to allow content sharing

budget, and cloud is just a logical way to

across departments much less agencies.

do that,” he says.

“Most people today are just emailing [files] or using a SharePoint repository –

Content in the Cloud

whatever they have on hand. The idea is

Box allows people to more easily share

to cut through the knot, and the only way

content because everything — including

to really do that is to go whole hog into

multiple types of documents, images,

the cloud,” Says Rossino.

Flash, presentations, video and audio

When this happens, decision-making

files, PDFs, HTML pages, Javascript

becomes less fragmented and better

files — is stored within the cloud.

since information can be assembled into

The service’s underlying design provides enterprise-class

a single repository and everyone with the correct permissions

collaboration, security, and compliance with the ease-of-use

can access it, comment on it, and use it to guide innovation,

and simple integration of a software-as-a-service offering.

discussion, and strategy.

The simplicity is key because, up until now, one of the

This is certainly true in the case of the U.S. Army War

main things that have thwarted collaboration within the federal

College. Box richly enhances the educational process within

government and other public agencies has been complexity,

the school, says Col. Sobotta. “Deep discussions have started.

says Rossino. Files must be stored and archived in a specific

Instead of going a mile wide and an inch deep we can go a

manner and with high levels of security and replication, as

mile deep and an inch wide,” he says. “Plus, students and

spelled out by a variety of reporting and compliance mandates.

faculty can do so 24/7 wherever they happen to be.” •

The Three Faces of Box Box services address three main

tagged with metadata, and stored.

uploaded, or deleted a file. In

trends that are driving the way IT

Data and files can be searched by

addition, since the Box platform is

and business gets done today.

keyword and attribute, and there

built on open APIs, users can create

1) Sync and share: Consumers

is high-level annotation, structure,

apps to help manage their data and

and business users are already

and taxonomy available. In addition,

use it to its fullest extent.

used to Microsoft’s SkyDrive™,

version control becomes easier as

The result is a platform that’s ready

Apple’s iCloud, and Dropbox™’s

documents and files are checked

to alter the way business gets done.

service. Box takes this paradigm

in and out. The best part: Access

“We’re still figuring out what it means

farther by making access device-

remains in the hands of IT, which

in terms of the way it’s going to

and OS-agnostic and coupling it

sets and grants access based on

change how government, healthcare,

with the security and compliance

user, department, and any number

and other security-sensitive verticals

that the public sector and some

of other parameters.

do business, but the ability to pull up

enterprises require.

3) Mobile access and tracking: Data

data that you want and instantly get

2) Enterprise-level content indexing

can be shared in its native form

it in front of you and others who are

and access: Data is only as good

on any device or platform, but

working with you is incredibly game

as how quickly it can be found.

controls are still in place. IT can see

changing,” says Aaron Levie, the

With Box, all files are indexed,

who opened, shared, downloaded,

CEO and co-founder of Box.


Cloud Security: It’s Not Ethereal Two of the main cloud concerns that most public and private sector users have voiced are related to security and compliance — can you have both when you’re dealing with the public cloud?

This couldn’t be further from the truth, he says. Most cloud providers are able to offer security levels that are on par if not more stringent than what can be found in the enterprise. Corporate America recognizes this. A May 2013 cloud security study commissioned through IDG Connect found that

Box employees live and breathe security, constantly striving to

companies have become increasingly comfortable with the

create a better cloud ecosystem for Box’s customers and the

security of third-party cloud service providers.

industry as a whole, says Justin Somaini, the company’s chief

According to the study, 51 percent of IT executives surveyed

trust officer. There’s good reason

believe that the cloud increases

behind this focus.

data security overall, while 59

Cloud-based services are

percent of respondents were very

exploding in the public and private

confident in their ability to control

sectors, but there’s a struggle

and manage access from mobile

going on in IT, according to a

devices to cloud services. Several

December Gartner special report,

federal CIOs agreed during an April

Gartner Predicts 2013. The U.S.

