Box is extending two-factor authentication (2FA) to external users, acknowledging the need for corporate and government customers of the cloud-based enterprise content management platform to provide secure access for external collaborators.

In a recent survey, nearly 2/3rd of executives stated that the external workforce is critical to company performance.

2FA for external users is the latest addition to Box's built-in core security features.

Admins can choose to require 2FA across the entire extended enterprise or can include/exclude specific users and domains. Further, they can choose immediate enforcement of the 2FA requirement or allow for a gradual transition. 

The external collaborator experience is ntroduced with guided setup embedded into the collaboration flow for existing users and into the signup flow for new users. For instance, an enterprise may choose to enforce 2FA for all their independent contractors with personal email domains (gmail, hotmail etc.) and set a 30-day transition period to avoid work disruption. Automated reminders from Box leading up to the deadline gives contractors sufficient notice to sign up for access.

Two-factor authentication is a key component of a new 'zero trust' information security model that is emerging as the line between employees and the external workforce blurs.

"In this new zero trust model, nothing is assumed to be trusted and access to resources is based more on who the user is than where the user is. A user (employee, contractor, partner etc.) could be accessing a corporate application hosted in the cloud with an unmanaged device from a Starbucks – at no point will either the user or the device traverse the corporate internal network or network security controls."  Said Garrett Bekker, Principal Security Analyst, 451 Research.

Enterprises can address such scenarios by enforcing strong two-factor authentication consistently across their internal and external users. Learn more here.