Box EKM introduces a straightforward approach to provide businesses with complete single-tenant control over their encryption keys and audit logs. Box, in close collaboration with AWS and Gemalto, provides a protected key infrastructure via a dedicated AWS CloudHSM appliance in the cloud, and leverages Gemalto's tamper resistant SafeNet Hardware Security Modules (HSM) for key encryption and protection. Box says its customers retain full control of their keys and cryptographic operations on the HSM, while Amazon manages and maintains the hardware, with neither Box nor Amazon having access to the keys. This encryption feature set is all available while preserving the functionality of Box's core service.
Box EKM is available in beta today and will be generally available Spring 2015.