Looking for encrypted cloud storage with no backdoors?
Own your data like you would in your office. Only you have the encryption key, not us or anyone else.
100% UK Privacy.
We’re not just another encrypted cloud storage provider. We do things differently. Nimbox is an encrypted cloud storage solution for businesses that want to take the stress away from cloud storage security.
Retaining the flexible and remote working benefits that come with encrypted cloud storage is essential which is why Nimbox was built to ensure only you have access to your secure data. Only you alone have the encryption key to access your encrypted cloud storage. Our encryption software significantly reduces the risk to you as a business and the chance of a data breach from happening.
We go above and beyond security
Data stored in Nimbox is encrypted with 256-bit Advanced Encryption Standard (AES) cryptography in cipher-block chaining mode. Organisation data is always encrypted—on a device, in transit, and whilst stored—and can only be decrypted by you, and your authorised users.
Our architecture allows for the secure inspection of traffic by you to ensure there is no malicious content. Importantly, Nimbox can never see your data, unlike many other cloud storage services that may be able to access unencrypted customer data.
In Nimbox, only you has control over the encryption and decryption of your data. Encryption occurs at the device level and the encryption key that is needed to decrypt the data always stays with you, we cannot decrypt your stored data.
Data that is stored in Nimbox is instantly encrypted and decrypted on-the-fly, on the device that is being used at the time—even when using the Nimbox web application. Nimbox uses AES, a well-known and widely trusted encryption algorithm, with a 256-bit key.
AES is an approved cryptographic module in FIP 140-2, and in its CNSSP-15 publication, the Committee on National Security Systems states that AES with a 256-bit key is secure enough to encrypt data marked up to TOP SECRET for the U.S. Government.
In essence, only encrypted binary data is stored by Nimbox and it is this data that is synced with other devices registered to the user’s account, through an encrypted ‘tunnel’.
The data that you stores in Nimbox is always encrypted and decrypted on your device, NOT on our servers. This process is known as client-side encryption, because the device (which could be an iPhone, PC, Server, Mac, or the web app etc.) is doing the encryption work.
The raw cryptographic keys used to encrypt and decrypt users’ data are never stored on or transmitted via our servers. To enable multi-device working, an encrypted version of these keys are stored within Vault, and only provided to devices that are registered to the buyer’s account.
The encrypted binary data that is stored in Nimbox would be essentially useless to an attacker if it was intercepted in transit or at rest, as they would not have access to the encryption key. This includes access by Nimbox.
Breaking a symmetric 256-bit key would require vast computing power. In practice it would take 50 supercomputers—that could check a billion billion (10^18) keys per second—about 3 x 10^50 years to exhaust the 256-bit key space.
Nimbox utilises Transport Layer Security (TLS) versions 1.1 and 1.2 to securely transfer encrypted customer data between the client and the Nimbox platform. TLS 1.1 and 1.2 are modern versions of the protocol, and are considered to be extremely safe by the cryptographic community; we don’t support older, less-safe versions of transport layer security, such as SSL 3 and TLS 1.0.
We also support Forward Secrecy key exchanges using Diffie-Hellman (ECDHE and DHE) enabled cipher suites.
TLS certificates using the SHA-2 algorithm, and signed by GoDaddy CA are deployed on all Nimbox services. SHA-2 is the most secure signature algorithm currently offered by commercial and open-source certificate authorities.
Every Nimbox user account, including guests, has a 4096-bit RSA key pair that is used exclusively for sharing. When a user shares a file or folder using the Secure Share option in Nimbox, the data is encrypted with the recipient user’s public key. The recipient user then decrypts the data with their private key.
The process is automatic and transparent. This allows you to share data only with the intended recipient, since only the recipient is able to decrypt it.
Password-Based Key Derivation (PBKDF2) with HMAC-SHA256 is utilised to convert a user’s password into a 256-bit encryption key. A second key—derived from the first key—is then used to encrypt data and other keys, such as the RSA key.
This second key is shared with the customer’s organisation account, to enable corporate control of data stored within Nimbox.
Any subsequent keys that are not generated directly from the user’s account password are generated by an open-source, cryptographically secure, pseudorandom number generator on the user’s device. Because keys are generated on the device, they cannot be seen by us.
Private keys that must be stored (to enable cross-device, and intra-team working), are always encrypted prior to transmission to the Nimbox platform. These keys can only be decrypted with either the user’s password, or the customer’s administration password.
Problems we solve.
“Simple, secure and reliable. We’ve used Nimbox for over a year now and had no issues whatsoever. UK based data centers and a friendly support team – I would recommend this service over other cloud based file collaborating software.”