Prepress

Leading organizations unveil new interoperability specification for encryption key management to aid IT security, compliance and data recovery

Friday 13. February 2009 - EMC, HP, IBM, LSI, Seagate and Thales work to remove barriers to encryption across data center systems by submitting new specification to OASIS

The Security Division of EMC, Seagate and Thales (formerly nCipher) today announced the creation of a jointly developed specification for enterprise key management that is engineered to dramatically simplify how companies encrypt and safeguard information. The companies – leaders in enterprise computing, storage, and security – developed the Key Management Interoperability Protocol (KMIP) in response to customers’ needs to enable the widespread use of encryption. The companies intend to submit KMIP to OASIS (Organization for the Advancement of Structured Information Standards) for advancement through the organization’s open standards process.

KMIP was developed by HP, IBM, RSA and Thales to meet the compelling needs of today’s enterprise data center environments, with Brocade, LSI and Seagate joining the effort. All seven companies will now be devoting time and resources to OASIS for ongoing development.

According to IDC(1), 44 percent of enterprises plan to encrypt more than 75 percent of their data by 2009, and one of the top two issues related to deploying encryption is the ability to recover the data(2).

“The use of encryption is widely recognized as the best method for protecting valuable information and enabling compliance with industry and government regulations,” says Charles Kolodgy, research director at IDC. “Time and time again, our research shows the primary barrier to the widespread use of encryption is the fear that encrypted data will be lost – slowing the adoption of encryption. Users are demanding strong key management systems and advancing this work through the open standards process offers tangible benefits for vendors, developers and enterprises alike.”

Companies often deploy separate encryption and key management systems for different business uses, such as laptops, storage, databases and applications, and until now cumbersome – often manual – efforts were necessary to generate, distribute, vault, expire, and rotate encryption keys. This has resulted in increased costs for IT, difficulty meeting audit and compliance requirements, and lost data.

“The IT community is asking for open standards and interoperability to help meet the increasing demand for encryption,” says Laurent Liscia, executive director of OASIS. “We applaud Brocade, HP, IBM, LSI, RSA, Seagate and Thales for choosing to advance KMIP through the open standards process, and we encourage others in the security community – both users and providers – to participate in the standardization of this very important work.”

Developed by leading enterprise storage, systems and security vendors, KMIP is designed to provide a single, comprehensive protocol for communication between enterprise key management services and encryption systems. Brocade, HP, IBM, LSI, RSA, Seagate and Thales are committed to delivering KMIP-enabled solutions. By taking advantage of KMIP-enabled software and devices, companies will be able to cut operational costs and reduce risk by removing redundant, incompatible key management processes.

Streamlined key management is essential in a wide variety of data management processes. For example, the data recovery process requires locating encryption keys quickly even for tapes created weeks or months earlier. At the same time, this efficiency must not impact the security of keys or violate corporate policies regarding how keys are stored and distributed. KMIP enables vendors to address this need for enterprise-wide key management, providing customers with better data security and decreased expenditures on multiple key management products and operations.

KMIP is the first specification for enterprise key management that is ready for adoption. It was developed to support other industry standardization efforts and is complementary to application-specific standards projects such as IEEE 1619.3 (for storage needs) and OASIS EKMI (for XML needs).

About the Key Management Interoperability Protocol (KMIP)

The Key Management Interoperability Protocol (KMIP) enables key lifecycle management. KMIP can be used by both legacy and new encryption applications, supporting symmetric keys, asymmetric keys, digital certificates, and other “shared secrets.” KMIP offers developers templates to simplify the development and use of KMIP-enabled applications.

KMIP defines the protocol for encryption client and key management server communication. Key lifecycle operations supported include generation, submission, retrieval, and deletion of cryptographic keys. Vendors intend to deliver KMIP-enabled encryption applications that support communication with compatible KMIP key management servers.