Our company is looking for a centralized secure share solution. We've so far looked at Box and Egnyte.  We currently have OneDrive and want to see if we should expand on so that we could manage/monitor sensitive data.  We are at a crossroads.  Any insight?

What if you looks at OneDrive again plus adding security monitoring or other management with other tools rather than have docs in 2 places?

OneDrive will give you an easier integration with Purview for your DLP, sensitivity labels, and policy enforcement, which is hard to beat if your stack is already Microsoft. Egnyte is going to be stronger for device-aware access controls (think like blocking downloads based on IP, device trust, or user risk). 

Box Governance is strong for legal hold and audit logging, but OneDrive needs Purview Premium to match that, and then you're spending more. ing experiences.

Egnyte will give you an easier path on data separation between departments or business units. OneDrive makes that harder without spinning up new tenants.

OneDrive’s will be cheaper in the long run. Box and Egnyte might be able to reduce shadow IT because they are have better external sharing experiences - these will be stronger than SharePoint extneral for example).

I like both Box and Egnyte.  The problem you (and I) have is that neither of those vendors can tell you what constitutes "sensitive data".  

Look at what your current tools are and what would integrate with the products you are evaluating. That along with cost would help you decide.

I would recommend considering few things below in whether expanding OneDrive or adopting a different secure file-sharing solution like Box or Egnyte is the best path forward, we need to consider several factors:

• O365 License Level: We need to evaluate our current Microsoft 365 license (e.g., E3, E5, or Business Premium) and whether it provides the necessary security, compliance, and management capabilities. If an upgrade to E5 is feasible, it offers advanced security and compliance features that could enhance OneDrive’s capabilities.

• Compliance Requirements: Our decision must align with industry-specific regulations such as HIPAA, GDPR, CCPA, or NIST, ensuring that data governance and security requirements are met. Internal policies around data retention and protection will also play a key role.

• Use Cases: We must assess whether OneDrive meets our needs for secure internal and external file sharing, collaboration (Teams, SharePoint integration), and sensitive data monitoring. Additionally, version control, access tracking, and document lifecycle management must be considered.

• Reporting & Auditing Requirements: If extensive logging, real-time reporting, or integration with SIEM tools for compliance monitoring is required, we need to ensure OneDrive can deliver these capabilities—or if alternatives like Box or Egnyte offer stronger reporting features.

• Information Governance & Data Loss Prevention (DLP): Implementing policy-based access controls, automated classification, and DLP policies is essential to preventing unauthorized data sharing. Microsoft 365 offers built-in tools for this, but we need to determine if they fully meet our security and governance needs.

Ultimately, if OneDrive with enhanced Microsoft 365 features(Microsoft Purview) can address these considerations, it may be a cost-effective solution. However, if more advanced external collaboration, compliance automation, or data residency controls are required, exploring Box or Egnyte further may be necessary.