Hewlett-Packard (HP) Co., IBM Corp., EMC Corp./RSA Security and Thales Group led a coalition of vendors that submitted a standard for interoperability between key management systems and encryption devices to the Organization for the Advancement of Structured Information Standards (OASIS).
The spec is called the Key Management Interoperability Protocol (KMIP), and the collaborating vendors would like to see it become an industry-wide standard by the end of this year. If adopted, KMIP would mean users could attach almost any encrypting device to one preferred key management system, regardless of the vendors involved. Brocade Communications Systems Inc., LSI Corp. and Seagate Technology Inc.are also in the KMIP group.
The project to draft the spec began in late 2007 and includes more than 100 pages of instructions that would standardize how disk drives, tape drives, laptops, mobile devices, network switches and applications request encryption keys from key management applications.
Although encryption algorithms such as AES 256 are already standardized, individual devices request keys from key management systems in different ways. That means some IT shops must maintain multiple systems for encryption on different devices. "In a tough economic environment, customers are very cost constrained, but they still have regulatory requirements to meet," said Mark Schiller, director of the Security Program Office for HP Secure Advantage. "Encryption across the enterprise
"This is a superset of any standards activities that have already been in place, [and] recognizes the limitations of other standards," Oltsik said.
The problem of administering multiple data security systems is mostly limited to the high end of the market today, but Oltsik said that the problem will become more widespread as new technologies, such as LTO-4 tape drives with built-in encryption, gain acceptance.
A proposed standard is never a guarantee that anything viable will see the light of day, but Oltsik said the players involved will command a strong following for KMIP. "They are going to dominate the way this is done," he said. "Particularly in the storage world, I don't see anyone not going along with this."