Big Vendors Agree on Encryption Key

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Encrypting enterprise data and applications promises to soon become easier thanks to a joint specification related to encryption "key management" agreed to this week by four major vendors in the field.

Key management refers to generating, exchanging, storing, safeguarding, using, vetting and replacing the cryptographic keys that provide access to encrypted files or data.

The four are IBM (NYSE: IBM), Hewlett-Packard (HP) (NYSE: HPQ), RSA, the security division of EMC (NYSE: EMC) and Thales, formerly known as nCipher.

Their proposed Key Management Interoperability Protocol (KMIP) will make it easier and less costly for enterprises to implement encryption because right now there are no common standards, and each encryption vendor has a proprietary key management system. This means a large enterprise, which uses products from multiple vendors, will end up with several different key management systems.

Standardizing key management protocols will make it easier to secure data, which RSA CEO Phil Dunkelberger has said is going to be an important development for security this year.

The KMIP protocol will bring enterprise storage on par with end-user storage, for which the storage industry has developed standardized encryption protocols, Michael Willett, senior director for security at storage vendor Seagate Technology (NASDAQ: STX), told InternetNews.com.

The promise of end-to-end encryption

Storage management vendors are beginning to offer self-encrypting drives with encryption engines built into the drives' circuitry, Willett said. "Now with this key management standard, enterprise IT people will be able to buy one set of protocols and manage a variety of clients with a common key management system. And you'll have end-to-end encryption from the low-level management interfaces for hard drives to the top end storage in the data center."

HP, IBM, RSA and Thales have done interoperability testing of their key management products over the past year while developing the KMIP protocols, Mark Schiller, the director, HP Security Office, told InternetNews.com. "We wanted to create a completed specification and use that as a starting point in an industry-wide standards body," he explained.

The group has obtained support from Seagate, LSI, and Brocade (NASDAQ: BRCD), and Schiller said other participants are in the pipeline. "We've invited all the major industry players to join us, including Microsoft (NASDAQ: MSFT)," he added.

The KMIP specification has been submitted to OASIS, the Organization for the Advancement of Structured Information Standards, a not-for-profit consortium that drives open standards.

This article was first published on InternetNews.com.