Box KeySafe for AWS KMS Custom Key Store to simplify customer-owned encryption

Box KeySafe for AWS KMS Custom Key Store to simplify customer-owned encryption

At Box, we not only understand the importance of security when it comes to managing an organization’s most important content, but we have made it a priority to remain on the forefront of security technology that will empower organizations around the world to achieve their digital transformation goals. A few years back, we announced Box KeySafe, pioneering a way for our customers to own encryption keys to their content that is stored in Box without impacting user experience. To enable this, Box partnered with Amazon Web Services (AWS) for customers to use AWS Key Management Service (KMS).  

Available today, Box KeySafe will support AWS KMS Custom Key Store to provide the control and protection of a dedicated hardware device (HSM) without requiring customers to manage any hardware to secure their encryption keys. Box customers can use the new key management offering from AWS to store encryption keys in private dedicated CloudHSMs while using the KMS interface to generate and control access to the keys.

Previously, Box customers from highly regulated industries required dedicated hardware security modules (HSMs) to store encryption keys to meet their security and compliance requirements. However, this solution required customers to set up and manage multiple HSMs, including on-premise backup HSMs, resulting in greater capital and operational costs.

With the new offering, Box customers can now experience the benefits of a dedicated key store as well as a simplified way to manage their keys. The key benefits for our customers include:

  • No on-premise setup and hardware management, resulting in low setup and operational cost
  • Simplified key storage management with auto failover, on-demand scaling, and backups to S3
  • New KMS interface, simplifying access control and reducing on-boarding time with KeySafe
  • Dedicated FIPS 140-2 Level 3 certified hardware for key storage (single-tenant), meeting stringent compliance requirements

Today, KeySafe provides encryption key management for cloud content to many organizations across a variety of industries and sizes to meet their internal security, privacy, regulatory compliance, or customer requirements. These organizations range from large multinationals to smaller organizations like the security and compliance auditor Schellman, to everything in between. This launch marks another milestone for Box as we continue to provide our customers with best-in-class security that is accessible and easy to manage.

The new version of Box KeySafe is generally available today.

For more information, please visit www.box.com/keysafe, or download Box KeySafe datasheet.