Securely manage your own encryption keys
Global leaders stay in control with Box KeySafe
Get complete control of your data privacy
With Box KeySafe, you have complete, independent control over your encryption keys. All key usage is unchangeable and includes a detailed record of key usage, so you can track exactly why your organization’s keys are being accessed — with no impact on user experience. If you ever see suspicious activity, your security team can cut off access to the content at any time. And it's all on top of the enterprise-grade security and compliance you get with the leading Content Cloud.
How Box KeySafe works with AWS and GCP Key Management Services
We leverage Key Management Services (KMS) from Amazon Web Services (AWS) and Google Cloud Platform (GCP) to help you manage your encryption keys. Box KeySafe supports AWS KMS Custom Key Store and GCP Cloud HSM KMS to provide the control and protection of a dedicated hardware security module (HSM), without requiring you to manage any hardware. You can use AWS/GCP to store encryption keys in private dedicated CloudHSMs while using the KMS interface to generate and control access to the keys.
Government agencies leverage Box KeySafe with AWS GovCloud
As government agencies move highly sensitive workloads into the cloud, Box KeySafe with AWS GovCloud ensures compliance with ITAR/EAR and IRS-1075 requirements. Box KeySafe leverages AWS KMS in the AWS GovCloud region — giving agencies and organizations that work with the U.S. government independent control over their content encryption keys.
Encryption key management in three easy steps
File encrypted with Box KeySafe key
There's no impact on the usability, mobility, security or governance provided by Box.
Box KeySafe key encrypted with your AWS/GCP KMS custom key
Box can never see or access your encryption keys, so you're always in control of your content.
Audit logs updated
You are the legal custodian of your keys that encrypt, decrypt, and re-encrypt data.
IT teams of any size can deploy KeySafe within a few days.
Affordable for customers of all sizes, unlike other encryption services for cloud content.
Get complete visibility with reason codes that correlate to Box events and identify why keys are being used.
Availability and durability
Customer keys are housed by AWS/GCP in systems that are designed with 99.99999999% durability and deployed in multiple availability zones within a region.
Key rotation support
Box works with customers to rotate their Box KeySafe keys and ensures that all Box content is re-encrypted against the new key.
Box never sees or accesses customer managed encryption keys, and no keys are held in memory.
Check out Enterprise Plus
Enterprise Plus gives you the best of the Content Cloud in one simple plan. We’ve included our most-valued products and services to help you power secure enterprise workflow automation across your organization. And it saves you up to 35%.