Introducing Box KeySafe

Now any customer can manage their encryption keys through one of our offerings

For years, Box has been focused on delivering the most comprehensive portfolio of security solutions for businesses that want to securely manage their content in the cloud without impacting the end-user experience. With comprehensive data protection, reporting and audit policies, compliance certifications, and a partner network that includes many of the most trusted security vendors in the market, we’re committed to delivering the best solutions that allow our customers to securely collaborate and stay connected to their business content from anywhere.

And today, we’re expanding these security offerings with the introduction of Box KeySafe. Box KeySafe is our new service of customer-managed encryption key solutions, providing organizations with independent control over their encryption keys without sacrificing the ease of use and powerful collaboration features of Box.

Last year, we introduced Box Enterprise Key Management (EKM) which enabled companies in highly regulated industries and locations to control their own encryption keys for the data they store in Box, while still leveraging Box's best-in-class content management and collaboration capabilities. This was a huge step in removing the barrier for many of our most security conscious customers to finally go all-in with the cloud. The initial Box EKM technology required customers to setup a dedicated hardware appliance for the storage and management of their unique encryption; while this helped meet the requirements of the world's largest businesses, we wanted to make the technology more accessible to businesses of all sizes. The result of that development is Box KeySafe, a new service that supports both hardware and software approaches for customer managed encryption keys.

EKM Graph depicting the encryption flow overview. Now any customer can manage their own encryption keys

Working closely with Amazon Web Services (AWS), Box KeySafe is available to customers in two offerings - Box KeySafe with AWS CloudHSM and Box KeySafe with AWS Key Management Service. Box KeySafe with AWS CloudHSM is our original Box EKM offering which leverages a dedicated hardware security module (HSM) to store and protect a customer’s encryption keys.

Box KeySafe with AWS Key Management Service ensures that customers can control their encryption keys through a simple, software-based technology that doesn't require the cost or complexity of managing a dedicated HSM. Box KeySafe with AWS Key Management Service can be configured in under 30 minutes and requires very little on-going maintenance.

Box KeySafe supports our customers with independent key control, unchangeable usage policies and audit logs while delivering a frictionless end-user experience. Box KeySafe also extends this added layer of security and control to the third-party applications that Box integrates with such as Salesforce, Slack, Microsoft Office 365 and the 1000s of other services that businesses use most.

Box is the content layer at the center of your IT stack

We’re thrilled to get this in the hands of our customers, providing them with an affordable, easy to manage solution that’s designed to meet the highest levels of security and regulatory compliance.

For more information, please visit, or email the Box team at [email protected].

Free 14-day trial.
No risk.

Box free trial includes native e‑signatures, let's you securely manage, share and access your content from anywhere.

Try for free