EMC, HP, IBM Team Up On Encryption Key Standard - EnterpriseStorageForum.com

EMC, HP, IBM Team Up On Encryption Key Standard

Download the authoritative guide: Enterprise Data Storage 2018: Optimizing Your Storage Infrastructure

Seven IT vendors have banded together to propose an encryption key management standard, an important step toward a more comprehensive data security approach (see Storage Security Is More than Just Key Management).

Brocade (NASDAQ: BRCD), HP (NYSE: HPQ), IBM (NYSE: IBM), LSI (NYSE: LSI), EMC's (NYSE: EMC) RSA Security Division, Seagate (NYSE: STX) and Thales (formerly nCipher) said the jointly developed specification for enterprise key management will "dramatically simplify how companies encrypt and safeguard information" and "enable the widespread use of encryption."

The Key Management Interoperability Protocol (KMIP) will be submitted to OASIS (the Organization for the Advancement of Structured Information Standards) for advancement through the organization's open standards process.

"KMIP addresses an important piece of the secure storage puzzle: key management," said Walt Hubis, software architect for LSI's Engenio Storage Group. "Acceptance of the KMIP will eliminate the biggest barrier to the widespread adoption of storage encryption, the fear that encrypted data will be lost. Interoperability across encryption and key management systems is a significant advancement that will enable acceptance of self-encrypting drives (SEDs). There's still work to be done in areas such as network-attached storage, including authentication of users in NAS and storage virtualization environments, but this is a critical step in the right direction."

Enterprise Strategy Group security analyst Jon Oltsik said, "We don't have a standard yet, but this is very encouraging since all of the industry leaders are behind the effort. This should drive further progress in IEEE P1619.3 as well. This group was a bit overwhelmed by the scope of work, but now KPIM limits what they have to focus on to storage devices."

IEEE P1619.3 is the key management part of the IEEE P1619 encryption standards effort.

KMIP was developed by HP, IBM, RSA and Thales, with Brocade, LSI and Seagate joining the effort. All seven companies will now contribute to OASIS for ongoing development of the protocol.

Charles Kolodgy, research director at IDC, said the proposed standard could remove an important barrier to adoption of encryption. "Time and time again, our research shows the primary barrier to the widespread use of encryption is the fear that encrypted data will be lost," he said.

Current key management strategies can be difficult, often requiring manual efforts to generate, distribute, store, expire and rotate encryption keys. KMIP offers a "single, comprehensive protocol for communication between enterprise key management services and encryption systems," the companies said, enabling encryption keys to remain accessible and secure.

The key lifecycle management protocol can be used by legacy and new encryption applications, and supports symmetric keys, asymmetric keys, digital certificates and other "shared secrets." It defines the protocol for encryption client and key management server communication for generation, submission, retrieval and deletion of cryptographic keys.

KMIP is complementary to application-specific standards projects such as IEEE 1619.3 for storage and OASIS EKMI for XML, the companies said.

More information can be found at http://xml.coverpages.org/KMIP/.

Back to Enterprise Storage Forum

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Storage Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that enterprisestorageforum.com may send you ENTERPRISEStorageFORUM offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISEStorageFORUM believes may be of interest to you. ENTERPRISEStorageFORUM will process your information in accordance with the Quinstreet Privacy Policy.

Thanks for your registration, follow us on our social networks to keep up-to-date