Thales launches standards-based encryption key management appliance

On Tuesday, information and communications security vendor Thales announced the pending release of Thales Encryption Manager for Storage (TEMS). TEMS is something new to the world of key management in IT, and it has a bit of a history. TEMS is the first appliance to support OASIS KMIP, as well as IEEE P1619.3.

TEMS is the first standards-based key manager available with draft IEEE P1619.3 key management standard support and will support the final specification, due out early 2010. Subsequent releases will also support the recently announced OASIS KMIP key management standard.

Earlier this year, the Organization for the Advancement of Structured Information Standards (OASIS), headed by IBM, Thales, HP, and EMC, with support from Seagate, Netapp, LSI, and Brocade, proposed a standardized encryption management specification known as KMIP (Key Management Interoperability Protocol).

Organizations have a desire to deploy encryption across the enterprise, explains OASIS in a KMIP FAQ. They often deploy separate encryption for different business uses – laptops, storage, databases, and applications. In general, enterprises have a lack of confidence that, once encrypted, IT managers will be able to actually recover the encrypted data when they’ll need to.

"As data breaches continue to embarrass companies and incur real costs, security initiatives have naturally focused on the storage infrastructure. The use of encryption within the switching fabric, back-up tapes, drives, arrays, and host adapters is rapidly becoming essential for safeguarding sensitive information, but many organizations are concerned about reliability and data recoverability issues," says Jon Oltsik, senior analyst with Enterprise Strategy Group.

KMIP looks to solve this issue by offering interoperability across encryption and key management systems. The primary focus is to offer a way to standardize communication between encryption systems that need to consume keys, and the key management systems that create and manage them.

“KMIP enables the industry to have any encryption system communicate with any key management system. Through this interoperability, enterprise will be able to deploy a single enterprise key management infrastructure to mange keys for all encryption systems in the enterprise that require symmetric keys, asymmetric keys pairs, certificates and other security objects,” OASIS documentation explains.

TEMS, available in July, Thales said, will support legacy or proprietary key management interfaces to provide storage managers the flexibility to utilize encryption at various points within their storage environments and to take advantage of pre-certified integration with their preferred storage systems.