Box’s EKM Will Give Data Encryption Keys To Customers
Customers and companies have become security conscious alike. Take the example of Box whose basic business has been relying on collaborative sharing of data, is now going to launch a new service which will give absolute control to its customers over data storage and access – customers will be allowed to manage their own encryption keys.
The new product called Enterprise Key Management (EKM) is launched after the team effort by Box, Amazon Web Service and Gemalto.
The service will allow users to keep the encryption keys inside their own data centers and in a dedicated AWS CloudHSM combined with Gemalto’s SafeNet Hardware Security Module (HSM). Box and Amazon will have no access to the keys, and so to the users have exclusive control over their data.
This means that Box can not compensate even to the state agencies if they need access to any user’s data. On the question of the possible curtailment for government or even to comply with court orders, a company spokesperson replied to Ars Technica:
“Unless the customer provides authorization to Box to provide the content that’s asked for, Box is prevented from sharing the content. When customers use Box EKM we are not able to provide decrypted content because we don’t have the encryption keys protecting the customer’s content.”
The Beta EKM which is likely to make it hard for Box to hide government requests, is currently being used by about 10 companies. EKM will be available to general customers of Box in spring with additional charges.
Box says that through EKM, it is going to address concerns of those customers who are not willing to use cloud but need greater control over file encryption.
“…there are still some customers that can’t adopt the cloud, super regulated businesses in financial services, some very large energy companies, some major insurance companies, obviously government agencies and departments,” Box cofounder and CEO Aaron Levie told Ars.