New Encryption Key Management Standard Posited by Vendors
February 24, 2009 Alex Woodie
A group of vendors last week unveiled the Key Management Interoperability Protocol (KMIP), a new encryption key management standard that they hope will solve some the interoperability problems surrounding encryption–namely, making it easier to retrieve encrypted data–which ultimately will lead to greater adoption of encryption. The companies intend to submit KMIP to the standards body Organization for the Advancement of Structured Information Standards (OASIS) for approval.
KMIP is designed to provide a single, comprehensive protocol for communication between enterprise key management services and encryption systems. It was originally formulated by Hewlett-Packard, IBM, RSA Security, and Thales (formerly nCipher), with Brocade, LSI, and Seagate joining the effort.
The use of disparate encryption and key management systems for different types of computers– laptops, databases, application servers, and SANs–has led to confusion, additional costs, and lost data for enterprise IT departments. Without a single standard to work from, administrators had to use different techniques to generate, distribute, vault, expire, and rotate encryption keys for each class of computer.
“Time and time again, our research shows the primary barrier to the widespread use of encryption is the fear that encrypted data will be lost–slowing the adoption of encryption,” says Charles Kolodgy, research director at IDC. “Users are demanding strong key management systems and advancing this work through the open standards process offers tangible benefits for vendors, developers, and enterprises alike.”
With the use of encryption expected to rise, the need for a unified encryption and key management standard solution was crying out to be developed. The hope is that once KMIP is a standard, it will be adopted by vendors of encryption and key management products to address the lifecycle management needs of the symmetric keys, asymmetric keys, and digital certificates that encrypt and decrypt data.