Skip to main content
Visit Remote Work Tools & Guidelines and Student Remote IT Support for details on working remotely under the University's Coronavirus (COVID-19) recommendations
Penn Information Systems & Computing Systems Home

Search form

  • Find my LSP
  • Penn
System Status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Backup for Desktop & Laptop
      • Cloud Solutions
      • Data Center Services
      • Database & Middleware Services
      • Endpoint Management
      • Recovery Services
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • Knowledge Link
      • LinkedIn Learning
      • Provider Support Services
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • Penn+Box
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • Network Names & Numbers
      • PennNet
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
  • Collaborations
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Cloud First
    • Next Generation Unified Communications
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee
        • About PTIC
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • Strategic Goals
    • Recognition
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get Help
    • Support Center
    • Contact ISC Client Care
    • Rates for All Services

You are here

Home » Protecting Privacy & Security on Penn+Box

Protecting Privacy & Security on Penn+Box

Using Penn+Box is a great way to provide access to your documents from any device with a network connection and facilitate collaboration on projects and documents. All of this can be done under the Penn+Box legal agreement that provides significantly better protection for your data. Specifically, Box has stronger commitments to keeping data confidential and the service up and running than many commercial competitors, such as DropBox and Google Drive.   
The Penn+Box service also has a variety of configuration options that should be considered and applied to provide the appropriate level of protection to the data you are working with and to make the service most useful.

  • Getting Started.  To get started on Penn+Box, we recommend signing up with your Penn Key and password through http://upenn.box.com and then installing Box Edit and Box Sync.
  • Add a Co-Owner.  For each folder you create on Penn+Box for projects involving collaboration, make sure to have one co-owner. This will help on any business continuity issues that may arise.
  • Adding Collaborators – Pick Appropriate Privileges. The default setting for your folders is “private.”  Folders (and the documents in them) only become available to others when you invite people as “collaborators.”  When adding collaborators, make sure to determine what level of access or “privilege” they should have regarding documents. This consideration should take into account the data and particularly how confidential it is, who the collaborators are, what role they have in the collaboration, and whether they use secure devices. There are several configuration options that are described on Box.  Here are two important ones to consider:
    • For individuals who are trusted, who need to work with the documents, and whose devices are known to be secure, grant the privilege titled “Co-Owner” or “Editor.”
    • For individuals whom you want to provide access to documents for viewing and commenting – but not for editing and not for downloading to their devices (the data may be confidential and the devices may not be secure) select “Previewer  Uploader.”  
  • Access from Mobile Devices. If you are regularly accessing your Box files from a mobile device, make sure your device is “managed” or apply equivalent security settings (e.g., auto-lock, auto-wipe, etc.). 
  • Box Sync –Ensure your Devices are Appropriately Secure. Box Sync allows you to sync your Box folders to folders on your hard drive of the machine you are working on.  This may have great utility for many people. Bear in mind, however, that confidential data can only be housed on devices that are secure. Talk to your Local Support Provider (LSP) to determine if it is appropriate to use Box Sync based on the security settings of your device (e.g., hard drive encryption, firewalls, anti-virus, strong password, etc.). 
  •  Not all Data can be Housed on Box. 
    • In spite of strong contractual protections and good smart configurations, there is still some data that simply should not be housed on Box due to regulatory constraints. For detailed information visit "Use of Penn + Box and Amazon Web Services."
  • If you have questions regarding the safe use of Box, contact box-help@isc.upenn.edu.

Share:

  • Facebook
  • Twitter
Print
InfoSec Home
Resources
  • Penn+Box
  • Penn+Box Login
  • Penn Office of Audit, Compliance & Privacy
  • ISC Client Care
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2021 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff