Will Companies Embrace Box’s Enterprise Key Management Service?

By on

bxby Angela Guess

Francesca Sales of Search CIO reports, “Box thinks it might have just the thing to put your cloud security worries to bed. This week, the cloud storage and file sharing company, based in Los Altos, Calif., announced a new service, called Enterprise Key Management (EKM), which would give companies more control of the encryption of their own data using a public key program.How it works, according to SearchSecurity: EKM runs on a SafeNet hardware security module (HSM) that is placed inside an enterprise’s own AWS instance, called CloudHSM, so users can manage their own encryption keys in their data center. Before Box can encrypt or decrypt any file, it needs to request permission directly from the customer using open APIs on its HSM; the module then logs the request in an unchangeable audit log for the user’s own compliance purposes.”

Sales goes on, “This gives customers control of when Box can access their data and prevents the vendor from being able to send that data to a third party without the customer’s knowledge. This is very layered security, the strictness of which might make some wonder how EKM affects Box’s built-in functionality and user experience. And indeed, one way Box and other cloud vendors had already been doing encryption — going through a third party — does sometimes break these capabilities. ‘You would go to a third party, who would encrypt the data before it got up into Box. But that would break all of Box’s innate, built-in functionality, because it couldn’t see the data — the data was just a blob,’ Tyler Shields, a senior analyst at Forrester, told me. The other extreme, however — giving Box access to and control of your encryption keys — is not that much more appealing. ‘You essentially had to trust [Box] not to do anything bad,’ he said.”

Read more here.

photo credit: Box

We use technologies such as cookies to understand how you use our site and to provide a better user experience. This includes personalizing content, using analytics and improving site operations. We may share your information about your use of our site with third parties in accordance with our Privacy Policy. You can change your cookie settings as described here at any time, but parts of our site may not function correctly without them. By continuing to use our site, you agree that we can save cookies on your device, unless you have disabled cookies.
I Accept