EMC: RKM 2.5 (RSA Key Manager Suite) Simplifies Use of Encryption
RSA, The Security Division of EMC Wednesday announced enhancements to RSA Key Manager Suite (RKM), its enterprise encryption key management system designed to manage encryption keys at the application, database, and storage layer. With new integrations and server-side management features, RKM 2.5 can help lower the total cost of ownership associated with encryption by giving administrators strong control over the vaulting and management of keys from one central location. RSA Professional Services now also offers a new Tokenization Service that is engineered to extend RKM by enabling the use of tokens to mask and protect sensitive data.
Adding to Industry-Leading Interoperability with New Integration Partners
RSA Key Manager is designed to simplify the ongoing operational headache associated with encryption by providing enterprise key management across multiple encryption points in the enterprise including tape/virtual tape, disk, databases, and applications. The latest offering includes direct integrations with two new technology partners, Brocade and Sun. These integrations are built with a direct communication between the key management server and the devices performing encryption, eliminating the need for unnecessary software layers:
Data Center Fabric-based Encryption Solutions:
Data center storage switches and blades, offered through EMC Connectrix technology and leveraging RSA Key Manager technology, re-direct traffic from servers and applications to encryption services and to back-end storage. These solutions offer a scalable and innovative approach to fabric-wide encryption for data-at-rest within the data center.
- Brocade 32-port standalone encryption switch
- Brocade 16-port encryption blade for DCX family
Native Tape Encryption:
- Sun StorageTek LTO-4 Tape Drives
These integrations build on RKM’s industry-leading interoperability, which includes existing integrations with EMC PowerPath path management software, EMC Connectrix SAN switches, Cisco MDS switches, the Advanced Security option for Oracle Database 11g Enterprise Edition, and Quantum and IBM LTO-4 tape drives.
New Features Help Improve Security and Reduce the Time and Cost Associated With Encryption
Encryption environments can often include many different application clients and devices performing cryptographic functions. Managing the permissions (i.e. the ability to encrypt, decrypt, generate keys, etc.) of these clients is often complex and time consuming, and can vastly increase the operational overhead associated with managing the encryption process. RKM 2.5 simplifies this as it is designed to allow granular control of permissions for each device or application in the system from a central location. This reduces overhead associated with multiple key management silos and gives greater control to administrators.
Key managers are also responsible for maintaining audit activities to ensure compliance. Compliance rules require that companies maintain a log when keys are generated, rotated, or expired, and administrators often bare the burden of ensuring these functions are performed. RKM 2.5 is now engineered to capture and logs more detail on encryption operations, leading to easier and less costly audits. In addition, server-side searching, and meta-data editing increases usability and allow for keys to be tagged for easy retrieval, which comes in handy when a specific piece of information needs to be decrypted.
RKM 2.5 is also designed to increase security by centralizing the vaulting and controlling of keys. Administrators can now rotate and delete keys centrally to ensure security requirements are met. This allows administrators to take action quickly if a key is compromised. RKM also includes a centralized key vault with automated replication and failover to ensure that keys are backed up and available at all times.
RSA Key Manager helps reduce the complexity of managing encryption by enabling a centralized policy-based approach to key management, governing access to keys, sharing of keys, expiration of keys, shredding of keys, and all other aspects of key life cycle management.
According to Tim Stanley, CISO at Continental Airlines, RKM has helped the company with its compliance initiatives. “Enterprise key management is an extremely important piece of any good security infrastructure, said Stanley. RSA Key Manager provides us with centralized control of keys to ensure that encryption is handled properly and that keys are available over the long-term.
New Tokenization Integration with RKM 2.5
RSA is also announcing the availability of Data Tokenization Services for RSA Key Manager, available now as a packaged offering from RSA Professional Services. For many applications, tokenization offers a strong alternative to encryption for the protection of sensitive data.
Tokenization is designed to allow for data-masking without changing the underlying format of the data, and provides security without substantial operational changes to the application infrastructure. For example, credit cards stored in a database will maintain a sixteen digit field length but applications and users without access to the RKM token server would interact with the masked version of the data. This is a valuable feature for customers who need solid protection of sensitive data without significant operational complexity. Currently implemented with several large enterprise organizations, RSA Tokenization Services is engineered to integrate with RKM to provide encryption of sensitive data and centralized management of tokens.
RKM 2.5 and Tokenization Services are generally available worldwide now.