Security is one of those things that folks often accept as a necessary evil, but turn is sideways and consider it as a straight management problem, and it sometimes starts to make more sense... As an example, consider Key Management. Its taken some time, but for our partners, my colleagues and most of all for the industry, I am happy to finally see the start of a draft standard for key management that is moving forward through a new OASIS group, the Key Management Interoperability Protocol (KMIP) Technical Committee.
Key Management, in a broad sense, deals with the cradle-to-grave processes of secure generation, distribution, and storage of keys that are used to encrypt data. Its tough to control though!
Key Management is very important to HP and its customers as at a high level, security and regulatory considerations drive customers to increasingly consider encrypting data at rest, on removable media such as tape, as well as stationary media such as hard drives, and even portable devices. Data encryption in turn, creates a need for secure and highly available encryption key lifecycle management. That lifecycle is the crux of the matter though. Companies often deploy separate encryption and key management systems for different business uses, such as laptops, storage, databases and applications, and until now, cumbersome — often manual — efforts were necessary to generate, distribute, vault, expire, and rotate encryption keys. This is as much an industry failing as it is an evolutionary challenge. This has resulted in increased costs for IT, difficulty meeting audit and compliance requirements, and sometimes lost data - or worse, lost business. Previously, HP (with its own Secure Key Manager Appliance) and other vendors have addressed this market with vendor-specific and incompatible key management solutions. This array of incompatible solutions from industry has resulted in varied customer hesitation and challenges in deploying encryption solutions to different devices and applications. This additionally increases costs for HP client products supporting encryption, as custom adapters must be developed for each key manager to provide for only limited interoperability.
HP began work on this Key Management Interoperability Protocol (KMIP) with EMC/RSA, Thales, and IBM in late 2007 under the sponsorship of the HP Security Office and the HP Secure Advantage program, and is now helping move the completed work to OASIS. Engaging the industry in the formalization of this work as a standard, anticipated for OASIS release later this year, is the critical next step. Seagate, LSI and Brocade have joined for the announcement, and we hope and expect that other major industry participants will rally around the OASIS formalization effort.
As this standard is adopted and deployed, HP will be able to address our customers’ Key Management interoperability challenges with interoperable solutions which implement this new standard, both in the Key Management server arena, and also in key management clients, such as StorageWorks products, PC Clients, Handhelds, Databases, and Applications. In a great example of Pan-HP cooperation, HP Secure Advantage together with the HP Security Office, HP StorageWorks and HP Labs collaborated to deliver HP’s leadership and contributions to this effort. HP will continue to work with the industry, through OASIS, as this effort moves forward in HP towards industry products and solutions.A joint press release regarding this effort can be found here: http://www.hp.com/hpinfo/newsroom/press/2009/090212xa.html
Further information on OASIS can be found here: http://www.oasis-open.org
The specification and supporting documents can be found here: http://xml.coverpages.org/KMIP/
Posted
02-14-2009 12:16 AM
by
ArchieReed