Box and AWS Team Up for Enterprise Cloud Security Box Inc. announced that it has been working closely with Amazon Web Services Inc. (AWS), to create a new encryption tool that gives enterprises client-level control of their cloud security. Box Enterprise Key Management (EKM), provides firms single-tenant access to their encryption keys, audit logs, and other data. The patent-pending solution, which was also developed in collaboration with Gemalto NV is designed to take encryption control from third parties and put it directly in the hands customers. “Box, in close collaboration, with AWS, Gemalto, provides an reliable and protected key infrastructure via an AWS CloudHSM appliance within the cloud and leverages Gemalto’s state-of the-art, tamper resistant SafeNet Hardware Security Modules for key encryption and security protection,” the company stated in a statement. Customers retain full control over their keys and cryptographic operations via the HSM. Amazon manages and maintains hardware. Amazon has no access to keys. This advanced encryption feature set allows Box to retain the core functionality of its core service while still allowing for all of the features. According to the company, the standard customer-managed encryption schemes do not work in the cloud, which hinders mobility, usability, and simplicity. These are hallmarks of cloud-based services, which it stated are vital for companies to be productive. Aaron Levie, a company executive, stated in a blog post that “some enterprises, often in sectors or regions where government regulations can be most strict (like energy or financial services), have not been in able to migrate to the cloud as effortlessly.” This has led large businesses to remain with on-premises systems for managing their critical content and information. It reduces mobility and facilitates collaboration and keeps enterprise IT architectures stuck in time. Box stated that it will work with customers who choose to use the new service, which is currently in beta preview. This includes setting up SafeNet (acquired from Gemalto) hardware security module (HSMs), which are devices dedicated to protecting digital keys and providing cryptographic processing. These HSMs will be stored by AWS as well as on-premises backup. Enterprises will have full access to the HSMs and they will be connected via a dedicated, secure connection to Box. Levie outlined the following additional features for the new solution:

  • Exclusive key control – Box cannot see the customer’s keys or read or copy them.
  • Unchangeable audit logs – Customers retain exclusive control over key usage logs.
  • It preserves cloud benefits – It allows for easy access across devices, frictionless sharing and file preview.
  • There are no keys or files that can be decrypted. All encryption and decryption takes place in memory.

  • Transparency in data access – Customers have more control over their data, and greater transparency into how keys protecting their data are used.

Box stated that the EDM solution will be made available this spring and will be priced separately from the company’s core products. These products are centered on a software platform that facilitates content collaboration.

Box and AWS Team Up for Enterprise Cloud Security Box Inc. announced that it has been working closely with Amazon Web Services Inc. (AWS), to create a new encryption tool that gives enterprises client-level control of their cloud security. Box Enterprise Key Management (EKM), provides firms single-tenant access to their encryption keys, audit logs, and other data. The patent-pending solution, which was also developed in collaboration with Gemalto NV is designed to take encryption control from third parties and put it directly in the hands customers. “Box, in close collaboration, with AWS, Gemalto, provides an reliable and protected key infrastructure via an AWS CloudHSM appliance within the cloud and leverages Gemalto’s state-of the-art, tamper resistant SafeNet Hardware Security Modules for key encryption and security protection,” the company stated in a statement. Customers retain full control over their keys and cryptographic operations via the HSM. Amazon manages and maintains hardware. Amazon has no access to keys. This advanced encryption feature set allows Box to retain the core functionality of its core service while still allowing for all of the features. According to the company, the standard customer-managed encryption schemes do not work in the cloud, which hinders mobility, usability, and simplicity. These are hallmarks of cloud-based services, which it stated are vital for companies to be productive. Aaron Levie, a company executive, stated in a blog post that “some enterprises, often in sectors or regions where government regulations can be most strict (like energy or financial services), have not been in able to migrate to the cloud as effortlessly.” This has led large businesses to remain with on-premises systems for managing their critical content and information. It reduces mobility and facilitates collaboration and keeps enterprise IT architectures stuck in time. Box stated that it will work with customers who choose to use the new service, which is currently in beta preview. This includes setting up SafeNet (acquired from Gemalto) hardware security module (HSMs), which are devices dedicated to protecting digital keys and providing cryptographic processing. These HSMs will be stored by AWS as well as on-premises backup. Enterprises will have full access to the HSMs and they will be connected via a dedicated, secure connection to Box. Levie outlined the following additional features for the new solution:
Scroll to top