Monthly Archives: April 2014

Box wants to let businesses control cloud encryption keys “this year”

Posted on by

Box CEO Aaron Levie told Ars last September that the cloud storage company is trying to build a service that would let customers store data in Box data centers but would keep encryption keys in-house. Today, he said it might be available before the end of this year.

Such a system could make it impossible for Box to turn customer data over to the government in a readable format. In the history of our entire company this has never happened to an enterprise customer, he said, referring to blind subpoenas in which the government demands access to a customers data without that customer being told. But government requests are still a risk.

We are working on an encryption key solution right now. Were still figuring out the exact details of how we want to integrate it with a customer environment. We do see that for very large or sensitive organizations that this is going to be an important solution for them, he said.

Levie wasnt ready to promise an actual product last September, noting that its hard to design without undermining the Box collaboration tools that make storing data with the company a worthwhile proposition. Box has apparently made some progress, though, as today he said the more secure service is on the roadmap right now I think were looking at this year, probably.

Levie was speaking during a Q&A at the InformationWeek Conference in Las Vegas, which is being hosted alongside the annual Interop show.

This is something we want to get right, so there's a lot of moving pieces, he said. Were very sympathetic to the issue of encryption keys; we respect that there are definitely environments where its really important.

Last year, Levie told Ars that Box is architecturally similar to "Google or Microsoft in that we are encrypting all the data on both transit and storage, but we obviously have to manage the encryption key, because as a collaborative application we have to broker that exchange between multiple users. To make it a seamless experience, it requires us to have those keys."

There are ways for businesses to use collaborative cloud storage services without trusting encryption to the provider. One product called Syncdocs encrypts files users store on Google Drive, but it comes with some tradeoffs. If you forget your password, there is no known way to recover your data or password, Syncdocs says in an FAQ. This also removes the ability to access files in the Google Drive browser interface, so you need a secure program on your PC to access them, the company says. We are working on Web browser access, but it will not be as secure.

WatchDox, an enterprise file sharing and collaboration company that competes against Box, offers both cloud storage and virtual appliances that customers can use to secure data on their own hardware. In one scenario, customers can control encryption keys in a hardware security module that is in the customer's facilities but connects to the cloud storage in WatchDoxs data centers, similar to the service Levie wants to build. WatchDox described this capability to Ars last year, but it doesnt appear to be as heavily advertised as WatchDoxs other services.

A new company called Tresorit last year also started offering cloud-based collaboration with encryption being taken care of on customer's devices before being uploaded to the cloud. Additionally, CipherCloud adds security features to Box "while giving you exclusive control over your encryption keys." Once uploaded to Box, files can be accessed and decrypted by authorized users.

See the rest here:
Box wants to let businesses control cloud encryption keys “this year”

Would You Like Your Open Source All the Way?

Posted on by

Open source is no stranger to the enterprise, but most businesses compartmentalize -- open source for this, proprietary software for that. Is some of each the best of both worlds, or could businesses benefit by taking the 100 percent open source plunge? IDC's Michael Fauscette and Red Hat's Tim Yeaton kick around some of the issues surrounding full open source adoption in the enterprise.

The enterprise software industry today can be compared to the menus offered at fast-food eateries. Some offer their star item only one way. Others let you have it your way.

Tim Yeaton, SVP of the Infrastructure Group at Red Hat

How much choice you have often determines where you do your eating. The same option -- or lack of it -- is the driving principal behind attracting and keeping enterprise customers paying for open source product support.

Even when businesses funded their own code solutions, the freedom to build it your way or buy it somebody else's way was a critical choice. Now those times are changing.

Blended Family

Open source software once was compiled in purity to offer program users a choice other than proprietary products. Today's rush to a changing market may be pushing software developers to capitalize on using open source as prefabricated code -- in small or large chunks. A growing trend shows software developers incorporating free code into programs marketed as proprietary packages.

So, is open source gaining as a business model in its own right or morphing into proprietary products? There are some signs that enterprise IT is gearing up for more adoption of open source technology. However, there also are indications of a growing complacency with mixing the two. Many businesses settle for sharing the computing load by running certain tasks with open source packages and using proprietary products for other computing processes.

Michael Fauscette, GVP of Software Business Solutions at IDC

Can companies venture beyond a divided list of tasks handled by both closed and open source deployments to commit 100 percent to open source? Tim Yeaton, the senior vice president of the infrastructure group at Red Hat, suggests that the movement to convert from proprietary software is already well established in business. Enterprise is involved in a massive change of perspective in applying more than just coding to corporate computing solutions.

View original post here:
Would You Like Your Open Source All the Way?