Sun Fights Storage Encryption Battle Against HP, IBM, RSA3:37 PM EST Tue. Feb. 17, 2009
Sun Microsystems on Tuesday unveiled its new data encryption key management technology and sent it to the open-source community, thereby challenging a separate industry effort for control of storage encryption technology.
Sun said it has released the first generic communication protocol between an encryption key manager and encrypting devices into an open-source community.
Sun is releasing its KMS Open Source API, which has been in development at least 18 months, to open source, said Piotr Polanowski, group manager of storage product marketing at Sun.
The API lets partners write applications that can encrypt data to Sun's Key Management Station, an appliance that automatically creates, manages and destroys encryption keys for data storage, Polanowski said.
"The API allows more multiple devices from multiple manufacturers to interface with our products," he said. "It's open to all manufacturers to use, including our competitors."
However, many of those key competitors last week unveiled a rival specification for enterprise key management on storage devices.
They include Brocade, Hewlett-Packard, IBM, Seagate, LSI, Thales and EMC's RSA division, which are participating in the Key Management Interoperability Protocol, or KMIP.
KMIP was developed by HP, IBM, RSA and Thales as a joint specification for enterprise key management aimed at simplifying how companies encrypt and safeguard data.
Sun's KMS Open Source API and the KMIP APIs are different methods for making it easier for multiple companies to write to the same data storage encryption keys, Polanowski said. And it is a big deal for both camps, he said.
"The major driver of KMIP is IBM," he said. "Whoever controls the standard controls the spoils."
Many of the vendors involved in the KMIP security initiative also work with Sun on its KMS API, including HP and IBM with their LTO-4 tape drives as well as RSA, Polanowski said.
When asked why Sun is not a part of KMIP, Polanowski responded by saying one could also ask why KMIP didn't join Sun's efforts. "We developed our API," he said. "Joining KMIP would require us to revamp our efforts."
The IEEE 1619.3 committee has been working to codify a single standard for data encryption, but has not yet done so, Polanowski said.
A Sun executive chairs the IEEE, he said. "But it is a highly political process as much as it is a technology process," he said. "I cannot speak for the committee about what they will do."