EMC, HP, IBM Team Up On Encryption Key Standard

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Seven IT vendors have banded together to propose an encryption key management standard, an important step toward a more comprehensive data security approach (see Storage Security Is More than Just Key Management).

Brocade (NASDAQ: BRCD), HP (NYSE: HPQ), IBM (NYSE: IBM), LSI (NYSE: LSI), EMC’s (NYSE: EMC) RSA Security Division, Seagate (NYSE: STX) and Thales (formerly nCipher) said the jointly developed specification for enterprise key management will “dramatically simplify how companies encrypt and safeguard information” and “enable the widespread use of encryption.”

The Key Management Interoperability Protocol (KMIP) will be submitted to OASIS (the Organization for the Advancement of Structured Information Standards) for advancement through the organization’s open standards process.

“KMIP addresses an important piece of the secure storage puzzle: key management,” said Walt Hubis, software architect for LSI’s Engenio Storage Group. “Acceptance of the KMIP will eliminate the biggest barrier to the widespread adoption of storage encryption, the fear that encrypted data will be lost. Interoperability across encryption and key management systems is a significant advancement that will enable acceptance of self-encrypting drives (SEDs). There’s still work to be done in areas such as network-attached storage, including authentication of users in NAS and storage virtualization environments, but this is a critical step in the right direction.”

Enterprise Strategy Group security analyst Jon Oltsik said, “We don’t have a standard yet, but this is very encouraging since all of the industry leaders are behind the effort. This should drive further progress in IEEE P1619.3 as well. This group was a bit overwhelmed by the scope of work, but now KPIM limits what they have to focus on to storage devices.”

IEEE P1619.3 is the key management part of the IEEE P1619 encryption standards effort.

KMIP was developed by HP, IBM, RSA and Thales, with Brocade, LSI and Seagate joining the effort. All seven companies will now contribute to OASIS for ongoing development of the protocol.

Charles Kolodgy, research director at IDC, said the proposed standard could remove an important barrier to adoption of encryption. “Time and time again, our research shows the primary barrier to the widespread use of encryption is the fear that encrypted data will be lost,” he said.

Current key management strategies can be difficult, often requiring manual efforts to generate, distribute, store, expire and rotate encryption keys. KMIP offers a “single, comprehensive protocol for communication between enterprise key management services and encryption systems,” the companies said, enabling encryption keys to remain accessible and secure.

The key lifecycle management protocol can be used by legacy and new encryption applications, and supports symmetric keys, asymmetric keys, digital certificates and other “shared secrets.” It defines the protocol for encryption client and key management server communication for generation, submission, retrieval and deletion of cryptographic keys.

KMIP is complementary to application-specific standards projects such as IEEE 1619.3 for storage and OASIS EKMI for XML, the companies said.

More information can be found at http://xml.coverpages.org/KMIP/.

Back to Enterprise Storage Forum

Paul Shread
Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends, and analysis.

Latest Articles

15 Software Defined Storage Best Practices

Software Defined Storage (SDS) enables the use of commodity storage hardware. Learn 15 best practices for SDS implementation.

What is Fibre Channel over Ethernet (FCoE)?

Fibre Channel Over Ethernet (FCoE) is the encapsulation and transmission of Fibre Channel (FC) frames over enhanced Ethernet networks, combining the advantages of Ethernet...

9 Types of Computer Memory Defined (With Use Cases)

Computer memory is a term for all of the types of data storage technology that a computer may use. Learn more about the X types of computer memory.