Storage Management

Activate your FREE membership today  |  Log-in

  • Visit other TechTarget ANZ sites: 
Home  >  Articles  >  Storage Standards Part Three: Key management
Posted
Jan 29, 2008
 |  By:  Rick Cook

Storage Standards Part Three: Key management

Tools: Print article RSS Feeds
Bookmark and Share

PREVIOUSLY: The XAM standard

Three separate standard groups are working on encryption key management standards. The IEEE Security in Storage Working Group (SISWG) 1619 committee, called P1619.3, is focused on storage management. A second key management standard, the Enterprise Key Management Infrastructure (EKMI), is being developed by the Organization for the Advancement of Structured Information Standards (OASIS) consortium and is more general. The third, IETF's Keyprov, is based around a list of best practices for key management and will eventually evolve into a standard according to IETF documents.

As storage security becomes widespread, managing encryption keys--especially those from different vendors' products--has become important. Standards for key management have lagged behind this need.

"As storage vendors, we got behind the curve and stayed behind the curve much longer than we should have," says Blair Semple, education and alliances officer for the SNIA Storage Security Industry Forum (SSIF) governing board and a security evangelist at Decru, a NetApp company.

Software conforming to any of the standards will have the ability to generate keys, store and replicate keys, authenticate keys, archive keys and, finally, destroy keys when they're no longer needed. While SMI-S will include key management starting with tape in Version 1.4, it isn't officially supporting any standards.

"SNIA is not backing any one of these activities, but rather it is watching all of them," says Eric Hibbard, chair of SNIA's Security Technical Work Group and vice chair of the SISWG. "It is true that many of the SNIA member companies are also actively involved with the P1619.3 standardization activity, so it is reasonable to assume that the P1619.3 standard will be better aligned to the needs of the storage industry."

He also notes that there isn't any indication of how these standards will work together. "At this point, the P1619.3, EKMI and Keyprov activities are all producing standards; it is still too early to say exactly how these standards will work together, if at all," says Hibbard.

One of the features of P1619.3 is that while it manages keys centrally, the key repository and management app doesn't have to be in the same place in every enterprise. For example, for some types of applications it may make more sense for the key repository to reside on a switch and for other types of applications it may be best for the key repository to be in the tape drive, says Semple, adding that it will probably take another 18 months before key management that conforms to an industry-wide standard is available in multiple vendors' products.

NEXT: The FAIS standard


© 2010 TechTarget ANZ. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this website constitutes acceptance of the TechTarget ANZ Terms and Conditions and Privacy Policy.

TechTarget ANZ sites: SearchCIO.com.au | SearchNetworking.com.au | SearchSecurity.com.au | SearchStorage.com.au | SearchVoIP.com.au

WF Online community sites: ElectricalSolutions | ElectronicsOnline | FoodProcessing | InMotionOnline | LabOnline | ProcessOnline | RadioComms | SafetySolutions | SustainabilityMatters | Voice&Data

Copyright © 2010 Westwick-Farrow Pty Ltd. All rights reserved.
About Us | Contact Us | TechTarget