HP, IBM, EMC propose encryption key management standard

By Beth Pariseau, Senior News Writer 12 Feb 2009 | SearchStorage.com

News and trends in the storage industry Digg This!     StumbleUpon     Del.icio.us

The spec is called the Key Management Interoperability Protocol (KMIP), and the collaborating vendors would like to see it become an industry-wide standard by the end of this year. If adopted, KMIP would mean users could attach almost any encrypting device to one preferred key management system, regardless of the vendors involved. Brocade Communications Systems Inc., LSI Corp. and Seagate Technology Inc.are also in the KMIP group.

The project to draft the spec began in late 2007 and includes more than 100 pages of instructions that would standardize how disk drives, tape drives, laptops, mobile devices, network switches and applications request encryption keys from key management applications.

Although encryption algorithms such as AES 256 are already standardized, individual devices request keys from key management systems in different ways. That means some IT shops must maintain multiple systems for encryption on different devices. "In a tough economic environment, customers are very cost constrained, but they still have regulatory requirements to meet," said Mark Schiller, director of the Security Program Office for HP Secure Advantage. "Encryption across the enterprise today takes extra manual effort."

More on storage security Hifn offers NIC with compression and encryption Jingle bell storage: What to buy a geek for the holidays CommVault, McAfee partner to integrate storage and security management solution Brocade bolsters security with fabric-based encryption switch

This isn't the first specification proposed for key management. The Institute of Electrical and Electronics Engineers (IEEE) approved a standard in January 2008 for managing encryption on storage devices. But Jon Oltsik, a senior analyst at Milford, Mass.-based Enterprise Strategy Group, said KMIP focuses on a wider variety of devices and imposes clearer rules on methods of key management communication than other standards.

"This is a superset of any standards activities that have already been in place, [and] recognizes the limitations of other standards," Oltsik said.

The problem of administering multiple data security systems is mostly limited to the high end of the market today, but Oltsik said that the problem will become more widespread as new technologies, such as LTO-4 tape drives with built-in encryption, gain acceptance.

A proposed standard is never a guarantee that anything viable will see the light of day, but Oltsik said the players involved will command a strong following for KMIP. "They are going to dominate the way this is done," he said. "Particularly in the storage world, I don't see anyone not going along with this."

Tags: Secure data storage,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Secure data storage Throwing caution to the clouds Storage encryption essentials Vendors take steps to lock down cloud storage services Encryption Special Report: Key management stumbling block to securing data What you need to know about storage encryption products Isilon targets enterprise NAS with Backup Accelerator, N+2:1 parity Storage Decisions Chicago 2009 Session Downloads Storage Decisions Session Downloads: Disaster Recovery Track (Chicago 2009) Storage Decisions Session Downloads: Data Retention & Retrieval Track (Chicago 2009) Data on the brink

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary hard drive shredder  (SearchStorage.com) Storage as a Service (SaaS)  (SearchStorage.com) storage encryption  (SearchStorage.com) storage security  (SearchStorage.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary