EMC, HP, IBM Team Up On Encryption Key Standard

Seven IT vendors have banded together to propose an encryption key management standard, an important step toward a more comprehensive data security approach (see Storage Security Is More than Just Key Management).

Brocade (NASDAQ: BRCD), HP (NYSE: HPQ), IBM (NYSE: IBM), LSI (NYSE: LSI), EMC’s (NYSE: EMC) RSA Security Division, Seagate (NYSE: STX) and Thales (formerly nCipher) said the jointly developed specification for enterprise key management will “dramatically simplify how companies encrypt and safeguard information” and “enable the widespread use of encryption.”

The Key Management Interoperability Protocol (KMIP) will be submitted to OASIS (the Organization for the Advancement of Structured Information Standards) for advancement through the organization’s open standards process.

“KMIP addresses an important piece of the secure storage puzzle: key management,” said Walt Hubis, software architect for LSI’s Engenio Storage Group. “Acceptance of the KMIP will eliminate the biggest barrier to the widespread adoption of storage encryption, the fear that encrypted data will be lost. Interoperability across encryption and key management systems is a significant advancement that will enable acceptance of self-encrypting drives (SEDs). There’s still work to be done in areas such as network-attached storage, including authentication of users in NAS and storage virtualization environments, but this is a critical step in the right direction.”

Enterprise Strategy Group security analyst Jon Oltsik said, “We don’t have a standard yet, but this is very encouraging since all of the industry leaders are behind the effort. This should drive further progress in IEEE P1619.3 as well. This group was a bit overwhelmed by the scope of work, but now KPIM limits what they have to focus on to storage devices.”

IEEE P1619.3 is the key management part of the IEEE P1619 encryption standards effort.

KMIP was developed by HP, IBM, RSA and Thales, with Brocade, LSI and Seagate joining the effort. All seven companies will now contribute to OASIS for ongoing development of the protocol.

Charles Kolodgy, research director at IDC, said the proposed standard could remove an important barrier to adoption of encryption. “Time and time again, our research shows the primary barrier to the widespread use of encryption is the fear that encrypted data will be lost,” he said.

Current key management strategies can be difficult, often requiring manual efforts to generate, distribute, store, expire and rotate encryption keys. KMIP offers a “single, comprehensive protocol for communication between enterprise key management services and encryption systems,” the companies said, enabling encryption keys to remain accessible and secure.

The key lifecycle management protocol can be used by legacy and new encryption applications, and supports symmetric keys, asymmetric keys, digital certificates and other “shared secrets.” It defines the protocol for encryption client and key management server communication for generation, submission, retrieval and deletion of cryptographic keys.

KMIP is complementary to application-specific standards projects such as IEEE 1619.3 for storage and OASIS EKMI for XML, the companies said.

More information can be found at http://xml.coverpages.org/KMIP/.

Back to Enterprise Storage Forum

Paul Shread
Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.

Latest Articles

How to Secure Direct-Attached Storage (DAS): 5 Steps

Direct-attached storage (DAS) security is critical for all companies that use solid-state drives (SSDs), hard disk drives (HDDs), or arrays in conjunction with their...

Network-Attached Storage (NAS) Security: Everything You Need to Know

Network-attached storage (NAS) security is the measures a company takes to protect critical enterprise and customer data within NAS environments from both internal and...

What is Direct-Attached Storage (DAS) Security?

Direct-attached storage (DAS) security helps businesses protect the data stored on their flash drives, hard disk drives (HDDs), and arrays.  DAS connects directly to computers...