Cloud storage provider Box has finalised a solution that enables its customers exclusive control of its encryption keys, while maintaining ease-of-use, providing users complete control over who accesses the data.
Called the Box Enterprise Key Management - EKM - the solution comprises tamper-proof Gemalto SafeNet Hardware Security Modules (HSM) that are hosted by Amazon Web Services, and which handle protection of keys and their encryption.
Customers have full control of their encryption keys as well as the HSM cryptographic operations; neither Box nor AWS have access to the keys.
HSMs can also be deployed to customer data centres as a backup, with Box connecting to these securely. All transactions are logged with records sent directly to customers, Box said.
The company has been working on the solution for the past three years to provide a way for enterprises such as financial institutions that work in areas with strict government regulations to move away from on-premise encryption to option in the cloud.
Box EKM is currently in beta, and will be available later this year. At this stage, there is no indication as to the price for EKM.