If you put data on a cloud server, you're usually sharing it with more people than you realize. Cloud data is encrypted, but as long as the company manages the encryption keys, there are plenty of ways for third parties to gain access, whether it's a gag-ordered subpoena or something more sinister like PRISM. It's a long-standing problem for sensitive data in the cloud: as long as someone else holds the keys, there'll always be a way in.
As long as someone else holds the keys, there'll always be a way in
A new program from Box wants to fix that. It's called Enterprise Key Management, and it's offering a new approach to encryption on the cloud, providing the same cloud services without any central key control. Once a company signs up for the new system, Box will have no access to the encryption keys, giving the user complete control over who accesses the data. The system also comes with a protected audit log so users can track anyone who's accessed the data, providing an easy way to monitor for breaches. "What we're really doing is giving people unprecedented control over their encryption keys," says Rand Wacker, Box's vice president of enterprise products.
Box has already done well selling cloud services to businesses, pulling off a $1.7 billion IPO just last month. Nearly half of the Fortune 500 uses some level of Box service, but Wacker says the most sensitive information is often cordoned off, either because of specific privacy laws or broader trade secrets concerns. The new key management features are an attempt to bring that last level of data. Wacker and his team have been working on it for two years, going into alpha in December and launching in beta earlier this year with World Bank and Toyota’s sales division.
The system isn't entirely subpoena-proof
The system isn't entirely subpoena-proof. Box is still liable for content hosted on its servers, and there are strict rules in the Terms of Service over how a user should respond in the event of a law enforcement request. Still, the system would effectively prevent the gag-ordered access system that currently exists for cloud services like Gmail and iCloud, in which users typically don't know their information has been accessed until charges have been filed. Under EKM, any law enforcement requests have to come direct to the user, and there's no way for Box to access the data without the user's permission.
Most of the system is built on existing infrastructure, so Box's main job has been filling in the gaps and making the process as easy as possible for users. Keys are stored on Amazon's CloudHSM service, giving each user a dedicated hardware security module installed on a rack in an Amazon data center. The device is protected against physical access and will self-destruct if the wrong password is entered too many times. But once the code is entered, Wacker says users will have all the same Box functions as usual.
A self-destructing encryption drive might sound like overkill, but for many industries, the possibility of third-party access is still a dealbreaker. Law firms have already raised concerns about the implications of cloud storage for attorney-client privilege, while others have speculated that storing data on the cloud might waive any legal protections for trade secrets. Box is hoping the new key management features will let those businesses finally venture onto the cloud. As Wacker puts it, "it's a matter of unlocking cloud adoption for either the most sensitive companies or the most sensitive content."