Would some organizations prefer having control over the security of their cloud-based storage? Storage provider Box is betting they would. A new initiative from the company is aimed at enterprises that are interested in cloud file storage and sharing but, for regulatory and other reasons, see security concerns as greater than the potential benefits.
Less than a month after its initial public offering, Box has released Enterprise Key Management (EKM), a new service still in beta that proposes to offer businesses exclusive control over their encryption keys. Box EKM targets security-conscious organizations with technology developed along with Amazon Web Services and digital security company Gemalto. A wide release of the new service is expected this spring, with pricing on a per-user basis.
Box EKM’s target user exists in a highly regulated industry such as finance, government, legal or health care, as well as areas of the world with stricter security laws, such as Germany. Box EKM is designed to help enterprises enjoy the convenience of cloud computing while still maintaining control over encryption, according to Box.
While many large companies have used Box and similar services for cheap storage and to transfer files among workers and partners worldwide, others have been slower to get on board because they’re unable to prevent access by agencies or others armed with court orders or other legal methods.
We reached out to Ken Madison, senior director of Product Marketing and Management at Centri Technology, a mobile data optimization company in Seattle, who told us data security will likely continue to be an obstacle to the adoption of cloud computing.
"It’s been the primary concern of cloud subscribers from the beginning," said Madison. "Especially organizations in financial and health care industries with strict security needs welcome any strides toward securing their data whether in transit or at rest in the cloud."
In the wake of those concerns, many companies have been looking to encrypt more and increase control over their data. However, most Web-based storage services do not allow users to easily control encryption. Box promises that EKM can provide that assurance.
All content stored on Box is already encrypted. What’s new is that Box EKM externalizes the management of the associated encryption keys. When a customer uploads a file, it’s encrypted with a unique key for that file, as opposed to the standard set up by which a file-specific key is encrypted by an internal key-management system. With the new capability, though, the customer gets control over that key and the auditing of it.
The primary infrastructure of the new service is provided by a dedicated AWS CloudHSM appliance that uses Gemalto’s SafeNet Hardware Security Modules for key encryption and protection. With that system, customers keep full control of their keys and cryptographic operations while Amazon manages and maintains the hardware.
Box EKM not only separates encrypted data and the keys used to manage it, but it also creates an audit log for the customer’s review. According to the company, the security controls are designed to be transparent to users while giving customer IT and audit teams full visibility. However, neither Box nor Amazon has access to the keys. Toyota Motor Sales and World Bank Group are among the organizations testing the new capability.
"Box’s EKM and other solutions that allow enterprises to have control over the encryption keys adds a level of confidence for using cloud services," said Madison.