• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • nCipher Brings Key Management Software to i5/OS

    March 6, 2007 Alex Woodie

    nCipher, an English provider of encryption solutions, last week announced that its encryption key management software, called keyAuthority, now supports the i5/OS server. The new capability is the result of collaboration with i5/OS encryption expert Patrick Townsend & Associates, and the primary benefit is allowing System i shops to manage and maintain cryptography keys for local and remote i5/OS servers in the same place that keys for other platforms are managed.

    In the olden days, electronic encryption was primarily the residence of banks and government organizations that required a high degree of data security, says Richard Mould, nCipher’s vice president of marketing. These organizations had large IT staffs, and they learned how to adapt their manual processes necessary to maintain a large number of encryption keys within a secure framework.

    Today, that profile of the typical encryption user is changing, thanks to new legislation such as HIPAA and the Payment Card Industry (PCI) data security standard. According to Moulds, PCI is posing huge challenges to companies in the retail sector. “These organizations just don’t have the bench strength and experience dealing with the technology,” as banks and government institutions do, he says.

    Also driving the need for tools that automate the handling of encryption keys is the changing nature of security, Moulds says. “What’s happening now, rather than making sure if any particular device is secure, it’s making sure the data is secure, because data moves around,” he says. “If data moves around, the key that encrypts it on an AS/400, may need to show up on a Windows box thousand of miles way. The key has to move with the data, so key management isn’t a function of a particular platform–it’s an uberapp, a mothership to look down across platforms. That’s the layer that we provide for Pat Townsend.”

    Technically, the changes that bring together Pat Townsend’s i5/OS encryption products, called Alliance, with keyAuthority, were made by Pat Townsend. “We have a key management protocol,” Moulds says. “Pat has supported that with his product. So the keys used with his encryption software, we can mange remotely.”

    The partners are targeting Pat Townsend customers and other companies facing PCI mandates in the retail sector, an iSeries industry stronghold. In some retail sectors, such as fast food, chains don’t deploy any IT professionals to individual stores, making remote key management from regional or corporate headquarters a high priority.

    KeyAuthority is a relatively new product in nCipher’s arsenal. Most of the publicly traded company’s revenue stems from its cryptographic hardware, called Hardware Security Modules. These FIPS-certified devices offload processor-intensive encryption workloads from primary servers, and also provide another layer of security around encryption keys, which are useless if handled carelessly.

    The problem with keys is they’re natural numbers, meaning they have a natural fingerprint, Moulds says. “These days you don’t try to break encryption by reverse engineering. You don’t try to crack the algorithm. With AES, technically it’s not feasible to crack the algorithm itself. You try to get to the key,” he says. “Finding keys in a software-based system is not difficult. We get around it by utilizing tamper-resistant HSMs.”

    In addition to performing encryption workloads, these HSMs store the encryption keys. They’re essentially epoxy resin-coated “lockboxes that applications go to get the keys,” Moulds says. The HSMs feature PowerPC chips running a proprietary operating system with a “very tight API.” They’re available in two form factors: a smaller, single-server device that plugs into a PCI bus, and a larger network appliance that works with multiple servers.

    In an iSeries environment, organizations would likely rely on Pat Townsend’s software to store and process keys on the iSeries. The HSMs don’t currently work with the iSeries, although that feature should be available soon, according to Moulds. The HSMs are important for employing encryption on other platforms, however.

    An organization typically won’t manage all encryption keys with keyAuthority. Users may choose to store keys for less sensitive applications, such as encryption for e-mail, directly on the end-point that is doing the encryption, Moulds say. But for the most critical and sensitive applications, large organizations rely on keyAuthority for managing and maintaining them, such as monthly key replacement schedule.

    Getting access to the goods within keyAuthority is no simple task. While the product runs on Windows 2000 Server and Windows Server 2003, which Moulds admits are not the most secure operating systems on the planet, nCipher has bolstered security through strong authentication utilizing smart cards and other security tools. The product can also be set up to require, say, three of five managers to log in before keys can be accessed or changed, “just like it takes two generals to fire a nuclear missile,” Moulds says. “In addition to being a security management product, the system itself has to be secure.”

    Another benefit of implementing an encryption key management product like keyAuthority is that it’s easier to achieve separation of duty, an important element of the Sarbanes-Oxley Act. “If you’re going to encrypt a database, you don’t really want the DBA doing that. He’s the super user,” Moulds says. “One of the nice things about encryption from a security perspective is that encryption creates the capability to separate duty.”

