Professional Documents
Culture Documents
IBM Security Key Lifecycle Manager
IBM Security Key Lifecycle Manager
Data Sheet
Highlights
Simplify, centralize and automate the
encryption-key management process
Business data is growing at exponential rates, and along with that growth
comes a demand for securing that data on-premises and in the cloud.
Enterprises have responded by implementing encryption at various
layersin the hardware, on the network and in applications. This
response has resulted in a series of encryption silossome of them
holding confidential customer datawith inconsistent approaches to
managing security, keys and domains.
Different applications across the enterprise often employ different methods of encryption. Some departments dont encrypt data while the data is
at rest (such as when it is stored on a device or in a database) but only
when the data is in motion, using techniques such as Secure Sockets
Layer (SSL), Transport Layer Security (TLS) or virtual private networks
(VPNs) to secure the data pipeline. Other departments may encrypt particular data fields such as credit card numbers but leave other data in the
clear. Finally, some departments may use different encryption systems to
comply with specific standards or regulations, such as the Payment Card
Industry Data Security Standard (PCI DSS), Sarbanes-Oxley or the
Health Insurance Portability and Accountability Act (HIPAA).
Key management for these encryption approaches is often similarly
fragmented. Sometimes key management is carried out by department
teams using manual processes or embedded encryption tools. In some
cases, there is no formal key-management process in place.
IBM Security
Data Sheet
These keys have their own lifecycles separate from the data
theyre protectingand these lifecycles have to be managed,
from initialization and activation through expiration and
destruction. IBM Security Key Lifecycle Manager can help
you better manage the encryption key lifecycle, allowing
you to simplify, centralize and automate your organizations
key-management processes and reduce operational costs.
Together with innovative IBM self-encrypting storage offerings,
IBM Security Key Lifecycle Manager offers a proven solution
that can address concerns when a tape cartridge or disk drive is
removed from the storage system and transported in-house or
off-site. Lost storage media is not uncommon and brings with it
enormous direct and indirect costs for those who lose sensitive
information. With IBM System Storage self-encrypting offerings and IBM Security Key Lifecycle Manager, users no longer
have to worry about losing sensitive information if storage
media goes for repair, becomes misplaced or is stolen.
Additionally, support for the latest KMIP standard allows
IBM Security Key Lifecycle Manager to manage encryption
keys not only for IBM self-encrypting storage devices, but also
for a number of non-IBM encryption solutions, hence enabling
efficient management of encryption keys for the entire
organization.
IBM Security
Data Sheet
Disk
Tape
Servers
Smart meters
IBM Security
Data Sheet
IBM Security Key Lifecycle Manager can be applied at different levels to simplify key management while meeting the
unique needs of your organization:
In addition to strong authentication, there is also strong security between the storage device and IBM Security Key Lifecycle
Manager. Temporary session keys are used to encrypt the
encryption key and all of the traffic to the device.
IBM Security
Data Sheet
The GUI also enables administrators to implement key retention for backed-up data and to address rules for regulatory compliance and legal discovery. In case of disaster, administrators
can provide a set of keys that can unlock encrypted backups and
make them available for use again. Administrators can configure
rules for automated rollover of groups of keys so that new
encryption keys are used automatically based on a configurable
schedule. In this way, administrators can limit the amount of
data encrypted with particular keys, minimize exposure when a
key is compromised and facilitate erasure of data by deleting
relevant keys when data is set to expire. The end result of
this automation is the ability to configure automated key
assignments over time such that the operations team has to
interact with key management very infrequently.
Why IBM?
IBM has designed IBM Security Key Lifecycle Manager to help
your organization implement a unified key-management strategy that can help better secure your data, with performance you
need to support your critical business functions. Built on open
standards such as KMIP, the solution enables flexibility and
facilitates vendor interoperability. Its intuitive interface enables
quick time to value, while its innovative approach can help
dramatically reduce the number of keys administrators have to
manage. By enabling centralized management of strong encryption keys throughout the key lifecycle, IBM Security Key
Lifecycle Manager can help minimize the risk of exposure and
reduce operational costs.
IBM Security
Route 100
Somers, NY 10589
Produced in the United States of America
December 2015
IBM, the IBM logo, ibm.com, IBM Spectrum Accelerate, IBM Spectrum
Scale, GPFS, System Storage, System Storage DS, and X-Force are
trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks
is available on the web at Copyright and trademark information
at ibm.com/legal/copytrade.shtml
Netezza is a registered trademark of IBM International Group B.V.,
an IBM Company.
Linux is a registered trademark of Linus Torvalds in the United States,
other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the
United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States
and other countries.
This document is current as of the initial date of publication and may be
changed by IBM at any time. Not all offerings are available in every
country in which IBM operates.
The performance data discussed herein is presented as derived under
specific operating conditions. Actual results may vary.
WGD03087-USEN-00