News

Box Teams Up With AWS for Enterprise Cloud Security

Box Inc. announced it has been working with Amazon Web Services Inc. (AWS) to develop a new encryption tool to give enterprises client-level control over their cloud security.

Box Enterprise Key Management (EKM) provide firms with single-tenant control over their encryption keys and audit logs, Box said. Also developed in conjunction with Gemalto NV, the patent-pending solution takes encryption control out of the hands of third parties and puts it directly in the hands of customers.

"Box, in close collaboration with AWS and Gemalto, provides a reliable and protected key infrastructure via a dedicated AWS CloudHSM appliance in the cloud, and leverages Gemalto's state-of-the-art, tamper-resistant SafeNet Hardware Security Modules (HSM) for key encryption and protection," the company said in a statement. "Customers retain full control of their keys and cryptographic operations on the HSM, while Amazon manages and maintains the hardware, with neither Box nor Amazon having access to the keys. This advanced encryption feature set is all available while preserving the hallmark functionality of Box's core service."

The company said the usual customer-managed encryption schemes don't work so well in the cloud, hindering mobility, usability and simplicity, trademarks of cloud-based services that it said are essential for companies to be productive.

"Some enterprises, often in industries or regions where government regulations are most strict (like financial services or energy), have not been able to move to the cloud as effortlessly," company exec Aaron Levie said in a blog post. "This has unfortunately led many large businesses to stay with on-premises systems to manage their critical content and information, reducing mobility and easy collaboration, and keeping enterprise IT architectures stuck in the past."

Box said it will work with customers electing to use the new service -- now in a beta preview -- to set up SafeNet (acquired by Gemalto) hardware security modules (HSMs), which are appliances dedicated to safeguarding digital keys and provide cryptographic processing. These will be housed by AWS and as an on-premises backup. Enterprises will have full control over the HSMs, which will be connected to Box via a dedicated, secure connection.

Levie listed the following additional features of the new solution:

  • Exclusive key control - Box can't see the customer's key or read or copy it.
  • Unchangeable audit logs - Customers maintain exclusive control over the logs of key usage.
  • Preserves cloud benefits - It provides simple access across devices, frictionless sharing, file preview, AV scanning and more.
  • No decrypted files or keys on disk - All encryption and decryption is done in memory only.
  • Data access transparency - Customers have greater control over their data and increased transparency into how the keys protecting the data are used.

The EDM solution will be available this spring, Box said, priced separately from the company's core products. Those products are centered around a software platform designed to help companies with content collaboration.

About the Author

David Ramel is the editor of Visual Studio Magazine.

Featured