When comparing Box Enterprise Key Management vs Amazon Key Management Service, the Slant community recommends Box Enterprise Key Management for most people. In the question“What are the best shared secret managers?” Box Enterprise Key Management is ranked 2nd while Amazon Key Management Service is ranked 10th. The most important reason people chose Box Enterprise Key Management is:
Box provides dedicated hardware (HSMs) that the enterprise has complete control over and can provide access to Box in a granular way with Box in turn providing cloud services such as deduplication, search indexing, information rights management, etc.
Ranked in these QuestionsQuestion Ranking
Pros
Pro Box provides cloud services with enterprise maintaining control over encryption keys
Box provides dedicated hardware (HSMs) that the enterprise has complete control over and can provide access to Box in a granular way with Box in turn providing cloud services such as deduplication, search indexing, information rights management, etc.
Pro Extremely secure
Amazon has used a lot of techniques to harden the process of storing and securing keys in its service. For example, keys are not stored on disk, nor are they allowed to persist in memory.
Amazon employees can not access a user's secret keys physically and the keys themselves are stored in the same geographical region as the application they belong to.
Pro Easy to use from a single dashboard
AWS Key Management Service offers a single unified dashboard that teams can use to manage and store their secrets used in applications hosted on AWS services. In the dashboard users can create keys, retrieve them and audit key usage through detailed information offered to them
Cons
Con Costs more than the standard Box service
Box EKM is built as a complementary but still separate service than the storage service that Box provides. As such, it costs extra to use EKM to store secrets of data hosted with Box's cloud hosting.
Con Does not generate certificates
KMS does not generate certificates, in order to generate them you have to roll out your own solution.