Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Box Gives Encryption Keys to Clients
Box Gives Cloud Encryption Keys to Customers
Box Gives Cloud Encryption Keys to Customers
By Dan Heilman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Would some organizations prefer having control over the security of their cloud-based storage? Storage provider Box is betting they would. A new initiative from the company is aimed at enterprises that are interested in cloud file storage and sharing but, for regulatory and other reasons, see security concerns as greater than the potential benefits.

Less than a month after its initial public offering, Box has released Enterprise Key Management (EKM), a new service still in beta that proposes to offer businesses exclusive control over their encryption keys. Box EKM targets security-conscious organizations with technology developed along with Amazon Web Services and digital security company Gemalto. A wide release of the new service is expected this spring, with pricing on a per-user basis.

Stricter Security

Box EKM’s target user exists in a highly regulated industry such as finance, government, legal or health care, as well as areas of the world with stricter security laws, such as Germany. Box EKM is designed to help enterprises enjoy the convenience of cloud computing while still maintaining control over encryption, according to Box.

While many large companies have used Box and similar services for cheap storage and to transfer files among workers and partners worldwide, others have been slower to get on board because they’re unable to prevent access by agencies or others armed with court orders or other legal methods.

We reached out to Ken Madison, senior director of Product Marketing and Management at Centri Technology, a mobile data optimization company in Seattle, who told us data security will likely continue to be an obstacle to the adoption of cloud computing.

"It’s been the primary concern of cloud subscribers from the beginning," said Madison. "Especially organizations in financial and health care industries with strict security needs welcome any strides toward securing their data whether in transit or at rest in the cloud."

In the wake of those concerns, many companies have been looking to encrypt more and increase control over their data. However, most Web-based storage services do not allow users to easily control encryption. Box promises that EKM can provide that assurance.

All content stored on Box is already encrypted. What’s new is that Box EKM externalizes the management of the associated encryption keys. When a customer uploads a file, it’s encrypted with a unique key for that file, as opposed to the standard set up by which a file-specific key is encrypted by an internal key-management system. With the new capability, though, the customer gets control over that key and the auditing of it.

Super Encryption

The primary infrastructure of the new service is provided by a dedicated AWS CloudHSM appliance that uses Gemalto’s SafeNet Hardware Security Modules for key encryption and protection. With that system, customers keep full control of their keys and cryptographic operations while Amazon manages and maintains the hardware.

Box EKM not only separates encrypted data and the keys used to manage it, but it also creates an audit log for the customer’s review. According to the company, the security controls are designed to be transparent to users while giving customer IT and audit teams full visibility. However, neither Box nor Amazon has access to the keys. Toyota Motor Sales and World Bank Group are among the organizations testing the new capability.

"Box’s EKM and other solutions that allow enterprises to have control over the encryption keys adds a level of confidence for using cloud services," said Madison.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.