File sharing and collaboration have become integral part of enterprise end-users’ daily workflows. They need to share files selectively and securely within the organization with colleagues as well as with the outside world. Also, in today’s world of mobility, everyone wants to stay productive all the time and hence the need of accessing corporate data from any device (both company-managed and employee-owned) and from anywhere (within and beyond the corporate network) has become priority for businesses.
With this change in business requirement, Enterprise IT is facing multifold challenges to mitigate security and data loss challenges. In this whitepaper, we are comparing Box and Vaultize through comparison points mainly from an enterprise IT perspective.
The first and biggest advantage of Vaultize is the information-centric holistic platform approach towards security, control and visibility through built-in digital rights management (DRM), data loss prevention (DLP), endpoint data protection (backup/restore) and mobile content management (MCM) capabilities. This means, irrespective of how the corporate content is being accessed, used (for example, edit and annotate) or shared by the end-users and irrespective of the device being used, everything complies with the IT defined policies, ensuring corporate compliance – even when the content goes beyond the corporate boundaries and to the devices beyond IT control. This is the first and foremost reason why businesses trust Vaultize.
In this context, Box significantly lacks the kind of end-to-end security required for large enterprises and businesses in highly regulated and security-conscious verticals like Banks, Financial Services and Insurance (BFSI).
Vaultize provides industry’s widest set of deployment options - public-cloud (hosted on AWS and MSP data centers), purpose-built appliance series and private-cloud/on-premise. Box offers only public cloud solution. Regulated and security-conscious verticals will never move their data to public cloud.
Secondly, there are geographies, like Europe, where data residency (data soverignity) regulations mandate the corporate data to be kept within the jurisdtiaction, or if stored in any cloud beyond the jurisdiction it needs to be encrypted and keys should be in the control. Hence Box is not the choice unless some encryption gateways are used in conjunction.
For such grographies Vaultize's private cloud or on-premise options are viable. Vaultize is also available through public clouds of local partner MSPs. And, even in its public cloud offering hosted on AWS, Vaultize provides Data Privacy Option (DPO) to allow customers complete control over the encryption keys. While Box's key management which gives control to customer is not enought for complete security.
Through US patented Vault KNOX technology, Vaultize performs military-grade AES 256-bit encryption together with content-aware smart de-duplication at source (that is, on the end-user device itself) before transmitting the data - without solely relying on SSL (because SSL is prone to attacks). This effectively builds a secure (VPN-like) tunnel and provides source-to-destination and cradle-to-grave security. As a result, VPN, which leads to poor and frustrating end-user experience, is not required for access, sharing and mobility – even in the deployments that are on-premise and private within the data center.
Box relies solely on SSL (and so, needs additional tunneling) for encrypting the communication channel to secure data from source to server to destination.
Businesses have made huge investment in Enterprise Content Management (ECM), storage, Data Loss Prevention (DLP) solutions and other infrastructure. Vaultize helps customers leverage their existing investment. It allows end-users to access the content on existing ECM and provide the capability to share and collaborate – and hence complementing the existing infrastructure. Box on the other hand duplicates the data on ECM to its own cloud in order to facilitate access and sharing through its platform.
Access Controls and Tracking
Vaultize provides corporate IT complete control on the access to corporate content at the level of a user, data source and the type of data. With Vaultize Digital Rights Management (DRM), the access rights travel along with the data ensuring that corporate IT has full control and tracking on access and use (like edit, copy/paste, print etc.) of data even when it goes to third parties. Additionally, IT can create a security fence around corporate data such that it is accessible or usable only from certain IPs and/or geographical locations.
Box provides no such controls, rights management or tracking – and even does not integrate with any third-party DRM solutions. This is a significant disadvantage for regulated and security-conscious organizations.
Both Box and Vaultize provide IT with standard controls over sharing. Vaultize gives additional controls in terms of with whom the documents can be shared (like IP ranges, domains, geographical locations) and also provides ability to enforce information rights even after the files are downloaded by third-party (DRM aka IRM).
Both Box and Vaultize provide Plugin for Microsoft Outlook to replace email attachments with secure links - freeing up email storage (both in PST/mailbox and email server) and saving network bandwidth. All shared files are securely stored only once on Vaultize server/cloud and a link is automatically inserted in the email. Corporate IT can also set policies for auto-conversion of attachments to secure links.
With Vaultize, additional DRM controls are available, which ensure that access to attachment can be controlled even after the email is delivered.
Data Loss Prevention and Data Protection
Vaultize provides endpoint DLP capabilities (encryption and remote wiping) for both mobile devices and PCs (laptops and desktops), while Box does it only for mobile devices. Vaultize encrypts files and folders on Windows laptops/desktops to protect data from unauthorized access and, ability to remotely wipe in case the device is compromised, lost or stolen. The remote wiping also works automatically based on IP and geographical location.
Vaultize provides IT to define data protection policies to regularly backup not only simple files but also open and large-size files like Outlook PST. That means wherever the corporate contents are, they are fully protected, irrespective of whether they are being accessed and shared.
Box provides versioning only for shared files and does not support open files.
Vaultize performs content-aware smart de-duplication across all the users and devices in the organization. This significantly reduces the network traffic as well as the storage requirement at the server. Global de-duplication plays an important role in making data transfer efficient when the end-user is roaming beyond corporate perimeter on a low bandwidth network. This, along with no-VPN, enormously improves end-user experience and hence the productivity.
Box has very limited de-duplication capabilities.
Integration with DLP
Integration of DRM with content-aware data classification is core to a successful IT implementation as it ensures that the information that requires highest security is locked down automatically, while information that does not need securing is not touched. Vaultize integrates with DLP solutions (offered by popular DLP vendors including Symantec, McAfee, Websense) through ICAP interface. While Box integrates with only a public cloud DLP service.
Overall, Vaultize is built on a holistic information-centric approach where corporate content is completely under IT control and visibility irrespective of where it is, who uses it and from which device. Rather than binding an end-user to a specific device, it provides anywhere, anytime and any-device access, use, sharing and control of data – enhancing user experience and productivity.
Download our free whitepaper – Don’t Get Fired For ￼￼￼Critical Data Leaks: 6 Essentials For 100% Secure Enterprise File Sharing. You can also try our virtual appliance (for free) at our Free Download page.