When comparing CloudFlare Red October vs Box Enterprise Key Management, the Slant community recommends Box Enterprise Key Management for most people. In the question“What are the best shared secret managers?” Box Enterprise Key Management is ranked 2nd while CloudFlare Red October is ranked 4th. The most important reason people chose Box Enterprise Key Management is:
Box provides dedicated hardware (HSMs) that the enterprise has complete control over and can provide access to Box in a granular way with Box in turn providing cloud services such as deduplication, search indexing, information rights management, etc.
Ranked in these QuestionsQuestion Ranking
Pros
Pro Fully open source
Red October is fully open source, from the encryption library to the UI modules. Everyone can inspect the code hosted on GitHub or fork it and implement it to suit their needs if they have to.
Pro Uses the "two-man rule" for extra security
Red October was built to add an extra layer of security inside organizations. The "two-man rule" that Red October employs means that data can only be decrypted if two or more users provide the necessary keys.
Pro Box provides cloud services with enterprise maintaining control over encryption keys
Box provides dedicated hardware (HSMs) that the enterprise has complete control over and can provide access to Box in a granular way with Box in turn providing cloud services such as deduplication, search indexing, information rights management, etc.
Cons
Con Uses its own crypto library
Red October uses its own crypto implementation in to encrypt secrets. While it's not necessarily a security risk, it would be safer to use a crypto library that has proven it's worth and that has been used for a long time in a lot of projects.
Con Costs more than the standard Box service
Box EKM is built as a complementary but still separate service than the storage service that Box provides. As such, it costs extra to use EKM to store secrets of data hosted with Box's cloud hosting.