Box adds enterprise key management to overcome last hurdle to the cloud

Box today unveiled the beta of Box Enterprise Key Management, a new security model that lets users securely stash encryption keys.

Hoping to leapfrog what it sees as the last hurdle to enterprise cloud adoption, cloud storage company Box has announced Box Enterprise Key Management (EKM), which is designed to allow customers to keep control over their encryption keys (and thus, the data stored in the public cloud) without sacrificing easy user experience.

This, Box said, is a major point of concern for many larger customers with strict information security needs; banks, medical centers and even movie studios need to keep an audit log and a repository of encryption keys to meet regulatory standards or just for their own internal best practices to prevent breach.

The conventional wisdom has been that you need an on-premises solution to get the benefit of that security model. The result? Siloed information-sharing solutions kludged together by IT with ease-of-use at the bottom of the priority list -- not so good compared to dedicated cloud vendors like Box and Dropbox, which are comparatively elegant, increasingly enterprise-friendly and accessible across devices.

"Many [customers] have recognized they want to use the cloud, but they want to maintain control over their most sensitive content," said Box's vice president of enterprise product, Rand Wacker.

The way EKM works is straightforward, per Box's announcement: When you store a file in Box's cloud, it's encrypted with a key, and a dedicated hardware appliance in the Amazon Web Services (AWS) cloud takes that  key and encrypts it again and stores it in a tamper-resistant hardware appliance that only the customer has access to, complete with unchangeable access log. When you need the file, Box queries the appliance for the key, the log gets updated, the file gets opened, and the end-user has no idea anything happened at all.

If someone broke into a Box EKM customer's account, they'd have a lot of useless files that they couldn't access without the keys. And the keys they'd need are on that hardware appliance hosted in AWS, which is manufactured by Gemalto and hardened against breach; it's tamper-resistant to the point of wiping itself clean if some bold criminal even tried to get in and remove it from a data center rack. Box is boasting that the Gemalto SafeNet Hardware Security Module (HSM) is up to Department of Defense standards, widely used by government agencies and contractors the world over.

Any would-be attacker would have two high fortress walls to overcome. "That really is the last barrier to cloud adoption," Wacker said.

If the customer is big enough to have a SafeNet HSM on-site already, Box said it'll integrate with that as backup, too. Box noted that AWS is only the first cloud-hosting provider it's worked with, and more options should be coming to the Box EKM sooner rather than later.

If that sounds complicated, think of it like the ending to Ghostbusters: Box is the Gatekeeper, the Amazon-hosted appliance is the Keymaster, and when they get together, they release Gozer the Gozerian -- or your company's latest sales deck, as the case may be.

Box EKM is available in beta now and in general availability sometime this Spring.

Join the CSO newsletter!

Error: Please check your email address.

Tags Amazon Web Servicesonline safetydropboxsecuritymobile securitycloud securityBox

More about Amazon Web ServicesAWSDropboxGemaltoRandSafeNet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Weinberger

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts