Security questions stemming from Edward Snowden’s NSA revelations are continuing to concern IT leaders, who are now looking at just how much control they have over data housed in public cloud solutions. This is causing them to look more seriously at private cloud solutions for mobile file sharing, which were built for enterprises looking to have control over their sensitive business data.
With this in mind, we decided to compare our private cloud solution with Box’s public cloud solution, so IT leaders had a clear view of the differences. To really understand what Box is offering, it’s necessary to read more than feature checklists and press releases. For example, Box’s LDAP integration turns out not to support multiple-LDAP instances, and its so-called support for Enterprise Content Management requires enterprises to duplicate any ECM content they want to make available to mobile users.
Here’s a quick summary of five key differences between Accellion and Box:
- Architecture. Surveys (for example, this one by ESG and this one by Research Now) show that enterprises strongly prefer private-cloud or hybrid-cloud solutions for storing and sharing confidential files. Accellion supports private clouds and hybrid clouds. Box offers only a public cloud solution. Public clouds deprive enterprises of full control over their data. For example, Box controls the encryption keys used to store enterprise data on its servers.
- Integration with Enterprise Content Management (ECM) Platforms. Box requires enterprises to duplicate ECM content on the Box platform in order to access ECM connect through the Box service. Accellion enables mobile workers to access ECM content securely from mobile devices without investing in duplicated storage.
- Secure Mobile Editing. Accellion enables mobile users to edit files in a secure environment. Box requires users to edit files in third-party editors, potentially exposing files to malware and unauthorized distribution.
- Enterprise Integrations. Accellion provides integration with existing enterprise infrastructure, including anti-virus (AV) services, Data Loss Prevention (DLP) services, LDAP, multi-LDAP, and in-house applications. Box supports more limited integrations. For example, Accellion integrates with any standards-based DLP solution, but Box only integrates with one DLP solution, who happens to be another cloud vendor.
- Compliance. Accellion supports compliance with SOX, GLBA, HIPAA, and FDA requirements, and has received FIPS 140-2 certification required for use by U.S. federal government agencies. Accellion also complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland (the “Safe Harbor Frameworks”). Accellion also meets the data sovereignty standards of European nations who mandate what region data must be stored in based on a files content or user access. Box has achieved compliance with HIPAA and HITECH obligations and is willing to sign HIPAA Business Associate Agreements (BAAs). The company has been issued an SSAE 16 Type II report and is Safe Harbor-certified. Box has not received FIPS 140-2 certification. Being a public cloud service hosted in the U.S., it cannot comply with data sovereignty and location regulations in the E.U. and in other regions outside the U.S.
Enterprises choosing Box end up with less-than-complete control and security, while assuming the operational overhead and added expense of duplicating files and undermining their strict ECM security policies. In contrast, the Accellion private-cloud solution answers the enterprise market’s need for mobile, scalable, flexible file sharing. Accellion preserves and extends existing security policies and infrastructure, rather than subverting or duplicating them.
To learn more about the differences between these two solutions, download our new white paper, Accellion vs. Box: 5 Key Reasons Enterprise IT Selects Accellion.