Chasing bigger customers and thwarting government requests for data

Cloud storage provider Box is experimenting with a new security solution called Enterprise Key Management (EKM). Currently available in beta, EKM adds another layer of security that it hopes will attract big businesses in regulated industries like banking and finance, healthcare, and so forth. There's also a benefit for customers who to make it more difficult for the government to get their hands on data.
"Industries like finance, government, legal and healthcare are facing a new set of challenges when it comes to establishing control over their content – and who can access it – without hindering collaboration and productivity," said Aaron Levie, co-founder and CEO, Box. "With Box EKM, we’ve removed the final barrier to cloud adoption for industries that require the highest levels of protection over their information."
The effort is a joint collaboration with Amazon Web Services (AWS) and Germalto. For customers who sign up for the service, Box will work with them to provision hardware security modules (HSMs) made by SafeNet and provided by Germalto in both AWS and their own data center. The customers manage these HSMs, while Box is connected to them via a secure and dedicated connection.
From there, files that are uploaded get encrypted with a unique encryption key for each version of the file, just as Box currently does for all customers. What's different for EKM customers is that Box sends the key to their HSM, which is then encrypted with the customer's own key.

EKM customers effectively gain complete control over who can and can't access their data. Even Box can't get to it, so if the government comes knocking with a data request, Box's hands are tied.
To be clear, this is a play for big business, now home consumers. But if it works as advertised, this could eventually trickle into the consumer space.
Follow Paul on Google+, Twitter, and Facebook


More...