How to setup Box Shield Ethical Walls
For all the Box Admins out there, here is a walk-through on how to set up ethical walls on the box platform. I recommend you spin up a sandbox and try it to evaluate if and how this feature can help your organization.
What are ethical walls?
An ethical wall is an information barrier within an organization to prevent exchanges or communication that could lead to conflicts of interest and therefore result in business activities ethically or legally questionable.
Typical use cases
Isolating a few static internal teams based on business units. A couple of examples:
- Financial Services: employed in investment banks, between the corporate-advisory area and the brokering department in order to separate those giving corporate advice on takeovers from those advising clients about buying shares.
- Insurance: used in property and casualty insurance, where both parties to a claim have insurance policies with the same insurer. The claim handling process needs to be segregated within the insurer’s organization to avoid a conflict of interest.
This is a blunt instrument and has been intentionally designed as so. Putting it simply, it looks at who owns the content and allows or blocks access of other users, to enforce the policy.
How it works
Ethical walls set up is simple and only work with 3 concepts.
A segment, which has a name and is a way to aggregate users (not a group since group does have a very specific meaning in Box).
A permission, representing a relationship between segments. These are simply can access or cannot access flags. However these are single direction, meaning you can configure segment A to have access to segment B and also, block access from segment B to segment A.
The managed users that you can associate to a segment. A user can only belong to a single segment.
Once enabled, every preview, share, edit, delete, collaboration, shared link (except public), upload, item names in folders, and search will be affected by the enforcement of the ethical wall.
Setting it up
To get started go to your admin console and select shield and the ethical wall tab.
Information barriers are enabled on a per-organization basis. If you would like to use an information barrier, contact your Box support representative.
Go ahead and click the create button.
Next, let’s add a few segments.
Next we define the Segment Permissions.
In the example above, the rules say Investment Banking and Wealth Management have an ethical wall. Anything owned by users in these segments, cannot be accessed by users in the other.
However there are no constraints between Wholesale Banking and either of the other segments in any direction.
Go ahead and click save.
Next in configuration is to add users.
You can add users via a .csv file, and the system will do a check to verify if they are valid users. Only managed users can be added and a user can only belong to a single segment.
Be aware that this does not support incremental additions with a new file, the file must contain all users for the segment, this is also the way to remove users. However the systems gives you the option to download the .csv of the current users of the segment.
After adding all user, click done.
You are now presented with a summary of the ethical wall you’ve just created.
Notice the draft status. Before the system starts to enforce this wall, it must verify if all sharing, collaborations, etc, are compliant with it. For that we must run the collaboration report.
Depending on the amount of content and size of company this may take a while (2 to 3 hours). It is imperative you take a good look at the report since any non-compliance to the ethical wall will simply be removed.
The last step is to enable the wall.
And you’re done!
Ethical Wall in action
Here is a simple example of what happens when I try to invite a user to collaborate on a document and it violates the ethical wall rules.
In the example a note created by an Investment Banking segment user can not be shared with anyone associated with the Wealth Management segment users, as per the ethical wall rules.
What would you be able to do with ethical walls at your organization?
For more information head to our ethical walls Box support articles.
Check out the other articles on this Box Shield and Classification series:
- Box Shield Ethical Walls (this article)
- Box Shield Threat Detection
- Box Classifications
- Box Shield Smart Access
- Classification service using FastAPI and Python (stay tuned)
