Without KMIP (Key Management Interoperability Protocol), you’d have a much harder time dealing with all the CRUD[1] associated with dealing with encryption key management.  Bold words, we know, but that has been the driver for the Organization for the Advancement of Structured Information Standards (OASIS) since the KMIP standard was first released in 2010.

Remember that the whole point of using public encryption algorithms is to be able to provide quantifiable secrecy, ensuring the confidentiality of our data.  To that end, modern cryptography is based on Kerckhoffs’s principle:

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

This means protecting keys at rest, in use and in transit.  KMIP addresses this by defining a comprehensive protocol for the communication between EKM (Enterprise Key Management) and encryption systems.

To that end, Unbound Security is an active participant of the OASIS KMIP Technical Committee, helping to shape the standards that will facilitate interoperation between vendors.  We will be at RSA this year running a KMIP compliant server, demonstrating interoperability with clients from P6R, Kryptus, Cryptsoft and Quintessence Labs in the OASIS KMIP Interop Booth #1601.

Demonstrating interoperability between these products live at the RSA conference each year reinforces the reality of choice for CIOs, CSOs and CTOs, enabling products from multiple vendors to be deployed as a single enterprise security solution that addresses both current and future requirements.

-Tony Cox, OASIS KMIP Technical Committee Co-Chair and Interoperability Event Lead

Expect to see demonstrations representing the full key management life-cycle including the creation, registration, location, retrieval, deletion, and transferring of keys and certificates between KMIP compliant systems.

So, why are we geeking out here?  The drive towards the adoption of cloud-based systems and the accelerating requirement to protect data at rest is driving the use of reliable encryption for storage via standardized interfaces, enabling the flexibility of multi and hybrid cloud solutions.  By abstracting key management tasks from applications, KMIP enables vendor agnostic solutions.

Encryption is the foundation of any security model for data at rest.  Keys are the foundation of the foundation, so encryption is only secure as your key management.  Loss of keys means loss of sensitive data.  Unifying key management interfaces and operations is why standards like KMIP and vendor interoperability testing has such high visibility now and will continue to do so in the future.

[1] Create, Read, Update and Delete, the four atomic functions of persistent storage