Today, Box says it has a new product that gets the job done. Called “Enterprise Key Management (EKM),” the service puts encryption keys inside a customer’s own data center and in a special security module stored in an Amazon data center. The Box service still must access customer’s data in order to enable sharing and collaboration, but EKM makes sure that only happens when the customer wants it to, Box says.
When asked if the service would prevent Box from handing data over to the government, a company spokesperson said, “Unless the customer provides authorization to Box to provide the content that’s asked for, Box is prevented from sharing the content. When customers use Box EKM we are not able to provide decrypted content because we don’t have the encryption keys protecting the customer’s content.”
A (for Box’ business) necessary and welcome development.