Key Management Takes Center Stage for Storage

DALLAS -- Storage Networking World -- Microsoft, Sun, and IBM added flesh to the bones of their security stories here this week, ramping up their efforts around key management for encryption and CDP.

With firms under increasing pressure to keep their data secure, encryption has become a must-have technology in many organizations. Despite this pressing need to lock down data, users have nonetheless been calling for better interoperability from security and storage vendors around managing the keys that actually control the encryption.

"That's the same thing that we're hearing from customers," said Ted Kummert, corporate vice president of Microsoft's data and storage platform division, who gave a keynote presentation here Wednesday. "In the next release of SQL Server, SQL Server 2008, we're adding support for out-of-the-box key management," he told Byte and Switch, adding that this will be available in the second quarter of 2008.

Microsoft key management will allow users to store the encryption keys for data held on the SQL database on other vendors' key management solutions, according to the exec, who would not say which partners Microsoft is working with.

Kummert used his keynote to announce that the vendor's Data Protection Manager (DPM) disk backup product will be released to manufacturers this week. "What we're announcing is that we're basically done with the product," he said, explaining that general availability will be sometime next month. "It's ready and it's going to market."The initial version of DPM, which forms the CDP component of Microsoft's Systems Center product line, was characterized as "a respectable first attempt at a disk-to-disk backup application" by reviewers last year, although the vendor has since added a set of new features that will be part of DPM 2007.

Whereas DPM 2006 could only protect data on file servers, for instance, DPM will cover Microsoft virtual servers, Exchange, SQL, and Sharepoint applications, according to Kummert. "It's one product to manage multiple applications," he noted, explaining that OEM partners such as HP, Quantum, and Fujitsu are building applications on top of DPM.

More key management news came from encryption specialist NeoScale, which took the wraps off a pair of integration "tool kits" for its KeyVault appliances this week. The two tool kits essentially open up the KeyVault APIs to potential disk and tape library partners.

Sun also is focusing on key management. The vendor recently underwent another reorganization of its storage business. Like encryption vendors NeoScale and Decru, Sun has already opened up its key management APIs, but now the vendor is going a stage further.

"We're also talking about open-sourcing all the key management code," says Dave Kenyon, vice president of storage product management at Sun. "It will allow people to develop technologies that will interface easily with our code."The exec, who recently took over from Nigel Dessau as Sun's storage marketing chief, explained that the vendor is keen to open up the encryption key management tied to its tape libraries.

This is particularly important to smaller vendors that typically want "to move quickly" to write their encryption applications to Sun's own software, Kenyon said.

Open source has become something of a Sun mantra over the last few years, with the vendor recently throwing its weight behind the open source Xen hypervisor, and releasing the source code for a number of its NAS technologies earlier this year.

These moves followed the vendor's decision to open up its core Solaris operating system nearly three years ago, something which is seldom far from the vendor's marketing spiel.

Although he did not get into specifics, Kenyon explained that Sun is already talking to rival vendors with competing encryption systems in order to pass keys. "We will announce, early next year, at least one, maybe two, that we will support immediately," he said.IBM also talked key management this week. During a demonstration of disk-drive encryption, conducted with LSI and Seagate, IBM said it intends to build on the Java-based technique that manages encryption keys for its LTO 4 tape drive, the TS1120. Spokespeople said IBM has had "the best year ever" for tape, partly due to including key management.

IBM intends to build on this success by incorporating the key store, key server protocol, and key lifecycle management technology behind the TS1120 into software that supports more peripherals from IBM and other vendors. Eventually, it will be integrated with IBM mainframe and RACF policy-governing software and integrated at the high end of the product line with IBM Sysplex technology.Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.