Box Data Protection Testing

August 5, 2019
Last week, Duke's Information Technology Security Office (ITSO) began working with one of our security vendors to test ways of detecting and preventing inadvertent sharing of sensitive Duke data via our Box platform. 

The plan was to begin with a small test group.  However we learned after the fact that when the tool connected, it began scanning more broadly.  Some users received unexpected “File download” alerts as a result of this.  As soon as OIT and ITSO learned about the unexpected behavior the tool was disconnected. 

We have checked with the vendor and validated that this automated process did not retain any copies of files that were scanned. ITSO is working with the vendor to address the configuration issue and has ceased future testing until this is fully understood.  We sincerely apologize for any confusion or concern this may have caused.  Our commitment remains to keep Duke’s environment as secure as possible while appropriately balancing with the importance for privacy and usability.

If you have any questions then please contact us by email security@duke.edu.