Box adds user-managed encryption keys to enterprise cloud
As much as government employees may want cloud-based collaboration systems to boost mobility and productivity, those services generally have not been not secure enough for government. But this week the collaboration software company Box announced a solution tailored for security conscious sectors such as finance and government.
The Box Enterprise Key Management (EKM) is cloud-enabled content management and collaboration system that gives enterprises full control over their encryption keys, while still preserving the Box user experience, the company said in its announcement.
Working with Amazon Web Services and Gemalto, Box provides a protected key infrastructure via a dedicated AWS CloudHSM appliance in the cloud and uses Gemalto’s tamper-resistant SafeNet Hardware Security Modules (HSM) for key encryption and protection.
Customers retain full control of their keys and cryptographic operations on the HSM, while Amazon manages and maintains the hardware. Neither Box nor Amazon has access to the keys, Box said.
Current Box customers, including Toyota Motor Sales, USA Inc. and the World Bank Group, are using an early version of Box EKM, the company said.
According to the Box blog, major features include:
- Exclusive key control: Box can’t see, read or copy the customer’s key.
- Unchangeable audit logs: Customers maintain exclusive control over the logs of key usage.
- Traditional cloud benefits: Simple access across devices, frictionless sharing, file preview and antivirus scanning.
- No decrypted files or keys on disk: All encryption/decryption in memory only.
- Reliable and protected key infrastructure: Protected by SafeNet Hardware Security Modules.
- Data access transparency.
"In a growing number of scenarios, such as bring your own device (BYOD) and cloud use cases, the only hope for reducing misuse of sensitive data is through reliable and efficient encryption mechanisms," said Jay Heiser, research VP, Gartner.
Because of Box EKM’s specialized infrastructure and operational requirements, the solution (still in beta) is priced as a separate capability from Box’s core products and will be generally available in spring 2015.
Connect with the GCN staff on Twitter @GCNtech.