Box KeySafe

Manage your own encryption keys

keysafe

Complete control of your data privacy in the cloud

With Box KeySafe, you have complete, independent control over your encryption keys — with no impact to the user experience.  All key usage is unchangeable and includes a detailed record of key usage, so you can track exactly why your organization’s keys are being accessed.  And if you ever experience suspicious activity, your security team can cut off access to the content at any time. 

upload file

Upload file

Easily upload your files to Box

encrypt with box key

Encrypt with Box key

There's no impact on the usability, mobility, security or governance provided by Box

encrypt

Encrypt with your key

Box can never see or access your encryption keys, so you're always in control of your content

update

Update Audit log

You are the legal custodian of the keys that encrypt your content

Box Enterprise Key Management

Box KeySafe with AWS

  • Box KeySafe with AWS Key Management Service

    This is the simplest, most cost-effective solution for customer-managed encryption for Box. KeySafe with AWS Key Management Service enables you to control your encryption keys by leveraging a software service — Key Management Service (KMS) from Amazon Web Services (AWS).

  • Box KeySafe with AWS CloudHSM

    Box KeySafe with AWS CloudHSM enables companies to control their encryption keys for the content they store in the cloud by leveraging a dedicated hardware security module (HSM) to store and protect encryption keys. Used by some of the world's largest businesses in Financial Services, Professional Services, Manufacturing, and others who require a copy of their encryption key on-premises.

  • Box KeySafe with AWS GovCloud

    Box KeySafe with AWS GovCloud lets agencies ensure compliance with ITAR/EAR, CJIS or IRS-1075 requirements as they move highly-sensitive workloads into the cloud. This offering leverages Amazon Web Services (AWS) Key Management Service (KMS) in the AWS GovCloud region, and enables government agencies and organizations that work with the U.S. government to gain independent control over their content encryption keys. 

Government and contractors

KeySafe with AWS GovCloud enables government agencies and government contractors to gain independent control over their content encryption keys for content that has citizen-only and ITAR requirements.

Media, tech and life sciences

Unreleased screenplays, top-secret designs, and patents to a new drug are among the most valuable assets you have. At the same time, to bring your ideas to market, these assets need to be shared with your contractors, partners, and vendors. Use KeySafe to stay in stay in control of sensitive IP that is shared widely throughout your ecosystem of partners and contractors.

Law, financial and professional services

Clients of your firm entrust you with their most sensitive content and bank on their data being safeguarded from unauthorized third party access.  Use KeySafe to meet your ethical and legal obligations for protection of client data by putting appropriate controls in place to prevent and turn off access to documents, and minimize the reputation risk associated with someone else looking at your clients' data. 

Key Features

Simple to set up, configurable in 30 minutes

IT teams, regardless of size, can deploy KeySafe within a few days

Cost-effective

Affordable for customers all sizes, unlike other encryption services for cloud content

Log correlations

Reason codes that identify why keys are being used and correlate to Box events allow complete visibility

Availability and durability

Customer keys are housed by our partner, AWS, in systems that are designed with 99.99999999% durability and deployed in multiple availability zones within a region

Key rotation support

Premier Services will work with the customer to rotate their KeySafe keys, if they choose to rotate their keys with AWS. Premier services will also work with the customer to trigger backfill processes to ensure that all Box content is re-encrypted against the new key

Key Security

Customer keys are never stored in plaintext on disk with no keys held in memory

Forrester: Regain control with Box KeySafe

This Forrester report evaluates customer-managed keys in the cloud, and how Box KeySafe is shaking up multiple enterprise software markets. 

On-Demand webinar: Own Your Keys to the Cloud

With recently announced Box KeySafe, you can now take advantage of content collaboration in the cloud while maintaining independent control over the encryption keys that protect their content.

Manage your own encryption keys with Box KeySafe