Article

HP, IBM, EMC propose encryption key management standard

Beth Pariseau, Senior News Writer
Hewlett-Packard (HP) Co., IBM Corp., EMC Corp./RSA Security and Thales Group led a coalition of vendors that submitted a standard for interoperability between key management systems and encryption devices to the Organization for the Advancement of Structured Information Standards (OASIS).

The spec is called the Key Management Interoperability Protocol (KMIP), and the collaborating vendors would like to see it become an industry-wide standard by the end of this year. If adopted, KMIP would mean users could attach almost any encrypting device to one preferred key management system, regardless of the vendors involved. Brocade Communications Systems Inc., LSI Corp. and Seagate Technology Inc.are also in the KMIP group.

The project to draft the spec began in late 2007 and includes more than 100 pages of instructions that would standardize how disk drives, tape drives, laptops, mobile devices, network switches and applications request encryption keys from key management applications.

Although encryption algorithms such as AES 256 are already standardized, individual devices request keys from key management systems in different ways. That means some IT shops must maintain multiple systems for encryption on different devices. "In a tough economic environment, customers are very cost constrained, but they still have regulatory requirements to meet," said Mark Schiller, director of the Security Program Office for HP Secure Advantage. "Encryption across the enterprise today

    Requires Free Membership to View

takes extra manual effort."

More on storage security
Hifn offers NIC with compression and encryption

Jingle bell storage: What to buy a geek for the holidays

CommVault, McAfee partner to integrate storage and security management solution

Brocade bolsters security with fabric-based encryption switch
This isn't the first specification proposed for key management. The Institute of Electrical and Electronics Engineers (IEEE) approved a standard in January 2008 for managing encryption on storage devices. But Jon Oltsik, a senior analyst at Milford, Mass.-based Enterprise Strategy Group, said KMIP focuses on a wider variety of devices and imposes clearer rules on methods of key management communication than other standards.

"This is a superset of any standards activities that have already been in place, [and] recognizes the limitations of other standards," Oltsik said.

The problem of administering multiple data security systems is mostly limited to the high end of the market today, but Oltsik said that the problem will become more widespread as new technologies, such as LTO-4 tape drives with built-in encryption, gain acceptance.

A proposed standard is never a guarantee that anything viable will see the light of day, but Oltsik said the players involved will command a strong following for KMIP. "They are going to dominate the way this is done," he said. "Particularly in the storage world, I don't see anyone not going along with this."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: