Encryption: NeoScale expands API for key management

By Ann Silverthorn

—NeoScale today announced expanded API support for its CryptoStor KeyVault platform, in addition to an evolution of its Global Key Management solution. The company's vision includes standard protocols to deliver unified key management across systems, which would automate processes, maximize productivity, and increase data security when sharing sensitive data across the enterprise.

"Users should be able to plug any encryption device or application into the network and have management services automatically delivered to it by a network of key management platforms working together to deliver key management services," says Dore Rosenblum, vice president of marketing at NeoScale. "Standards are the way to have that goal come to fruition."

The CryptoStor KeyVault key-management appliance features NeoScale's new standards-based API, PKCS#11, which enables systems to access encryption and key management from a secure platform. PKCS#11 support allows organizations to scale multi-vendor encryption products while using consistent key-management services. The API integrates with other CryptoStor KeyVault features, such as centralized key policy administration, key lifecycle management, secure key storage, key sharing, and auditing.

"PKCS#11 doesn't replace the need for a standard API, but it takes advantage of what is available today," says Rosenblum. "We're working with standards bodies and expect a standard in 2008."

NeoScale has been working with standards organizations to drive standards for key-management interoperability. One of those organizations is the recently chartered Institute of Electrical and Electronics Engineers (IEEE) P1619.3 committee, which is focusing on standards that will regulate key manager to key manager and key manager to encryption endpoint communication.

NeoScale favors the use of a key-management service network rather than vendor-specific key-management solutions. Such a network would connect multiple key managers and encryption endpoints, including tape, disk devices, and backup applications. When key-manager and encryption endpoints communicate, they can take advantage of the following services:

  • Consistent key-policy administration, such as re-keying and retention policies;
  • Flexible policies to manage vendor-specific encryption attributes for endpoints;
  • Automated key-lifecycle management from key creation through deletion;
  • Secure key sharing, for authorized inter-organizational information sharing;
  • Secure, hardened key archiving;
  • Centralized key auditing to meet compliance obligations.

Awareness of the importance of encryption key security and key management is on the rise according, to Rosenblum.

"TJX's recent proxy statement included disclosure about an exposed encryption key," says Rosenblum. "Encryption is making the news."

This article was originally published on April 03, 2007