Key encryption standard readied
A group of vendors are to put their collective muscle behind the adoption of an encryption standard that promises to smooth security processes across different parts of the enterprise infrastructure.
In development for the best part of a year and known as the Key Management Interoperability Protocol, the initiative is being backed by Brocade Communications Systems Inc, HP Co, IBM, LSI Corp, RSA, Seagate Technology and the nCipher arm of Thales.
The aim is to standardise the encryption procedures that are used to secure email systems, databases, storage subsystems and other elements of the enterprise IT architecture using a single protocol for communication between enterprise key management services and encryption systems.
To date IT shops will often deploy separate encryption for different business uses, resulting in cumbersome and often manual efforts to generate, distribute, vault, expire, and rotate encryption keys.
This scenario only leads to increased costs for IT, provides challenges when it comes to meeting audit and compliance requirements, and can lead to lost data, the group suggested.
Analysts argue that enterprise security groups are demanding strong key management systems and that advancing this work through the open standards process offers tangible benefits for vendors, developers and enterprises alike.
Being able to encrypt and retain access to data requires that encryption keys be generated and stored. To date, organisations deploying encryption have not been able to take advantage of interoperability across encryption and the key management systems.
The companies intend to submit KMIP to OASIS, the Organisation for the Advancement of Structured Information Standards, for advancement through its open standards process.
Key operations supported by KMIP include generation, submission, retrieval, and deletion of cryptographic keys.