Article

Sun jumbles key management picture

Beth Pariseau
Sun Microsystems Inc. has released an open-source protocol for enterprise encryption key management, a week after a consortium led by other major vendors submitted a standards protocol to the Organization for the Advancement of Structured Information Standards (OASIS).

Sun's protocol has been part of its self-encrypting tape drives for more than a year. Company executives say their protocol is more advanced than the specification submitted to OASIS by a group led by EMC Corp./RSA, Hewlett-Packard Co., IBM Corp. and Thales Group. A Sun spokesperson described the OASIS submission as a "low-level binary protocol for communication, rather than [the] more advanced XML solution used in the latest OASIS and current IEEE 1619.3 discussions." The IEEE has also drafted its own key management standard, which it released early last year.

The OASIS consortium claimed last week that its protocol will address a wide variety of devices, including disk drives, tape drives, laptops, mobile devices, network switches and applications, while the IEEE standard focuses on enterprise storage devices. Analysts said the OASIS spec imposes clearer rules on methods of key management communication than other standards do.

Robert Griffin, director of solution design for the Data Security Group at RSA, The Security Division of EMC, said representatives from the consortium and Sun will work together to try and blend the two proposed standards. Because they work at different levels, it

    Requires Free Membership to View

might be possible to "nest" one into the other, he said.

More on storage security
HP, IBM, EMC propose encryption key management standard

Hifn offers NIC with compression and encryption

CommVault, McAfee partner to integrate storage and security management solution

Brocade bolsters security with fabric-based encryption switch
Griffin described EMC's support of Sun's protocol as a "tactical partnership" to allow RSA's key manager to work with Sun tape drives. "We reached out to Sun in the hopes they'd join [the consortium]," he said.

Sandy Stewart, engineering director for Sun's Key Management System, said the timing of that invitation was the problem. The consortium first got together more than a year ago, but Sun claims it was only in the last month and a half that it was approached by the other vendors to participate.

"To be frank, this was sprung on us at the last minute and we're still going over the details," Stewart said. But he said there have already been meetings between the vendors this week, and Sun plans to work with the consortium and OASIS to sort out the protocols.

According to Eric Burgener, a senior analyst and consultant at Hopkinton, Mass.-based Taneja Group, all of the vendors are actually late to this discussion. "I'm disappointed that it's taken as long as it has for the industry to address the key management standards issue," he said, noting that "we're years away" from a standard that could be adopted in the marketplace. "Even if OASIS adopted a standard tomorrow, it would still take about 12 months for vendors to build and ship products," he said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: