Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Key Management with OASIS KMIP

Published byGabriel Lange Modified over 5 years ago

Similar presentations

Presentation on theme: "Enterprise Key Management with OASIS KMIP"— Presentation transcript:

1 Enterprise Key Management with OASIS KMIP
RSA Conference 2018

2 What does KMIP do? Key Material & Metadata Transport Security Applications or Appliances KMIP Key Management Server Create, Register, Locate and Retrieve Encryption Keys & Security Objects Supports Symmetric Keys, Asymmetric Keys, Certificates, etc. Much more than just add, modify & delete Many extended services: Encrypt, Decrypt, Signing, Split-Keys etc. Rich metadata for essential cryptographic management The KMIP specification includes an incredibly broad range of capabilities for full lifecycle management of security objects, with almost unlimited extensibility through a flexible, yet interoperable attribute model. 46 Operations (much more than just add, modify & delete) enables Security Appliances/Applications to perform tasks including: Encryption, Decryption, Authentication, Certification, Signing, Verification and Split-Key operations. 9 Object types catering for many more security objects include: Certificate, Certificate Request, Opaque Object, PGP Key, Private Key, Public Key, Secret Data, Split Key, Symmetric Key 54 Attributes to represent information (meta-data) about each Object under management

3 KMIP 2018 RSA Interop Demonstration
Over the last month implementations from these vendors have undergone a rigorous Interoperability testing process to prove the latest additions to the KMIP Specification and deliver true multi vendor interoperability. It is this rigor that ensures conformant implementations meet the aims of the KMIP Technical Committee and the expectations of the market If you have not already seen a demonstration from at least one of these members, please ask for a demonstration at the conclusion of this presentation.

4 KMIP RSA 2018 Test Results 9 KMIP TC members 17 implementations
8 Client Implementations 9 KMIP Technical Committee members testing 17 implementations 8 Client Implementations 9 Server Implementations Over 33,000 successful test runs 72 Test combinations across 4 encodings 9 Server Implementations Over 33,000 successful test runs 72 Test combinations 4 encodings

5 KMIP Deployed in Solutions
KMIP solutions are deployed across in all industry sectors, delivering management of security objects for: Cloud Storage Identity Management Financial systems Automotive Healthcare Provisioning and supply chain PKI Communications Authentication Defense

6 KMIP Deployed by Organizations
Many organizations are relying on KMIP to ensure management and visibility of their security object It remains the default standard for full lifecycle security object management

7 KMIP Specification Development
Enterprise Requirements Specification Development Being part of the OASIS KMIP TC enables vendors to more quickly bring their customers’ requirements to the standards development process. The enterprise requirements drive the Specification development which Drives the Product Testing which is fed back into the enterprise Product Deployment Specification Testing

8 KMIP and HP  HPE  Micro Focus
Originator and supporter of KMIP development since 2009 One of 4 founders authoring the original draft 0.1 spec 8 years participation in the annual OASIS KMIP interop Implemented KMIP across entire HPE Storage portfolio Largest enterprise deployments of KMIP clients/servers

9 Micro Focus Security Enterprise Secure Key Manager
Key management for enterprise servers, storage, apps Atalla AT1000 Payments HSM FIPS Level 3, highest PIN processing performance Voltage ArcSight Fortify NetIQ

10 Enterprise Secure Key Manager
High-assurance key protection for encryption applications OASIS KMIP Server Centrally manage enterprise keys Reliably separate keys from data Automate and simplify operations Integrates large IT ecosystems Full range of storage, server and software clients KMIP standard qualified partners Features at a Glance Trusted: FIPS validated and CC certified Reliable: 1U redundant hardware Available: active-active 8-node clustering Scalable: largest enterprise and geographic deployments Interoperable: industry-standard KMIP versions 1.0 – 1.4, 2.0

11 Security & business continuity with market-leading interoperability
Enterprise Secure Key Manager Security & business continuity with market-leading interoperability HPE ProLiant Servers with built in Secure Encryption HPE StoreOnce Backup HPE 3PAR StoreServ (Disk and All-Flash Array) HPE StoreEver Tape Libraries Enterprise Secure Key Manager Partner SDKs KMIP Clients HPE XP7 High End Storage x8 Connected MX Openstack Barbican BackBox Virtual tape NonStop Servers

12 OASIS KMIP standard: Open interoperability for partners
ESKM leads in compliance for application interoperability StoreSafe virtual appliance Network proxy-based solution BACKBOX for NonStop Virtual Tape Controller Storage solutions Filer Systems (NSE Appliances) SDKs Enterprise Secure Key Manager x 8 SDKs VSP and HUS High-end storage systems VM Encryption and vSan Data at Rest Encryption Openstack Barbican Big Data / NoSQL Encryption Database

13 ESKM KMIP Partner Program
Open to all vendors/organizations supporting KMIP ESKM KMIP test server access, joint solution qualification No other costs or fees Benefits Mutual interoperability certification and support Customer integration/installation guide Joint co-branded solution brief Ongoing new release test access

14

Download ppt "Enterprise Key Management with OASIS KMIP"

Similar presentations

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
SODA Archiving October 2013

SODA Archiving October 2013
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,

1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,
4/23/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/23/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
1© Copyright 2016 EMC Corporation. All rights reserved.1 SCALEIO WITH CLOUDLINK.

1© Copyright 2016 EMC Corporation. All rights reserved.1 SCALEIO WITH CLOUDLINK.
Clouding with Microsoft Azure

Clouding with Microsoft Azure
PERFORMANCE TECHNOLOGIES A.E. June 2017

PERFORMANCE TECHNOLOGIES A.E. June 2017
AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.

AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.
Univa Grid Engine Makes Work Management Automatic and Efficient, Accelerates Deployment of Cloud Services with Power of Microsoft Azure MICROSOFT AZURE.

Univa Grid Engine Makes Work Management Automatic and Efficient, Accelerates Deployment of Cloud Services with Power of Microsoft Azure MICROSOFT AZURE.
MICROSOFT AZURE ISV PROFILE: BMC SOFTWARE

MICROSOFT AZURE ISV PROFILE: BMC SOFTWARE
TOPdesk Service Management Software on Azure

TOPdesk Service Management Software on Azure
Avenues International Inc.

Avenues International Inc.
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
Microsoft Azure-Powered BlueCielo Meridian360 Portal Improves Asset Data Integrity and Facilitates Secure Collaboration with External Stakeholders MICROSOFT.

Microsoft Azure-Powered BlueCielo Meridian360 Portal Improves Asset Data Integrity and Facilitates Secure Collaboration with External Stakeholders MICROSOFT.

Similar presentations

Ads by Google