Getting started with Box Classifications

image from packetlabs

Automated classification enables you to apply policy-based security classifications to your sensitive enterprise content.

You can configure classification policies to look for matches based on file type or file data, and specify a security classification for the content.

How does it work

A label is the visual cue applied to content indicating that it has been classified.

A policy is the scope of the classification, i.e. to which content it should be applied.

An event is what triggers the classification it self, the act of applying a label to your content.

Classification Label

You create these on your admin console under classification labels. You just need to define the name, description and a color to easily distinguish between labels.

Creating a classification label

Classification policies

They are created under the classification policies.

You start by identifying the policy it self:

Creating a classification policy

Next you define the criteria to identify the content for classification.

You can decide which folders have the content:

e.g. selecting a specific folder

You can also select content by file type:

e.g. selecting Microsoft word documents

Here is more information on file types.

Or by specific data types:

Next you need to decide which label previously created should be applied. You can only select one, and must decide on what happens when the content can have multiple classifications.

To learn more about classification policies take a look at this box support article.

Once the policy is created you can edit, delete, enable or disable it. Here is the summary screen for a policy:

Classification policy summary screen

Classification settings

On this extra tab, you can configure who has permission to manually change the classification of content and also turn on the Microsoft information protection integration. These settings are applied across the board, and are not policy, label or content specific.

To lean more about these, check out this box support article.

Classification events

Certain events trigger the classification, and it is on that moment that the content gets “stamped” with the label.

These include, upload, preview, update (edit), download, move or copy, invite people (collaborations), create a shared link, modify the scope of a shared link (such as changing the scope from People in the company to People with the link), mark content version current, and undelete content from trash.

Here is an example of content classified as internal only.

What if I need some really complex business logic for classifications?

Well, there is an API for that…

Start by looking at our Classification and Metadata guide, and explore the full Classifications API.

Summary

We’ve demonstrated how to create labels and policies, and we’ve seen how these labels get stamped on the content.

If you want to know more, here is the documentation on classifications. There is also a Classifications API

So far this is only a visual representation to alert your users.

Of course Box does have a mechanism to take the classified content and apply security controls based on the classification labels.

Check out the other articles on this Box Shield and Classification series:

• Box Shield Ethical Walls
• Box Shield Threat Detection
• Box Classifications (this article)
• Box Shield Smart Access
• Classification service using FastAPI and Python (stay tuned)

How can this be applied to your organization? Get started today with Box Classifications.