Box wants customers to trust it with their most sensitive data. So the cloud-storage and -management company Tuesday said it will soon offer extra encryption that Box says will keep everyone out – even Box.
For an undisclosed fee, Box customers will manage the encryption keys used to scramble their data housed on Box servers. In theory, that means only the customer, or people authorized by the customer, will have access to the files.
The new offering checks three strategic boxes for Box.
- It could help win confidence among companies with highly sensitive information, in industries such as banking, specialized manufacturing or health care.
- It could make overseas customers more comfortable handing data to an American company. The Edward Snowden leaks showed international customers that the U.S. government uses court orders to obtain data on the users of Silicon Valley companies. In theory, the new services would prevent Box from handing over user content.
- It’s a new source of revenue for Box, which started trading shares publicly last month amid promises from Chief Executive Aaron Levie to boost revenue.
Files stored on Box are routinely encrypted. When a customer logs in, the password tells Box to decrypt the file with a special key for that file. Box keeps that key on its servers.
The new offering will add a second layer of encryption that requires a key stored elsewhere.
Box customers will rent space on encryption-key storage devices managed by Amazon Web Services. Made by SafeNet, the device is allegedly tamper-proof and logs all requests for the keys it holds. Amazon rents use of them to its customers.
Amazon and Box maintain they can’t access user data, because they have no access to the SafeNet device.
It’s unclear how much the service will cost. Box said the price will be based in part on the number of licenses a company buys. The customer also has to pay Amazon Web Services for the use of the encryption-key generator, which, on average, can cost $5,000 up front and more than $1,300 a month, according to Amazon’s website.
Personal edit: Now even tho i would applaud this whole hearty, i ask the question would US law not force the company to make the files available if law enforcement agencies request it, because due to the fact i have my own company and i am having lots of customer data on the servers, i know for a fact that if my server resides in the US i will have to give access no matter what. As the patriot act and some of these other laws state. So is this false advertisement?
For an undisclosed fee, Box customers will manage the encryption keys used to scramble their data housed on Box servers. In theory, that means only the customer, or people authorized by the customer, will have access to the files.
The new offering checks three strategic boxes for Box.
- It could help win confidence among companies with highly sensitive information, in industries such as banking, specialized manufacturing or health care.
- It could make overseas customers more comfortable handing data to an American company. The Edward Snowden leaks showed international customers that the U.S. government uses court orders to obtain data on the users of Silicon Valley companies. In theory, the new services would prevent Box from handing over user content.
- It’s a new source of revenue for Box, which started trading shares publicly last month amid promises from Chief Executive Aaron Levie to boost revenue.
Files stored on Box are routinely encrypted. When a customer logs in, the password tells Box to decrypt the file with a special key for that file. Box keeps that key on its servers.
The new offering will add a second layer of encryption that requires a key stored elsewhere.
Box customers will rent space on encryption-key storage devices managed by Amazon Web Services. Made by SafeNet, the device is allegedly tamper-proof and logs all requests for the keys it holds. Amazon rents use of them to its customers.
Amazon and Box maintain they can’t access user data, because they have no access to the SafeNet device.
It’s unclear how much the service will cost. Box said the price will be based in part on the number of licenses a company buys. The customer also has to pay Amazon Web Services for the use of the encryption-key generator, which, on average, can cost $5,000 up front and more than $1,300 a month, according to Amazon’s website.
Personal edit: Now even tho i would applaud this whole hearty, i ask the question would US law not force the company to make the files available if law enforcement agencies request it, because due to the fact i have my own company and i am having lots of customer data on the servers, i know for a fact that if my server resides in the US i will have to give access no matter what. As the patriot act and some of these other laws state. So is this false advertisement?
