clock menu more-arrow no yes mobile

Filed under:

Box Lets Cloud Storage Customers Control Encryption for Security

The feature is aimed at heavily regulated industries and others who fear hacking or government snooping.

Asa Mathat

Popular online storage service Box will let businesses control their encryption keys, the encoding tools used to keep data safe, aiding some heavily regulated industries and others who fear hacking attacks or government snooping.

Though many large companies have turned to Box and its competitors for cheap storage and to transfer files among a far flung workforce and partners, others have balked because they have no technological means of preventing access by those armed with court orders or other legal process.

Such objections intensified after former National Security Agency contractor Edward Snowden revealed dragnet spying operations outside of U.S. borders. Since then, many companies have been looking to encrypt more and increase control over their data. Still, many Web services do not offer an easy way for users to control encryption.

“We think this is really going to unlock a new set of customers and break one of the last barriers for cloud adoption,” Box CEO Aaron Levie told Reuters.

Box sold stock in an initial public offering last month. Rival Dropbox, which has many more users, remains privately held.

Dropbox does not allow customers to hold their own keys to control access, but it does steer those concerned to work with third parties to encrypt data with other keys before it is stored. That way, even if outsiders access files, they would not be able to read them unless they got the keys from the third parties.

“Allowing user control over this is something we might consider adding in the future,” Dropbox says on its website.

Levie thinks his firm’s architecture is better.

Amazon Web Services and security firm Gemalto will provide the management and hardware, respectively, but only the customers will have the keys. A test version will be broadly available in the spring, with pricing depending on the number of users at a company.

Based in Los Altos. Calif., Box claims almost half of the Fortune 500 as paying customers and more than 30 million individual users.

Levie said healthcare, finance and other industries with strict data-protection rules would be logical candidates for the new service, which also includes audit logs tracking access.

Though Levie has criticized broad collection by the NSA, he said most Box customers pushing for key ownership were not driven by that worry.

“It’s less of a response to the threat landscape and more about the regulatory environment,” Levie said.

(Reporting by Joseph Menn in San Francisco; Editing by Cynthia Osterman)

This article originally appeared on