Box and Netskope DRM
Box and Netskope DRM
Classification labels allows you to create, modify, and delete security classification identifiers for content in your organization’s Box deployment. With classification labels, you can classify files based on their sensitivity and enforce access policies associated with that sensitivity level. Classification labels help you identify sensitive information and encourage smarter behavior when people handle that content.
Box allows you to create up to 25 different classification labels. Files and folders can be assigned only one classification label at a time. You can define which user roles are allowed to change classification labels on files and folders.
When users preview a file or folder that has a classification label applied, the label and description are shown in the right-hand sidebar, as in the following example:
The classification label appears here, under Details in the right-hand sidebar, and also next to the file’s name in Preview when users select or preview content. The definition, under the label in the right-hand sidebar, is where you can include information describing the classification in further detail.
Prerequisite:
Authorize Netskope App on Box Admin Console
As an admin/co-admin, you should authorize the Netskope app on Box so that Netskope can make API calls to Box. You can either use a Box admin or a co-admin account to grant access to API Data Protection.
- Log in to your Box account using the admin or co-admin user and click Admin Console.
- Navigate to Admin Console > Apps > Custom Apps Manager. Under Server Authentication Apps, click Add App. Under Client ID, enter the following API key:
6id7lc5mv8j4eultjlo9d45z88qmv5xk
– This is the Netskope JWT app.
Setup
Box labels will be supported for CASB API(Box) and not for Inline.
-
Go to Settings > Manage > Sensitivity Label Integration
-
Click Setup Instance > Box, enter the Instance Name, and click Grant Access.
-
Click … on the right-side of your newly setup instance and click View and Edit.
-
Order is a way for customers to configure and assign a priority to the classification labels. This is important as Box does not allow labels to be given a priority. 25 is the highest and 1 is the lowest.
The associated number in the Order field shall be used for policy evaluation when applying the labels as a Policy Action
This Order field is optional and if priority is not defined, then the alphabetical order will be followed for policy evaluation. No two labels can have the same Order.
For the CASB API, multiple policies can be triggered. If these have different policy actions, the priority determines which action will be applied. The highest Order will have the policy action applied.
Creating an API Data Protection Policy
Policy Creation
To create a policy:
-
Navigate to Policies -> API Data Protection -> Next-Gen -> New Policy.
-
For App Instances, select your Box instance.
-
Choose the label that should be applied
Classification Label Limits
The following table describes the limits in classification labels.
Item | Limit |
---|---|
Name | 40 characters |
Description | 300 characters |
# of classification labels | 25 |