Using Penn+Box is a great way to provide access to your documents from any device with a network connection and facilitate collaboration on projects and documents. All of this can be done under the Penn+Box legal agreement that provides significantly better protection for your data. Specifically, Box has stronger commitments to keeping data confidential and the service up and running than many commercial competitors, such as DropBox and Google Drive.
The Penn+Box service also has a variety of configuration options that should be considered and applied to provide the appropriate level of protection to the data you are working with and to make the service most useful.
- Getting Started. To get started on Penn+Box, we recommend signing up with your Penn Key and password through http://upenn.box.com and then installing Box Edit and Box Sync.
- Add a Co-Owner. For each folder you create on Penn+Box for projects involving collaboration, make sure to have one co-owner. This will help on any business continuity issues that may arise.
- Adding Collaborators – Pick Appropriate Privileges. The default setting for your folders is “private.” Folders (and the documents in them) only become available to others when you invite people as “collaborators.” When adding collaborators, make sure to determine what level of access or “privilege” they should have regarding documents. This consideration should take into account the data and particularly how confidential it is, who the collaborators are, what role they have in the collaboration, and whether they use secure devices. There are several configuration options that are described on Box. Here are two important ones to consider:
- For individuals who are trusted, who need to work with the documents, and whose devices are known to be secure, grant the privilege titled “Co-Owner” or “Editor.”
- For individuals whom you want to provide access to documents for viewing and commenting – but not for editing and not for downloading to their devices (the data may be confidential and the devices may not be secure) select “Previewer Uploader.”
- Access from Mobile Devices. If you are regularly accessing your Box files from a mobile device, make sure your device is “managed” or apply equivalent security settings (e.g., auto-lock, auto-wipe, etc.).
- Box Sync –Ensure your Devices are Appropriately Secure. Box Sync allows you to sync your Box folders to folders on your hard drive of the machine you are working on. This may have great utility for many people. Bear in mind, however, that confidential data can only be housed on devices that are secure. Talk to your Local Support Provider (LSP) to determine if it is appropriate to use Box Sync based on the security settings of your device (e.g., hard drive encryption, firewalls, anti-virus, strong password, etc.).
- Not all Data can be Housed on Box.
- In spite of strong contractual protections and good smart configurations, there is still some data that simply should not be housed on Box due to regulatory constraints. See the Data Sensitivity and Data Usage matrix for the Box service.
- If you have questions regarding the safe use of Box, contact box-help@isc.upenn.edu.