Seven IT vendors have banded together to propose an encryption key management standard, an important step toward a more comprehensive data security approach (see Storage Security Is More than Just Key Management).
Brocade (NASDAQ: BRCD), HP (NYSE: HPQ), IBM (NYSE: IBM), LSI (NYSE: LSI), EMC’s (NYSE: EMC) RSA Security Division, Seagate (NYSE: STX) and Thales (formerly nCipher) said the jointly developed specification for enterprise key management will “dramatically simplify how companies encrypt and safeguard information” and “enable the widespread use of encryption.”
The Key Management Interoperability Protocol (KMIP) will be submitted to OASIS (the Organization for the Advancement of Structured Information Standards) for advancement through the organization’s open standards process.
“KMIP addresses an important piece of the secure storage puzzle: key management,” said Walt Hubis, software architect for LSI’s Engenio Storage Group. “Acceptance of the KMIP will eliminate the biggest barrier to the widespread adoption of storage encryption, the fear that encrypted data will be lost. Interoperability across encryption and key management systems is a significant advancement that will enable acceptance of self-encrypting drives (SEDs). There’s still work to be done in areas such as network-attached storage, including authentication of users in NAS and storage virtualization environments, but this is a critical step in the right direction.”
Enterprise Strategy Group security analyst Jon Oltsik said, “We don’t have a standard yet, but this is very encouraging since all of the industry leaders are behind the effort. This should drive further progress in IEEE P1619.3 as well. This group was a bit overwhelmed by the scope of work, but now KPIM limits what they have to focus on to storage devices.”
IEEE P1619.3 is the key management part of the IEEE P1619 encryption standards effort.
KMIP was developed by HP, IBM, RSA and Thales, with Brocade, LSI and Seagate joining the effort. All seven companies will now contribute to OASIS for ongoing development of the protocol.
Charles Kolodgy, research director at IDC, said the proposed standard could remove an important barrier to adoption of encryption. “Time and time again, our research shows the primary barrier to the widespread use of encryption is the fear that encrypted data will be lost,” he said.
Current key management strategies can be difficult, often requiring manual efforts to generate, distribute, store, expire and rotate encryption keys. KMIP offers a “single, comprehensive protocol for communication between enterprise key management services and encryption systems,” the companies said, enabling encryption keys to remain accessible and secure.
The key lifecycle management protocol can be used by legacy and new encryption applications, and supports symmetric keys, asymmetric keys, digital certificates and other “shared secrets.” It defines the protocol for encryption client and key management server communication for generation, submission, retrieval and deletion of cryptographic keys.
KMIP is complementary to application-specific standards projects such as IEEE 1619.3 for storage and OASIS EKMI for XML, the companies said.
More information can be found at http://xml.coverpages.org/KMIP/.