Box Offers Extra Encryption in Bid for Additional Trust

Box wants customers to trust it with their most sensitive data. So the cloud-storage and -management company Tuesday said it will soon offer extra encryption that Box says will keep everyone out even Box.

For an undisclosed fee, Box customers will manage the encryption keys used to scramble their data housed on Box servers. In theory, that means only the customer, or people authorized by the customer, will have access to the files.

The new offering checks three strategic boxes for Box.

- It could help win confidence among companies with highly sensitive information, in industries such as banking, specialized manufacturing or health care.

- It could make overseas customers more comfortable handing data to an American company. The Edward Snowden leaks showed international customers that the U.S. government uses court orders to obtain data on the users of Silicon Valley companies. In theory, the new services would prevent Box from handing over user content.

- Its a new source of revenue for Box, which started trading shares publicly last month amid promises from Chief Executive Aaron Levie to boost revenue.

Files stored on Box are routinely encrypted. When a customer logs in, the password tells Box to decrypt the file with a special key for that file. Box keeps that key on its servers.

The new offering will add a second layer of encryption that requires a key stored elsewhere.

Box customers will rent space on encryption-key storage devices managed by Amazon Web Services. Made by SafeNet, the device is allegedly tamper-proof and logs all requests for the keys it holds. Amazon rents use of them to its customers.

Amazon and Box maintain they cant access user data, because they have no access to the SafeNet device.

Excerpt from:
Box Offers Extra Encryption in Bid for Additional Trust