Box.com encryption security? Single password. Reliable?

Discussion in 'privacy technology' started by Valder, Feb 2, 2014.

Thread Status:
Not open for further replies.
  1. Valder

    Valder Registered Member

    Joined:
    Dec 28, 2008
    Posts:
    97
    Box.com claims they encrypt your storage space that they cannot read it but you use a single password on their site.

    How reliable this setup can be?
     
  2. m0unds

    m0unds Guest

    last i saw, they just claim SSL between you and their servers, and if you have a business acct, AES256 at rest. none of that really screams 'we can't read your files'. that being said, i do use box for work-related stuff and i think they're a trustworthy company.

    if you're after privacy and security of stored data, check out spideroak (spideroak.com). if you go that route, set up your account via the client after it's been downloaded and installed on your machine.

    *EDIT* actually, it looks like they do at-rest crypto for all accounts now. that's good. used to only apply to biz accts.
     
  3. Rhallowell

    Rhallowell Registered Member

    Joined:
    Jan 31, 2014
    Posts:
    6
    It's not as secure as it could be thats for sure, we actually get a lot of calls from enterprises claiming they want a way to make Box safer for corporate environments. I also don't believe Box is HIPAA/HITECH compliant (couldn't find on their site) but there are layering encryption companies out there that can help. I actually just posted a thread in this sub forum about nCrypted Cloud which (for personal use) is a free encryption layer over cloud storage providers like Box and the like and offers many additional safety, and auditing features. Doesn't add any hassle and is easy to use if you ever want to look into it. Feel free to shoot me a message if you have any questions!

    https://www.wilderssecurity.com/showthread.php?t=359438
     
  4. m0unds

    m0unds Guest

    they're HIPAA compliant: hxxps://support.box.com/hc/en-us/articles/200526678-Is-Box-HIPAA-compliant-

    hxxps://support.box.com/hc/en-us/articles/200526618-Box-HIPAA-and-HITECH-Overview-and-FAQs
     
  5. Rhallowell

    Rhallowell Registered Member

    Joined:
    Jan 31, 2014
    Posts:
    6
    Ah yes, thanks for finding that!

    After reading further though you find out that you need the enterprise or elite version in order for it to be officially compliant with HIPAA/HITECH. It also isn't a standard that it is HIPAA compliant, you need to configure everything yourself and make sure it is on your own. So yea it has it, but it's slacking.

    "Box signs BAA addendums to with its customers who have an Enterprise or Elite account and want to be HIPAA compliant. A signed BAA should be in place between Box and the customer prior to storing any Protected Health Information (PHI) on Box.
    Customers are responsible for configuring Box in a HIPAA compliant manner and for enforcing policies in their organizations to meet HIPAA compliance."
     
Loading...
Thread Status:
Not open for further replies.