The content management company Box recently announced the arrival of four security and governance APIs. These APIs are aimed at helping companies handle legal, security, and compliance needs better. Three of these APIs: the Retention Policy API, the Legal Hold Policy API, and the Folder Metadata API, have already been released, although the Folder Metadata API is in beta. The fourth, the Watermarking API, is set to be released soon according to the Box developer website.
A large part of Box’s business model rests on effectively handling document storage and collaboration. However, companies working with sensitive data like social security numbers and the like may have to manage complex rules around data retention. Some pieces of data can only be stored for set periods of time before needing to be scrubbed, while others must exist for a minimum period of time which can last years for auditing purposes. Another issue, is properly tracking and making use of individual points of data based on desired filtering. While not strictly a security or compliance issue, metadata based filtering can help keep track of different compliance or security concerns that exist around each document. Box’s four APIs each provide different solutions to these various development problems:
- Retention Policy - The Retention Policy API helps businesses instill automated policies around data retention and permanent data deletion. You can create different retention policies for documents and have Box delete or manage them differently after set periods of time.
- Legal Hold Policy - The Legal Hold Policy API lets you attach different legal policies to pieces of data and create associated assignments based on these policies. It also lets you find all file versions held by a given policy.
- Folder Metadata - The Folder Metadata API lets you attach different pieces of metadata to files based on “metadata templates” you create. This lets you track documents by different metadata tags.
- Watermarking - The Watermarking API applies a transparent “watermark” on a file with a user’s email and last point of access to allow better tracking and management of sensitive information.
Properly storing and managing data that could potentially contain sensitive information can be a compliance nightmare, but when you add the need for peer to peer collaboration into the mix, properly managing all legal and compliance concerns can really be difficult. As a part of some of Box’s new APIs, it’s useful that you can keep track of the list of collaborators for a given document, this way you can foster beneficial company and potentially cross-functional collaboration while still making sure that all regulations you’re beholden to are being met. As Box CEO Aaron Levie said at the most recent BoxWorks in September, “The all new Box is where all your work comes together…There’s almost no product today that doesn’t get introduced without collaborators around the world.” These APIs provide one way forward for those who value both compliance and collaboration, but realize that they don’t always go hand in hand.