By Marty Foltyn
In the vast exhibit halls of last week’s RSA Conference, Cyber (aka cybersecurity) was the mantra. With customers asking for confidence in the encryption and protection of enterprise data, attendees found proven interoperability in the OASIS booth where developers of the OASIS Key Management Interoperability Protocol (KMIP) showcased their support for new features.
OASIS (Organization for the Advancement of Structured Information Standards) is a nonprofit consortium that drives the development, convergence, and adoption of open standards for the global information society. The OASIS KMIP TC works to define a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications, including email, databases, and storage devices. The resulting Protocol, its profiles, and test cases are defined by the OASIS KMIP Technical Committee. By removing redundant, incompatible key management processes, KMIP provides better data security while at the same time reducing expenditures on multiple products.
Tony Cox, OASIS KMIP Technical Committee Co-Chair and Interoperability Event Lead, stressed that “The OASIS 2016 Interop is a small window into the reality of proven interoperability between enterprise key managers, HSMs, cryptographic devices, storage, security and cloud products. The interoperability demonstration helped to reinforce the reality of choice for CIOs, CSOs and CTOs, enabling products from multiple vendors to be deployed as a single enterprise security solution that addresses both current and future requirements.”
Tony Cox is also the Chair of the SNIA Storage Security Industry Forum, and five SNIA SSIF member companies showcased interoperable products using the OASIS KMIP standard — Cryptsoft, Fornetix, Hewlett Packard Enterprise, IBM, and Townsend Security.
SNIA provides a KMIP Conformance Test Program that enables organizations with KMIP implementations in their products to test those products against test tools and other products at the SNIA Technology Center in Colorado Springs, Colorado. According to SNIA’s KMIP Test Program Manager David Thiel, the KMIP Test Program provides independent verification from a trusted third party that a given KMIP implementation conforms to the KMIP standard. Verification gives confidence to both vendors and end users of KMIP solutions that a product will interoperate with other similarly tested KMIP products. KMIP support has become a prerequisite requirement for organizations looking to acquire storage and security key management solutions.
For vendors with a product that supports KMIP, having the product successfully complete SNIA’s KMIP Conformance Test Program is the best way to instill customer confidence. Any organization with a KMIP implementation can test in the SNIA’s vendor-neutral, non-competitive environment. For KMIP Server testing, the vendor places the Server in the SNIA Technology Center and trains the KMIP Test Program staff on its use. For KMIP Client testing, the vendor connects the Client over the Internet to the test apparatus at the SNIA Technology Center or installs the Client in the SNIA Technology Center. The KMIP Test Program staff then tests the Server or Client and reports results to the vendor. All information regarding vendor testing and test results is confidential until the vendor releases successful test results for publication.
To date, products from Cryptsoft, Hewlett Packard Enterprise, and IBM have successfully passed KMIP Conformance Tests. Test results can be found on the KMIP Conformance Testing Results page. Visit the KMIP Test Program to learn more.