Sun Offers Free Encryption Key Software

Sun is offering to give away its encryption key management software interface for nothing. Customers with devices that encrypt data will be able to interoperate with a Sun key management system freely.

Customers need a key management system (KMS) for every different manufacturer’s encrypting devices. Currently KMSes are proprietary and non-standard.

The big encryption players are EMC with RSA, NetApp with Decru, IBM, Sun, Quantum and NeoScale. However all LTO4 tape devices have encryption, and this brings in HP, Tandberg, Overland Storage, SpectraLogic, etc.

Nigel Dessau, Sun’s SVP for storage marketing and business ops, blogged, “We believe in 3 years you will not be able to buy a storage device without encryption in it (whether you turn it on or not); When you have encryption you might as well turn it on (when you left the house this morning did you lock all the doors and windows or just the ones the bad people can see?). There will not be one key management solution. It’s a heterogeneous world and that means multiple key management solutions.”

Sun thinks that a need for multiple key management systems will hinder the adoption of encryption. There has to be a way to pass keys from system to system. As in our offices and houses, we may, we do, have different keys but they can be stored in one place; so it is with encryption keys. They should logically be stored in one place and fetched by any encrypting device as needed.

Dessau blogged: “So—here is my offer. If you have a solution that needs a key management solution, you can have ours for free! Yes, we are willing to give our KMS away to partners who want to think about customers and not ‘lock-ins.’ We want to share and swap APIs so we can share and swap keys.”

He had to add a rider to his blog in case readers thought he was offering the complete crypto appliance for free: “Actually the legal team has asked me to point out that this means that we will freely share our APIs which are how the KMS talks to an encryption device.”

This offer is of a piece with Sun giving away Solaris and other software freely to try and drag along Sun hardware sales in the software’s wake. Sun has recently experienced a drop in tape library sales. It must be quite worried by this, as the tape business is the bedrock of Sun’s storage sales. The KMS API for free offer could reflect that, as Sun will be keen to remove impediments to future sales.

There is an IEEE encryption KMS standardization initiative—IEEE-P1619, which was approved in February. Supporting and contributing suppliers include Brocade, Decru, Emulex, HP, IBM, LSI, CypherMax (MaXXan as was), NeoScale, Quantum, RSA/EMC, Seagate, Sun, Verisign and others.

NeoScale says the committee “is focusing on standards for regulating key manager to key manager and key manager to encryption endpoint communication.”

NeoScale promotes the use of a key management service network to connect multiple key managers and encryption endpoints such as tape, disk devices and backup applications. These plug into a key management service network and should communicate using standard protocols to deliver unified multivendor key management services. Its CEO, Barbara Nelson, said: “With this, customers can deliver key management services to any application and any device in any environment.”

Sun supports this concept and doesn’t want customers locked in: “I suspect customers don’t want too many [KMSes], but they don’t want one either—unless you just want to be locked into IBM mainframes [through ICSF]. … At Sun StorageTek we have a KMS today. Long term we may not want to be in the KMS business, and it would be nice to work with the other leading solutions that our customers have to make life easier. The issue is, no one wants to play nice.”

You might think it a bit rich for Dessau to badmouth other encryption vendors since they are working with Sun in the IEEE P1619 project. He added: “Now we need the rest of the industry to come and play nice too. Sun is working hard with other suppliers and even competitors to drive towards a universal language for key management that will get us to where we need to be.”

-Chris Mellor, Techworld.com