By Ann Silverthorn
—Addressing enterprise demand for scalable key management, Decru this week introduced a new key-management platform, the Lifetime Key Management (LKM) 3.0 Appliance. LKM first debuted in mid-2003 as a software solution deployed on Decru's DataFort storage security appliances. As an appliance, LKM can scale to handle more keys from multiple encryption appliances.
"Previously we used the secure hardware in our DataFort appliances or clusters to provide the security environment for our software-based key management package," says Kevin Brown, vice president of marketing for Decru. "Now we're handling larger deployments dealing with hundreds of nodes, and they need a fabric to manage their keys."
Brown explains that financial backing from Network Appliance has made it possible for Decru to support very large enterprises, such as those found in banking, insurance, software development, online services, electronic commerce, media, and the life sciences.
Large enterprises face the challenge of operating proprietary key management systems for many different legacy and newly acquired storage systems. Outsourcing causes a problem also. Banks, in particular, often outsource their printing, billing, and customer call centers. Further, when two companies merge, they have to consolidate disparate types of encrypting methods, sometimes with legal implications, says Brown.
"If a judge tells a company that it has 48 hours to go back 10 years in the archives and pull data, companies have to be able to find the right key to the right data," says Brown "That's a big risk, and if you want an idea of the cost of not producing data, go ask Morgan Stanley: It cost them $1.4 billion in the Sunbeam litigation."
LKM is third-generation key-management software that is installed on a hardened appliance. Each appliance can handle 100 encryption appliances and more than 10 million keys with all associated metadata and configuration data. Decru built in high-availability clustering, so up to 16 appliances can be clustered to centrally manage up to 1,000 encryption devices. Each LKM appliance includes redundant hard drives, a cryptoprocessor, motherboard, and memory.
The LKM appliance is designed for FIPS 140-2 Level 3 physical security. It controls administrative access by two-factor authentication, role-based access controls, and smart-card quorum requirements for sensitive operations.
The appliance also automates key generation, replication, archiving, recovery, and sharing. It provides centralized key management across all DataFort encryption appliances and supports NAS, DAS, iSCSI SAN, Fibre Channel SAN, and tape environments.
Other encryption vendors include CipherOptics, Fortiva, Maxxan, and Nexsan. Another encryption vendor, Kasten Chase, ceased operations last week after poor earnings and lack of a buyer forced it into bankruptcy.
In other news, Decru announced the OpenKey Partner Program, which provides a business and technology framework for development of standards-based, multi-party encryption solutions. Symantec and Quantum have joined the program as charter members.
Additionally, FileNet and Decru have combined FileNet's P8 platform and the DataFort storage security appliances to enable user-transparent, granular encryption by document groups, selectable security policies, and secure lifecycle management for virtually any type of content.
Decru's LKM appliance will be available in the third quarter. Decru declined to discuss pricing.