18 panel discussion. “Trust on the

federal government is in the thick

government side is increasing as

of it, according to Gartner, thanks

we see it work,” explained Chuck

to Cloud First and The Federal Risk

Riddle, CIO of the Government

and Authorization Management

Printing Office during the event.

Program (FedRAMP). CIOs and their organizations are looking

The Secret Security Sauce

to encourage and support the

At Box, customers such as the

expansion of cloud computing, but

Government Services Administration

at the same time make sure that

(GSA) are seeing it work because

the appropriate security is in place.

it gives end users instant access

Only companies that understand this

to critical information in a secure

struggle – and the reasons behind it

fashion. GSA files — like all files that

– can be part of the solution. Somaini

are stored on Box — are encrypted

says Box is one of them.

while they sit on Box servers, and

Better Than Your Data Center This requires a very basic yet significant focus on back-end

only those GSA users who have the right authentication credentials can access and decrypt files. From a rights management perspective, control lies solely

security features well as what happens during information

in the hands of the administrator, who controls all the account

transport and delivery. It also includes not only a willingness to

settings and access for GSA users.

have an exchange of ideas but a desire to work with partners

Everything from password strength and resets to the number

and customers to advance cloud security as a whole, says

of failed logins allowed to session duration is customizable. In


addition, the administrator can set permission as to what users

Indeed, security is often the first thing that many CIOs and

can do once they access files. They can allow – or disallow – a

CISOs bring up when they sit down with a cloud provider.

user to download, edit, or share a document, and can require

“There’s a natural fear from leveraging past services,”

file-level password protection for confidential or high security

explains Somaini. “The impression is that cloud services

documents or assets. Those rights can be set to expire, too,

are not secure or, more importantly, less secure than their

so contractors or employees have time-limited access to files

enterprise is today.”

or instant access when they need it.


“Box gives us the perfect combination of being able to

the ability to access deep forensic information about who

transport information really easily, but then restricting selected

has accessed data, where they accessed it from, and what

information very tightly,” explains Bob Armstrong, program

changes were made to the data once it was touched.

analyst at GSA. Many of Box’s security controls are behind the scenes,

“You’re going to get a lot of information right there on the admin console,” explains Crispen Maung, the company’s

starting with the development of new code and features, says

senior director of compliance. “You’ll see a report that lists all

Somaini. Everyone who works at Box — from the software

the users who logged in, the IP addresses they originate from,

developers to the quality assurance staff — is taught to bring a

and the date and time of their access.”

security mind-set into everything they do.

Another unique benefit that Box brings to its customers is a

“There’s no better tool

willingness to sit down and

that you can have than an

discuss business-specific

educated developer who

security and compliance

goes through a process from

requirements and provide

the very beginning, who

advice about both, explains

learns how to code safely

Maung. “We want to talk

and securely while providing

through all the different

those rich features that

requirements and their

customers are looking for,”

interpretation of requirements

Somaini says.

so we can help guide them

Box’s management

through to help them make

supports this security

their systems and their use

mindset with weekly

of our systems compliant,”

meetings where they discuss

he explains.

at length numerous security

For instance, Box is

issues, such as the current

focused on making sure the

industry situation with

service is compliant with

advanced persistent threats

the ISO 27001 standard

and attacks, as well as customer and partner concerns. In

under Annex A, which means that it has taken a wide variety

addition, developers and other key staffers go through rigorous

of security and compliance issues into account, including

training and certifications. They are also given access to the

asset management, human resources security, access control,

many industry groups, partners, and security experts who have

information systems acquisition, security incident management,

been recruited to assist and collaborate with Box on cloud

business continuity, and regulatory compliance. “Internally,

security issues. The Box teams are also doing outreach on a

security and compliance are huge components of our

daily basis with partners

company’s DNA,” agrees Somaini.

“All of the processes incorporate security at such a deep

Finally, since one company cannot do it all, Box has created

level, such an expeditious level, that we’re able not only meet

partnerships with best-in-breed companies such as cloud

the feature functionalities we need to, but we do it with an

identity management company Ping Identity, mobile security

extreme scrutiny to identify faults, issues and security concerns

and management firm MobileIron, analytics provider Good

so our customers don’t have to worry,” says Somaini.

