HP To Secure Encryption Keys With New Appliance
The HP StorageWorks Secure Key Manager is a secure central location for encryption key management across the enterprise, said Mike Peebles, product manager for HP StorageWorks.
The Secure Key Manager manages encryption keys for LTO-4 tapes. The appliance automates the encryption key management process, Peebles said. "When a tape gets loaded into a tape drive, it knows what key to provide so the tape can be read.
The appliance will be expanded to work with disk arrays and storage switches over time as encryption spreads to those devices, Peebles said. "Some vendors provide appliances to protect tape, but they work only with tape," he said. "We also considered putting our software on a ProLiant server, but we can't validate the security of such a solution."
The Secure Key Manager is a hardened appliance designed for the Federal Information Protection Standard (FIPS) 140-2, and is expected to be certified to that standard in the next six to nine months, Peebles said.
The life of encryption keys is measured in years, requiring long-term accessibility to the enterprise which encrypts its data, Peebles said. To ensure that access, the appliance was designed to work as active-active nodes, with a configuration requiring a minimum of two nodes. The maximum configuration is eight nodes. "So, if there's a catastrophe, customers have the keys in other sites," he said.
When a blank tape is put in the tape drive, the Secure Key Manager writes the key on the tape, Peebles said. As data is transmitted over a Fibre Channel SAN, it is encrypted. Each piece of tape media has a unique ID, and the appliance correlates the tapes and their specific keys. Then, when a tape is put back into a drive, the appliance can find the correct key, he said.
The Secure Key Manager is expected to ship in mid-December with an entry list price of about $100,000, including two nodes.
Rich Baldwin, president and CEO of Nth Generation Computing, a San Diego-based HP solution provider, said the appliance is priced right. "That's a list price, for a clustered appliance," Baldwin said. "It never goes down, and you can replicate the keys. With that price, at street prices customers will probably replicate keys locally and remotely."
Baldwin said that anyone seriously looking at encrypting data knows that if the keys are lost, the data is lost. "When you start looking at who you are going to trust your data with, is it a $20 million startup? Or a big company like HP or IBM," he said. "Customers are looking for piece of mind."