|
SNIA expects to release Version 1.0 of XAM early in the first quarter of 2008. As of October 2007, the XAM standard was at 0.6 and Martin says he doesn't expect much change between the current version and V1.0.
At the fall Storage Networking World in Grapevine, TX, the XAM committee was handing out thumb drives containing a XAM emulator from Sun Microsystems Inc., as well as other tools and documents to let firms get a head start on their XAM efforts. "Once [Version] 1.0 is released, production-quality products will be coming to market at the same time," says Martin.
Standard 3: Encryption key management
Three separate standard groups are working on encryption key management standards. The IEEE Security in Storage Working Group (SISWG) 1619 committee, called P1619.3, is focused on storage management. A second key management standard, the Enterprise Key Management Infrastructure (EKMI), is being developed by the Organization for the Advancement of Structured Information Standards (OASIS) consortium and is more general. The third, IETF's Keyprov, is based around a list of best practices for key management and will eventually evolve into a standard according to IETF documents.
As storage security becomes widespread, managing encryption keys--especially those from different vendors' products--has become important. Standards for key management have lagged behind this need.
"As storage vendors, we got behind the curve and stayed behind the curve much longer than we should have," says Blair Semple, education and alliances officer for the SNIA Storage Security Industry Forum (SSIF) governing board and a security evangelist at Decru, a NetApp company.
Software conforming to any of the standards will have the ability to generate keys, store and replicate keys, authenticate keys, archive keys and, finally, destroy keys when they're no longer needed. While SMI-S will include key management starting with tape in Version 1.4, it isn't officially supporting any standards.
"SNIA is not backing any one of these activities, but rather it is watching all of them," says Eric Hibbard, chair of SNIA's Security Technical Work Group and vice chair of the SISWG. "It is true that many of the SNIA member companies are also actively involved with the P1619.3 standardization activity, so it is reasonable to assume that the P1619.3 standard will be better aligned to the needs of the storage industry."
|
