X
Tech

Balancing innovation with security is a constant fight for Box's cyber head

After 20 years in cyber-facing roles, Box's CSO has told ZDNet his greatest challenge is still allowing for innovation without compromising security.
Written by Asha Barbaschow, Contributor

The biggest challenge facing Joel de la Garza, chief security officer for file sharing giant Box, is juggling the need to be secure with the need to allow for innovation.

Speaking with ZDNet in Sydney, the California-based CSO explained that as a security professional, it is always hard for him to say anything positive after spending 20 years exposed to the cybersecurity threat landscape. He said he learned pretty quickly that anything positive he might say is often completely turned over the next day.

However, he is sure that things are getting better, arguing that with cloud, a lot of security concerns are taken off the table thanks to standards and regulations raising the bar.

"The biggest challenge that I face on a daily basis has to do with how do you actually meet the requirements of highly regulated industries without completely destroying innovation in your company," he explained.

"It's really about finding a way to balance that need for security without completely killing innovation."

As a United States FedRAMP authorised company, de la Garza said Box is under constant review by the US Department of Defense to ensure the company is maintaining the highest level of security possible.

Prior to joining Box just over four years ago, de la Garza worked in the financial services sector for almost 15 years, most recently as the director of Cyber Intelligence and Threat Management at Citibank.

"I came from the empire of no," de la Garza said in jest. "I had the power in my previous job to shut things down. I could turn off a trillion dollar business if I had to because there was a risk of it being compromised. That's what the regulators wanted and that's how banks operate."

As a completely different environment, de la Garza said moving to Box challenged him to find a way to maintain the right amount of technical controls to support the business, but also allow the development team the ability to experiment.

"I like to think of it as I'm running one the world's largest bumper bowling games," he said. "I've got a bunch of people at the bowling alley and I want them to take as many shots at the pins as they can, but I don't want them to go into the gutters."

His job is then to build those guard rails and let the developers have at it.

About four years into Box's life, Dropbox owned the file sharing market especially in the consumer market. In response, Box decided to double down on developing an iPhone and iPad app, and zoned in to target the enterprise.

"Originally we started by being the Dropbox for the enterprise -- that was our go-to market -- then we started trying to take on Sharepoint," de la Garza explained.

"Fast-forward five years and now we're partnered with IBM, we're partnering with Google, Microsoft, and rather than trying to compete head-on with these folks, we've learned that it's actually about integration, it's about getting really tightly intertwined into the way that people work and just providing people with as many choices as possible."

de la Garza now spends a lot of his time working with Box's customers, which include predominately large enterprises that have quite stringent security requirements.

"If you think of the GE's, the IBMs of the world ... we spend a lot of time hand holding those folks and walking them through what we're seeing, what our environment is like, the capabilities we offer, and making sure they don't have any problems with the use of our tools," he explained.

In delivering the company's fourth quarter results earlier this month, Box CEO and co-founder Aaron Levie said that Box is "raising the bar in cloud content management".

Box now has more than 71,000 paying customers, and in Q4, the company secured 64 deals worth more than $100,000, as well as a record 16 deals over $500,000.

"We've consistently delivered innovative new products, set the standard for security and compliance, and helped customers in every industry move to the cloud with confidence," Levie said. "We are driving towards a $1 billion long-term revenue target, and this year we plan to invest for scale while continuing to drive operating leverage."

For the full fiscal year 2017, Box's revenue came to $398.6 million, an increase of 32 percent from fiscal year 2016.

Editorial standards