With Box KeySafe, you have complete, independent control over your encryption keys — with no impact to the user experience. All key usage is unchangeable and includes a detailed record of key usage, so you can track exactly why your organization’s keys are being accessed. And if you ever experience suspicious activity, your security team can cut off access to the content at any time.
Easily upload your files to Box
Encrypt with Box key
There's no impact on the usability, mobility, security or governance provided by Box
Encrypt with your key
Box can never see or access your encryption keys, so you're always in control of your content
Update Audit log
You are the legal custodian of the keys that encrypt your content
Box KeySafe with AWS Key Management Service
This is the simplest, most cost-effective solution for customer-managed encryption for Box. KeySafe with AWS Key Management Service enables you to control your encryption keys by leveraging a software service — Key Management Service (KMS) from Amazon Web Services (AWS).
Box KeySafe with AWS KMS Custom Key Store
With this option, Box customers can manage their own encryption keys using a simple-to-use AWS KMS interface - while storing encryption keys in AWS CloudHSM. KeySafe with AWS KMS Custom Key Store can be used to meet any security and compliance requirements for private key storage, without the operational overhead of managing on-premise hardware.
Support for KeySafe with AWS KMS Custom Key Store is coming in early 2019
Box KeySafe with AWS GovCloud
Box KeySafe with AWS GovCloud lets agencies ensure compliance with ITAR/EAR, CJIS or IRS-1075 requirements as they move highly-sensitive workloads into the cloud. This offering leverages Amazon Web Services (AWS) Key Management Service (KMS) in the AWS GovCloud region, and enables government agencies and organizations that work with the U.S. government to gain independent control over their content encryption keys.
Government and contractors
KeySafe with AWS GovCloud enables government agencies and government contractors to gain independent control over their content encryption keys for content that has citizen-only and ITAR requirements.
Media, tech and life sciences
Unreleased screenplays, top-secret designs, and patents to a new drug are among the most valuable assets you have. At the same time, to bring your ideas to market, these assets need to be shared with your contractors, partners, and vendors. Use KeySafe to stay in stay in control of sensitive IP that is shared widely throughout your ecosystem of partners and contractors.
Law, financial and professional services
Clients of your firm entrust you with their most sensitive content and bank on their data being safeguarded from unauthorized third party access. Use KeySafe to meet your ethical and legal obligations for protection of client data by putting appropriate controls in place to prevent and turn off access to documents, and minimize the reputation risk associated with someone else looking at your clients' data.
Simple to set up, configurable in 30 minutes
IT teams, regardless of size, can deploy KeySafe within a few days
Affordable for customers all sizes, unlike other encryption services for cloud content
Reason codes that identify why keys are being used and correlate to Box events allow complete visibility
Availability and durability
Customer keys are housed by our partner, AWS, in systems that are designed with 99.99999999% durability and deployed in multiple availability zones within a region
Key rotation support
Premier Services will work with the customer to rotate their KeySafe keys, if they choose to rotate their keys with AWS. Premier services will also work with the customer to trigger backfill processes to ensure that all Box content is re-encrypted against the new key
Customer keys are never stored in plaintext on disk with no keys held in memory
This Forrester report evaluates customer-managed keys in the cloud, and how Box KeySafe is shaking up multiple enterprise software markets.
With recently announced Box KeySafe, you can now take advantage of content collaboration in the cloud while maintaining independent control over the encryption keys that protect their content.