Data, and security control and analytics provider docTrackr.

Compliance and the Cloud: A Pair Made in Heaven

the best ones to be creating a security feature that customers

Security is only half of the equation, though. Compliance

these areas so that our customers get the peace of mind they

with government mandated regulations is crucial for most

need,” says Somaini.

government and public organizations. To that end, there are Box features that help IT more easily meet compliance requirements. For instance, Box gives IT

“Whenever we are unable to execute or are possibly not want we can turn to our partners, who are laser-focused on

And when that happens, when customers have the peace of mind and confidence in cloud security and access, everything falls into place. •


Customized Content and Collaboration in the Cloud In the age of bring-your-own-device, users want to do more than just see their content.They want to collaborate, too. Mobile devices and customized apps are making that happen for Box users.

people who are on the road and in the office.”

The days of the one employee/one computer paradigm

and their clients to create custom apps that are designed

are over. Today, employees work using a variety of devices

around specific missions and needs.

and applications – and many are designed and released by

Box’s staff is constantly working with app developers, selecting and evaluating the most popular productivity apps in the market and helping to integrate them securely with the Box platform. In addition, Box works with application developers

These apps, which are branded around the customer, make

companies that people have never heard of. This creates

workflow easier and more seamless, says Aaron Levie, Box’s

a conundrum for IT: CIOs and CISOs must decide which

CEO. “What’s exciting about these apps, especially the custom

applications and providers meet their users’ needs, while still

ones, is that a specific workflow or a specific set of documents

meeting the security and compliance levels that are required by

could be put out there and the employee in the field only gets

their organizations. “The entire mobile app ecosystem is completely fragmented,” agrees

to see those documents that apply directly to him or her.” These apps often end up in an

Chris Yeh, senior vice president

agency’s or organization’s own

of platforms at Box. “And IT often

private app store, says Yeh, providing

chooses to ignore it completely due

another layer of security. “You’ve got

to the fact that even when there are

CIOs or CISO’s saying, ‘Yeah, I’m

mobile apps out there, there’s a lack

going to build this app and it’s going

of confidence in them.”

to have special requirements that are

The result: There are still many

unique to me, and I’m going to host

agencies out there stuck using

it privately, and I’m still going to take

on-premises applications, which only

advantage of all of the power of the

work when users are in their offices

Box platform to enable it.’”

or tethered to secure networks. The

These users can create specific

Box OneCloud ecosystem is designed to solve all of these

paths within those apps that streamline use on-premises, too.

problems, giving agencies and organizations a way to improve

So, for instance, someone who was visiting an agency for a

productivity and accelerate their missions.

day can be given a mobile device that – when Box and the

The Box Mobile Connection

app is launched – takes them directly to the view and content that they are supposed to see. The process is simplified even

Box OneCloud is an ecosystem of mobile apps that integrate

further by Box customer success managers, who are available

with Box’s core features. Using OneCloud, IT can provide users

to answer questions, handle issues, and advise organizations

more than 500 apps that can be used to interact with the

on the best ways to roll out Box to the entire organization. And

various file types and content that can be stored, accessed,

this is only the beginning, says Levie.

downloaded, and shared using Box. In many cases, says Yeh, this also provides a way for users

“We have about five hundred partners on OneCloud today. We hope that we can eventually get into the thousands of

to interact with workflows in their organizations even when they

developers using this platform. This is a huge part of our

are on the road or in the field. “This is something that most Box

strategy and what we offer to agencies and the enterprise:

users need to get a handle on. Box isn’t just and

Being open and being able to serve all of these different use

a set of mobile applications, but a platform that can start to tie

cases quickly, securely, and instantly.” •

into the mission systems and provide true collaboration between


Solving the Data Leak Issue Cloud adoption has shifted into the mainstream, according to the

FCW: Where have your government customers and users

third annual Future of Cloud Computing Survey, released June

seen the biggest benefit and return on investment (ROI)?

