Q & U Blog By Quantum

2 June, 2011

Finally – A Standard for Key Management


by Eric Bassier	Tweet

Ever since LTO-4 tape drives came out in 2007, the built-in encryption capabilities of LTO tape drives have helped organizations encrypt the data they store on tape, keeping sensitive information safe once it leaves the datacenter. However, as anyone who has looked at or deployed LTO-based encryption knows, encryption is just the tip of the iceberg. Encryption key management is really where the complexity lies.

Part of the challenge is that there hasn’t been an industry standard for requesting and passing encryption keys over the network – until now.

Last fall, a standards body called OASIS announced the ratification of version 1.0 of the Key Management Interoperability Protocol (KMIP) standard for key management. So what does this mean for companies using or considering encryption?

For one, it will take some time before the industry broadly supports KMIP. Vendors like IBM, RSA, Safenet and Quantum have all announced their commitment to the standard and are now starting to bring KMIP-compliant solutions to market, either in the form of encryption devices (i.e. “clients”) that support KMIP, or KMIP-compliant key servers. Quantum’s Scalar tape libraries will all be compatible with the KMIP 1.0 standard within the next year – which will allow companies to connect their Scalar tape libraries to key servers from other companies that support the KMIP 1.0 standard.

The general idea here is to have one centralized key manager – the repository for all encryption keys that will create, send and manage the encryption keys throughout their lifecycle. This key server will send keys to any KMIP-compliant device that requests a key. The device might be a tape library, or a disk array, or an application that needs a key.

Of course, the roll out of a standard is complex and will take time, but at least the KMIP 1.0 standard is a first step to let companies move toward a centralized key management architecture for their entire datacenter. Ultimately, this will give them more choice and flexibility to deploy the security solution that is right for them, and make things just a bit simpler along the way.

Posted at 10:37 am Encryption and Security, Tape and Scalar | Permalink | Comments (0) | TrackBack ( )


1	The Invention of Lying by Ryan Duffy

2	Cost Comparisons, Part 2: Tape vs. Disk by Steve Whitner

3	The Secret Sauce – DXi2.0 by Mark Galpin

4	Introducing the DXi6701 and DXi6702. Deduplication Without Compromise. by Steve Whitner

5	Introducing DXi Accent: Maximizing Dedupe Efficiency by Dan Duperron

6	Accelerating Dedupe Backup Speed with DXi Accent Software by Steve Whitner

7	Scale-up vs. Scale-out Storage -- Tale of Two Systems by David A. Chapa

8	Encrypting Data on Tape [Part 2] by Eric Bassier

9	Introducing DXi Accent: How It All Works by Dan Duperron

10	Quantum Announces DXi V1000 and Cloud-Based Data Protection Platform by Rob Clark

1	Five Things You Might Not Know about Quantum StorNext by Janet LaFleur

2	David A. Chapa Talks About Quantum Certainty in Media at NAB by David A. Chapa

3	NAB Show: It’s All About the Workflow by Will McGrath

4	The Importance of Data Archiving and Tiered Storage by Team Q

5	Quantum Announces DXi V1000 and Cloud-Based Data Protection Platform by Rob Clark

Finally – A Standard for Key Management

Leave a Reply