Happy New Year and Key Management

First and foremost, Happy 2008 to all. Hope it is profitable and satisfying in many, many ways.

A comment on my NeoScale blog from Jon Toigo (whose own blog drunkendata.com never fails to amuse, challenge or provoke) asked about my take on key management where all the discussion is on encryption.

Key management is fundimental to the management of encrypted data. Encryption is, of course, very much in the news since information "in clear" has been so much at risk. The most recent report is the IRS managed to lose unencrypted tapes of part of their database. They no longer use tape, but a secure PDF. How easy it would have been to shoulder the small performance penalty and encrypt...the lack of a key would have rendered the tapes useless to any except someone with a usable key.

Key management facilitates authorization, denial of authorization, key tracking, key ownership and other information essential to securing stored data. There is some question on where the key management should be placed. Storage encryption is typically a private key creature, and some recommend on storing the key at a closest possible point to the data. Some, as NeoScale did, used an appliance in the data path to accomplish key management.

My only problem with the variety of key management solutions is that you can't leverage your one solution for multiple kinds of encryption at multiple locations. When a sensible solution for centralized key management comes up, that will really be good news. The management of data is fully as important as the repository for it, and key management is just another element of overall data management. But the proprietary nature of private key encryption will continue to require multiple key management tools for some time to come.