• United States



Contributing Writer

IBM: An Encryption Key Management Leader

Sep 09, 20102 mins
Cisco SystemsData and Information SecurityIBM

Standards-based architectural approach is a sign of things to come

While many folks were sunning themselves at the beach this past summer, IBM introduced some pretty important security technology, the Tivoli Key Lifecycle Manager (TKLS). Basically, the TKLS products are designed to create, manage, secure, and store encryption keys as a service.What so special about this? First, key management is one of those IT security disciplines that will go from relatively esoteric to an enterprise requirement in the next year or so. Why? More and more data is being encrypted each day so key management is becoming increasingly important. Stolen encryption keys could compromise the confidentiality of sensitive data while lost encryption keys could transform critical data into meaningless 1s and 0s. Pretty soon, all large enterprises will have something resembling TKLS. As far as IBM TKLS goes, it looks good to me because:1. It is one of the first products built with the KMIP standard. The Oasis Key Management Interoperability Protocol(s) is at the heart of TKLS. IBM has already tested TKLS interoperability with key management products from HP, RSA, and SafeNet. This gives distributed organizations the ability to create a federated key management architecture without mandating one vendor technology or another.2. IBM took an architectural approach. Yes, TKLS is mainly linked to storage encryption today, but the product is built with other encryption in mind (laptops, file systems, databases, applications, etc.). By offering TKLS support on System z, IBM will gain a beach head at large organizations who will then build a TKLS architecture from the data center to the distributed network.3. TKLS is a comprehensive solution. Many key management systems are built for symmetric key management alone. Alternatively, TKLS is designed for management of symmetric and asymmetric keys as well as digital certificates. Again, enterprises will appreciate this more complete solution.In general, neither key management or TKLS will get much visibility or industry recognition — key management is just a bit too geeky for most IT folks. Nevertheless, next-generation cloud computing will depend upon ubiquitous trust and data security. IBM gets this more than most. Think of TKLS as its part of its security plumbing for a smarter planet.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author