Securely manage your own encryption keys
Global leaders stay in control with Box KeySafe
Get complete control of your data privacy
With Box KeySafe, you have complete, independent control over your encryption keys. All key usage is unchangeable and includes a detailed record of key usage, so you can track exactly why your organization’s keys are being accessed — with no impact on user experience. If you ever see suspicious activity, your security team can cut off access to the content at any time. And it's all on top of the enterprise-grade security and compliance you get with the leading Content Cloud.
How Box KeySafe works with AWS and GCP Key Management Services
We leverage Key Management Services (KMS) from Amazon Web Services (AWS) and Google Cloud Platform (GCP) to help you manage your encryption keys. Box KeySafe supports AWS KMS Custom Key Store and GCP Cloud HSM KMS to provide the control and protection of a dedicated hardware security module (HSM), without requiring you to manage any hardware. You can use AWS/GCP to store encryption keys in private dedicated CloudHSMs while using the KMS interface to generate and control access to the keys.
Government agencies leverage Box KeySafe with AWS GovCloud
As government agencies move highly sensitive workloads into the cloud, Box KeySafe with AWS GovCloud ensures compliance with ITAR/EAR and IRS-1075 requirements. Box KeySafe leverages AWS KMS in the AWS GovCloud region — giving agencies and organizations that work with the U.S. government independent control over their content encryption keys.
Encryption key management in three easy steps
File encrypted with Box KeySafe key
There's no impact on the usability, mobility, security or governance provided by Box.
Box KeySafe key encrypted with your AWS/GCP KMS custom key
Box can never see or access your encryption keys, so you're always in control of your content.
Audit logs updated
You are the legal custodian of your keys that encrypt, decrypt, and re-encrypt data.
Box KeySafe works across all industries
Financial services
Hold your own encryption keys for digital vaults to enhance security posture to clients.
Government
Gain independent control over encryption keys for content that has citizen-only and ITAR requirements.
Life sciences
Collaborate on research with statisticians while securely sharing regulated datasets with sponsors and CROs.
Professional services
Protect client data with controls that prevent and turn off access to documents.
Nonprofit
Media & entertainment
Key features
Fast deployment
IT teams of any size can deploy KeySafe within a few days.
Cost-effectiveness
Affordable for customers of all sizes, unlike other encryption services for cloud content.
Log correlations
Get complete visibility with reason codes that correlate to Box events and identify why keys are being used.
Availability and durability
Customer keys are housed by AWS/GCP in systems that are designed with 99.99999999% durability and deployed in multiple availability zones within a region.
Key rotation support
Box works with customers to rotate their Box KeySafe keys and ensures that all Box content is re-encrypted against the new key.
Key security
Box never sees or accesses customer managed encryption keys, and no keys are held in memory.
Learn more about protecting your data with Box KeySafe
Streamline mission-critical services in the cloud
Discover how government agencies secure data across teams inside and outside the perimeter.
Building a secure, best-in-class digital workspace
See how Intuit partners with Box to keep its workforce secure in the flow of innovation.
Simplify customer-owned encryption
Experience the benefits of a dedicated key store and a simplified way to manage keys.