Nigel Dessau

The Key Is the Key (Management) for Tape

So phase one of the great tape encryption debate is over.

Those who had to do it have done it. Most had to pick sides – us or IBM. Sun provides a solution that is 100% independent of the rest of the customer's data structure – hardware and software. IBM has a solution that fits snugly into an IBM environment. Sun StorageTek's customers chose us and IBM's customers chose them. Some moved from one to another. I am sure we will claim victory and so will IBM but if we are both honest – it's fundamentally a draw. Either way – not as many went as we thought they might. So why?

Well first, let's set some ground rules:

1. We believe in 3 years you will not be able to buy a storage device without encryption in it (whether you turn it on or not);
2. When you have encryption you might as well turn it on (when you left the house this morning did you lock all the door and windows or just the ones the bad people can see?);
3. There will not be one key management solution.

Sorry – what was the last one again?!

There will not be one key management solution in the world. Coming to that understanding is holding most customers up.

Despite what we or anyone else will tell you, we don't believe there will be one key management solution in the world. I suspect customers don't want too many but they don't want one either - unless you just want to be locked into IBM mainframes (through ICSF). It's a heterogeneous world and that means multiple key management solutions. If the world is going to have multiple solutions then we need to have a way to pass keys from system to system.

We believe that without this, the world will be stuck in phase one. Customers are asking about how we will share our keys and make life easier. In the short term, all providers of encryption have their own solution for key management – in response to the urgency of customers' needs. This is not ideal, but a natural part of the evolution of the encryption market.

At Sun StorageTek we have a KMS today. Long term we may not want to be in the KMS business and it would be nice to work with the other leading solutions that our customers have to make life easier. The issue is – no one wants to play nice.

So – here is my offer. If you have a solution that needs a key management solution, you can have ours for free!* Yes, we are willing to give our KMS away to partners who want to think about customers and not 'lock-ins'. We want to share and swap APIs so we can share and swap keys.

Now we need the rest of the industry to come and play nice too. Sun is working hard with other suppliers and even competitors to drive towards a universal language for key management that will get us to where we need to be. Until then – we like everyone else will ship our own solution.

* IP and legal team willing! Actually the team has asked me to point out that this means that we will freely share our APIs which are how the KMS talks to an encryption device. I assume that does not mean we are giving away free KMS appliances. Sorry.

Posted at 12:48PM May 01, 2007 by Nigel Dessau in Sun Storage  |  Comments[2]