We are discovering more and more companies are using EFSS (or just FSS) solutions like Citrix FileShare, Box, OneDrive, Google Drive, and even Dropbox to share content. We have had a blanket deny policy for a long time so as to prevent using one of these services to store sensitive data with no ability to audit, but it is becoming clear that this is not feasible any longer.
Is there a guide anyone can point me to that allows more granular control of Box? I've seen one written for YouTube that describes how to allow access to individual videos, and I'm hoping to find something like that for Box.
You might be able to do something siilar with URL whitlisting policy with a general deny policy after that. Or if you are looking for just some vendors you could do application whitelisting.
However you would need the URL ahead of time otherwise the user would see a block page.
Hope that helps.
Usually I would just recommend that if the applications are sanctoned you whitelist the url for the companies account. Usually they would give you a specific name so for example Palo Alto's Box account would be https://paloaltonetworks.accounts.box.com which means you could continue to block box but specifically allow access to your companies specific account.
Now this practice kind of falls appart if they are using personal accounts to share information since you would have a management nightmare in getting everything to work for them. Generally speaking though a true enterprise account would give you an option like the sample listed above.
In addition to @BPry's recommendations (I know this more advertising than anything else), there is also PaloAlto Aperture (https://www.paloaltonetworks.com/products/secure-the-cloud/aperture) to control user access to SaaS services like box even when the users connect from outside your company network (requires box enterprise subscription)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!