Key Management Interoperability Protocol (KMIP)
Leading Organizations Unveil New Interoperability Specification for Encryption Key Management to Aid IT Security, Compliance and Data Recovery
Brocade, EMC, HP, IBM, LSI, Seagate, and Thales Work to Remove Barriers to Encryption Across Data Center Systems by Submitting New Specification to OASIS
February 12, 2009.
Brocade, HP, IBM, LSI, RSA — The Security Division of EMC, Seagate, and Thales (formerly nCipher) today announced the creation of a jointly developed specification for enterprise key management that is engineered to dramatically simplify how companies encrypt and safeguard information. The companies — leaders in enterprise computing, storage, and security — developed the Key Management Interoperability Protocol (KMIP) in response to customers' needs to enable the widespread use of encryption. The companies intend to submit KMIP to OASIS (Organization for the Advancement of Structured Information Standards) for advancement through the organization's open standards process.
KMIP was developed by HP, IBM, RSA, and Thales to meet the compelling needs of today's enterprise data centre environments, with Brocade, LSI, and Seagate joining the effort. All seven companies will now be devoting time and resources to OASIS for ongoing development.
According to IDC , 44 percent of enterprises plan to encrypt more than 75 percent of their data by 2009, and one of the top two issues related to deploying encryption is the ability to recover the data .
"The use of encryption is widely recognized as the best method for protecting valuable information and enabling compliance with industry and government regulations," says Charles Kolodgy, research director at IDC. "Time and time again, our research shows the primary barrier to the widespread use of encryption is the fear that encrypted data will be lost — slowing the adoption of encryption. Users are demanding strong key management systems and advancing this work through the open standards process offers tangible benefits for vendors, developers and enterprises alike."
Companies often deploy separate encryption and key management systems for different business uses, such as laptops, storage, databases and applications, and until now cumbersome — often manual — efforts were necessary to generate, distribute, vault, expire, and rotate encryption keys. This has resulted in increased costs for IT, difficulty meeting audit and compliance requirements, and lost data.
"The IT community is asking for open standards and interoperability to help meet the increasing demand for encryption," says Laurent Liscia, executive director of OASIS. "We applaud Brocade, HP, IBM, LSI, RSA, Seagate, and Thales for choosing to advance KMIP through the open standards process, and we encourage others in the security community — both users and providers — to participate in the standardization of this very important work."
Developed by leading enterprise storage, systems and security vendors, KMIP is designed to provide a single, comprehensive protocol for communication between enterprise key management services and encryption systems. Brocade, HP, IBM, LSI, RSA, Seagate, and Thales are committed to delivering KMIP-enabled solutions. By taking advantage of KMIP-enabled software and devices, companies will be able to cut operational costs and reduce risk by removing redundant, incompatible key management processes.
Streamlined key management is essential in a wide variety of data management processes. For example, the data recovery process requires locating encryption keys quickly even for tapes created weeks or months earlier. At the same time, this efficiency must not impact the security of keys or violate corporate policies regarding how keys are stored and distributed . KMIP enables vendors to address this need for enterprise-wide key management, providing customers with better data security and decreased expenditures on multiple key management products and operations.
KMIP is the first specification for enterprise key management that is ready for adoption. It was developed to support other industry standardization efforts and is complementary to application-specific standards projects such as IEEE 1619.3 (for storage needs) and OASIS EKMI (for XML needs).
About the Key Management Interoperability Protocol (KMIP)
KMIP enables key lifecycle management. KMIP can be used by both legacy and new encryption applications, supporting symmetric keys, asymmetric keys, digital certificates, and other "shared secrets." KMIP offers developers templates to simplify the development and use of KMIP-enabled applications.
KMIP defines the protocol for encryption client and key management server communication. Key lifecycle operations supported include generation, submission, retrieval, and deletion of cryptographic keys. Vendors intend to deliver KMIP-enabled encryption applications that support communication with compatible KMIP key management servers.
More information can be found at: http://xml.coverpages.org/KMIP/.
EMC Corporation (NYSE: EMC) is the world's leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information. Information about EMC's products and services can be found at www.EMC.com.
EMC Canada (http://www.EMC2.ca), headquartered in Toronto with nine offices from coast to coast, is a wholly owned subsidiary of EMC Corporation.
Brocade (Nasdaq: BRCD) develops extraordinary networking solutions that enable today's complex, data-intensive businesses to optimize information connectivity and maximize the business value of their data. For more information, visit http://www.brocade.com.
HP, the world's largest technology company, simplifies the technology experience for consumers and businesses with a portfolio that spans printing, personal computing, software, services and IT infrastructure. More information about HP (NYSE: HPQ) is available at http://www.hp.com/.
For more information, please visit www.ibm.com.
LSI Corporation (NYSE: LSI) is a leading provider of innovative silicon, systems and software technologies that enable products, which seamlessly bring people, information and digital content together. The company offers a broad portfolio of capabilities and services including custom and standard product ICs, adapters, systems and software that are trusted by the world's best known brands to power leading solutions in the Storage and Networking markets. More information is available at http://www.lsi.com.
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle — no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance and access control, data loss prevention, encryption & key management, compliance and security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit http://www.rsa.com and http://www.emc.com.
Seagate is the worldwide leader in the design, manufacture and marketing of hard disk drives and storage solutions, providing products for a wide-range of applications, including Enterprise, Desktop, Mobile Computing, Consumer Electronics and Branded Solutions. Seagate's business model leverages technology leadership and world-class manufacturing to deliver industry-leading innovation and quality to its global customers, with the goal of being the time-to-market leader in all markets in which it participates. The company is committed to providing award-winning products, customer support and reliability to meet the world's growing demand for information storage. Seagate can be found around the globe and at http://www.seagate.com.
For more information about Seagate's Self-Encrypting Drive security solutions, visit http://www.sedsecuritysolutions.com.
Thales is a leading international electronics and systems group, addressing defense, aerospace and security markets worldwide. Thales's leading-edge technology is supported by 22,000 R&D engineers who offer a capability unmatched in Europe to develop and deploy field-proven mission-critical information systems. To this end, the group's civil and military businesses develop in parallel and share a common base of technologies to serve a single objective: the security of people, property and nations. The group builds its growth on its unique multi-domestic strategy based on trusted partnerships with national customers and market players, while leveraging its global expertise to support local technology and industrial development. Thales employs 68,000 people in 50 countries with 2007 revenues of € 12.3 billion. See: http://www.thalesgroup.com.
Erin Collopy, HP
Tel: +1 (408) 390-6783
Michelle Lindeman, Brocade
Tel: +1 (408) 333-5319
Liz Harris, Thales
Tel: +44 (0)1223 723612
Brian Garabedian, LSI
Tel: +1 (408) 433.8253
Jenn McManus-Goode, RSA
Tel: +1 (781) 515-6313
Leigh Ann Schmidt, IBM
Tel: +1 (914) 766-1362
David Szabados, Seagate
Tel: +1 (831) 439-2859
Prepared by Robin Cover for The XML Cover Pages archive. See also:
- KMIP (Draft) Specification
- The Cover Pages news story 2009-02-27: "OASIS Members Form Key Management Interoperability Protocol (KMIP) Technical Committee"
- Additional information in the "Cryptographic Key Management" Topic Document OASIS Key Management Interoperability Protocol (KMIP) Technical Committee
- KMIP TC Charter and Call for Participation
- The earlier OASIS KMIP Technical Committee Proposed Charter