    The integration between Pat Townsend’s Alliance software and nCipher’s keyAuthority software is available now. Pricing for keyAuthority starts at about $30,000. The PCI-based HSM starts at about $4,000, while the network-based HSM starts at about $20,000. For more information, visit www.ncipher.com.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    LaserVault

    Integrate Virtual Tape For Better Backups, Faster Recovery, And More Flexibility

    Virtual tape and virtual tape libraries offer a way to both simplify and strengthen backup and recovery operations. By incorporating virtual tape technology, automation of backups becomes possible resulting in hundreds of hours saved annually for IT departments and personnel.

    LaserVault ViTL is a virtual tape and tape library solution developed specifically for use with IBM Power Systems (from AS/400 to iSeries to Power 9s). See a demo and get a $50 gift card.

    With ViTL you can:

    • Replace physical tape and tape libraries and associated delays
    • Automate backup operations, including the ability to purge or archive backups
    • Remotely manage your backups – no need to be onsite with your server
    • Save backups to a dedupe appliance and the cloud
    • Recover your data at lightspeed greatly improving your ability to recover from cyberattacks
    • And so much more

    “The ViTL tapeless solution has truly made my job easier. It has given me more confidence in our full system recovery ability – but at the same time I hope it is never needed.” IBM i Administrator at a financial services company

    Sign-up now to see a ViTL online demo and get a $50 Amazon e-gift card when the demo is complete as our way of saying thanks for your time. Plus when you sign-up you’ll receive a free facts comparison sheet on using virtual tape vs tape so you can compare the functionality for yourself.

    LaserVault.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Bytware:  StandGuard Network Security 3.0, the next generation of System i security
    COMMON:  Join us at the 2007 conference, April 29 – May 3, in Anaheim, California
    Profound Logic Software:  Experience RPGsp - the #1 iSeries Web development tool

    IT Jungle Store Top Book Picks

    The System i Pocket RPG & RPG IV Guide: List Price, $69.95
    The iSeries Pocket Database Guide: List Price, $59.00
    The iSeries Pocket Developers' Guide: List Price, $59.00
    The iSeries Pocket SQL Guide: List Price, $59.00
    The iSeries Pocket Query Guide: List Price, $49.00
    The iSeries Pocket WebFacing Primer: List Price, $39.00
    Migrating to WebSphere Express for iSeries: List Price, $49.00
    iSeries Express Web Implementer's Guide: List Price, $59.00
    Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
    Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
    Getting Started with WebSphere Express for iSeries: List Price, $49.00
    WebFacing Application Design and Development Guide: List Price, $55.00
    Can the AS/400 Survive IBM?: List Price, $49.00
    The All-Everything Machine: List Price, $29.95
    Chip Wars: List Price, $29.95

    IBM Tosses Google Gadgets Into WebSphere Portal Multiple Display Files in One Program

    Leave a Reply Cancel reply

Volume 7, Number 9 -- March 6, 2007
THIS ISSUE SPONSORED BY:

LANSA
Aldon
looksoftware
Maximum Availability
Affirmative Computer

Table of Contents

  • VAI Says ‘No Thanks’ to the Quick Buck
  • Vision Taps SteelEye for Linux HA on iSeries
  • nCipher Brings Key Management Software to i5/OS
  • Business Objects Unveils Two BI Offerings for J.D. Edwards
  • Original Formally Launches TestDrive-Assist
  • Payment Software Now Supports Card-Present Transactions
  • Shield Unveils Enhancements, New Pricing Structure for JobQGenie
  • Seagull’s LegaSuite Now Compatible with CentraSite SOA Repository
  • Sheetz Taps Stampede for Application Acceleration Devices
  • Transoft Brings German RPG-to-.NET Conversion Tool to U.S.

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • COMMON Set for First Annual Conference in Three Years
  • API Operations Management for Safe, Powerful, and High Performance APIs
  • What’s New in IBM i Services and Networking
  • Four Hundred Monitor, May 18
  • IBM i PTF Guide, Volume 24, Number 20
  • IBM i 7.3 TR12: The Non-TR Tech Refresh
  • IBM i Integration Elevates Operational Query and Analytics
  • Simplified IBM i Stack Bundling Ahead Of Subscription Pricing
  • More Price Hikes From IBM, Now For High End Storage
  • Big Blue Readies Power10 And IBM i 7.5 Training for Partners

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.