Box Announces Enterprise Key Management

On February 10, 2015 Box announced the beta release of Enterprise Key Management (EKM). Put simply, EKM addresses cloud security concerns by giving customers control over the encryption keys used to access content stored on Box. It’s add-on functionality, at an additional cost, that’s going to remove one of the barriers to cloud adoption. This is a very, very good thing.

For those customers that have been dithering about whether or not to move content to the cloud because of security concerns, EKM ought to alleviate those concerns. Of course, those customers will have to be willing to commit to Amazon Web Services (AWS) if they want to avail themselves of EKM. However, it’s a beta folks and I’d bet that Box is actively working on other options.

With this announcement there’s a bunch of organizations that, all of a sudden, have no excuses left. That’s not to say that organizations should put everything into the cloud; they shouldn’t. There’s tons of content that organizations deal with on a day-to-day basis that makes absolutely no sense to move to Box. Take a look at transactional data that’s generated by utilities, communications providers, and financial companies; there’s nothing to be gained, yet, by moving all those transactions into Box. However, those same organizations, along with most others, deal with tons of content that is perfectly suitable due to its purpose in business processes. Think about loan/mortgage applications, cell phone contracts, and applications for utility services; all of these could easily be moved to the cloud. And now (well, when EKM gets to general release) it can be done with just that little bit extra assurance of security. Which brings me to another point, which I’ve made before …

Organizations are going to have a mixed bag of content repositories for the foreseeable future. Once EKM goes to general availability I’d love to have a bar chat about which is more secure; Box, on-premises, or the hosted private data centre. Based on what I know about some orgs I’ve worked with, I’d rather they put their content in Box, with or without EKM. I digress …

My point is that hybrid is a reality and that everyone involved in managing content (vendors, customers, regulators, legislators) is going to have to figure out how best to deal with access, security, collaboration, and everything else that goes into managing content as an asset. Part of that is understanding that not all content is created equal and can be treated the same. For me the end game has to be putting the users at the center and not forcing them into Cirque de Soleil-like contortions to gain access to the content they need to execute the task at hand. If Box’s track record is anything to go by, I’m optimistic that they haven’t lost sight of ease of use with the EKM beta.

The title of Aaron Levie’s (Box CEO) post announcing EKM is Breaking the Last Barrier to Cloud Adoption with Box Enterprise Key Management (and I thought I liked long titles). Uhm, no. Hell, EKM won’t even break down the last legitimate barrier. There is still a lot of Fear, Uncertainty, and Doubt (FUD) to overcome in getting organizations to move to the cloud (not a legitimate barrier). Organizations worry about data sovereignty, sometimes legitimately. Some contexts just don’t lend themselves to a smooth cloud experience (from twitter this am, via Laurence Hart “Some agencies require govt clearance to have access to encryption keys and/or be US citizen. Box can’t do that for workforce” – he’s not wrong. Laurence expands on the quote in this post.).

If I were Box I’d handle the above like this:

• FUD – time, tide, and attrition are your friend – patience, Grasshopper.
• Legitimate data sovereignty issues – influence and wait for legislation; partner up to build/lease/coopt some friggin’ data centres.
• Illegitimate data sovereignty issues – see FUD
• The point that Laurence brought up – don’t sweat it. You can’t play there now anyways.

Box’s announcement about Enterprise Key Management is significant, and it’s a really good thing. However, it’s not the last hurdle and I’d bet money they know that. But it does take away one excuse that that ditherers and FUDders have been hanging on to.

And for those of you who are about to bring up AWS outages – IT’S A BETA!!!

← Enterprise File Sync & Share – It’s Not What You Think It Is

Security 2015 or Why I Sometimes Hate My Clients →

Search

Recent Posts

• How to Mastodon (Beware, I’m no expert)
• A Tunnel of Opportunity
• Content Integration Services – Connecting ERP to ECM

My Tweets

AIIM Analytics Box Cloud corp culture ECM EFSS EIM governance Implementation Information Governance Information Management innovation PHIGS Planning privacy rant Records records management Retention Risk security SharePoint User Adoption value

Archives

Archives Select Month November 2022  (1) May 2020  (1) December 2017  (1) November 2017  (1) August 2017  (1) March 2017  (2) January 2017  (1) September 2016  (2) August 2016  (2) June 2016  (2) May 2016  (3) March 2016  (1) February 2016  (5) January 2016  (1) December 2015  (2) October 2015  (5) September 2015  (4) August 2015  (7) July 2015  (4) June 2015  (3) May 2015  (2) April 2015  (3) March 2015  (4) February 2015  (1) January 2015  (1) December 2014  (2) October 2014  (2) September 2014  (2) July 2014  (1) June 2014  (2) May 2014  (2) April 2014  (1) January 2014  (2) December 2013  (1) November 2013  (2) October 2013  (3) September 2013  (2) August 2013  (1) July 2013  (1) June 2013  (1) April 2013  (1) March 2013  (1) February 2013  (1) January 2013  (1) November 2012  (1) September 2012  (1) July 2012  (1) June 2012  (2) April 2012  (1) March 2012  (1) February 2012  (1) December 2011  (2) November 2011  (1) September 2011  (1) August 2011  (2) July 2011  (4) June 2011  (2) May 2011  (2) April 2011  (1) March 2011  (1) February 2011  (3) January 2011  (4)