2013 by North Bridge Venture Partners and GigaOM Research.

Manouse: In some cases it is easy – it is as easy as using Box to

Cloud adoption was up from 67 percent to 75 percent. More

replace a lot of investment for things like file shares and “S” drives,

important: 52 percent of organizations say they are using cloud-

or leveraging Box to eliminate infrastructure for things like managed

based applications to advance business priorities. Gaining business

file transfer. They are spending money on storage, infrastructure,

agility, cited by 54.5 percent of respondents, was the main reason

disaster recovery, and backup and the personnel to manage these

behind the push to the cloud. Box is one of those companies

outdated systems. The millions of dollars they spend on legacy

making it easier for organizations to improve business outcomes

systems could be put to better use or be dramatically reduced.

and boost productivity for employees, partners, and, in some

That represents immediate ROI.

cases, customers. FCW spoke to Chris Manouse, senior director,

I spoke to one agency with a mission that involves recruiting –

Box U.S. Federal Government, to learn more about what the

mostly younger people. And they very much compete for the best

company brings to the public sector.

and brightest. In order to review the applications, which arrive in one part of the country, they FedEx them, spending to the tune of

FCW: What are the basic business problems that

seven figures a year, as their means of collaboration. The simple

government and other public sector organizations are

mechanism of creating application folders inside of Box and having

looking to solve using Box ?

reviewers access them online would eliminate more than one

Manouse: There is a range – but for many it is as simple as what

million dollars a year. Plus, they’d be more competitive because

agencies call their Dropbox problem. They have employees who

the candidates could fill out their applications on Box and have an

want access to their content anywhere at any time on any device,

electronic interface with them. Or consider an organization like the

which is a good thing. However, what happens is they start to

U.S. Air Force with their initiative to bring iPads into the cockpit.

bring in these unsanctioned tools that create a problem because

They don’t want to haul heavy, 30- to 40-pound briefcases that

there’s no way to find out what they are doing with the content or

contain flight manuals and instructions, plus they may be in parts

who they are sharing it with. This is a problem for Federal CISOs.

of the world where they aren’t able to connect back to the official

With Box, sync and share is table-stakes. However, we provide it

systems. They need to be able to get to these documents and

with the enterprise security controls and governance required by

collaborate on the mission with field-level collaboration – and the

the CISOs. Yet, most agencies want to do more – they want to

reduction of weight in the cockpit has the potential to save millions

collaborate; they want to securely exchange content and advice

in fuel cost. And there are hundreds of other use cases I could give

with colleagues who are not with them or perhaps external to their

you, too.

agency. Furthermore, over the past several decades, agencies have deployed very complex – and quite expensive – enterprise

FCW: How does someone find out if Box is right for their

applications to manage the business processes that require these

agency or organization?

interactions, but the minute an employee leaves the building they

Manouse: In every single instance we sit down and discuss the use

are instantly disconnected. In addition, if they have to interact with

case of what they are looking to do. Then we can stand up a test

individuals outside of those organizations that don’t or can’t access

environment that’s unique and specific to their content so they can

those systems that presents an even bigger problem.

see that they can control everything and create content processes that are meaningful to their missions. They can also vet the security

FCW: What are the biggest misconceptions about Box?

and compliance perspective of Box. These free pilots are typically

Manouse: Many folks don’t have visibility to the platform side of

30 days and allow customers to see firsthand how Box can meet

Box, nor the enterprise security and administrative controls that

their requirements from both an IT and end-user perspective.

are availed to our enterprise customers. As a result, it may not be

Because the application is so intuitive, users are up and running in

obvious the power that Box provides as compared to consumer

no time with a full admin console on the backend for IT. •

tools or other point sync-and-share solutions. To learn more about Box, Inc’s products and services, please go to com/business/industry/government/. To reach a Box representative, e-mail or call 1-877-729-4269.

Millions discover their favorite reads on issuu every month.

Give your content the digital home it deserves. Get it to any device in seconds.