RSA Security announces Key Manager

RSA Security this week announced Key Manager, server-based software for managing encryption keys used in business applications.

The Java-based Key Manager software includes APIs so that developers can make program calls to either new or legacy applications that require encryption of sensitive data both at rest and in transit. RSA Key Manager is intended to centrally manage symmetric encryption keys used in different enterprise applications, and retire compromised or lost keys.

Accor North America, which operates 1,200 hotel properties across North America and Canada, including the Novotel, Red Roof Inn and Motel 6 chains, plans to using Key Manager as the foundation for encrypting sensitive customer data.

“This is going to allow us to seamlessly integrate encryption of our consumer credit-card data and other confidential information,” said Harvey Ewing, Accor North America’s senior director of IT security.

Ewing said his company is dedicating almost half a million dollars this year toward the effort to encrypt data using the Advanced Encryption Standard and SSL so that critical customer data will be encrypted in database storage and in transit. Accor North America uses encryption in some applications today but the addition of Key Manager would bring end-to-end use of strong encryption to its chain of hotels.

One of the driving forces behind this large-scale security effort is the Payment Card Industry (PCI) Data Security Standard, backed by the major card-payment associations, that includes encryption of sensitive payment data.

“We have to meet the PCI standard,” said Ewing. The credit-card companies, including MasterCard and Visa, have made adherence to PCI, which includes data encryption of card information, a requirement. Independent auditors will periodically check for adherence to PCI.

The RSA Key Manager can also leverage the RSA ClearTrust access-management software and functions out of the box with the RSA BSAFE Data Security Manager, according to RSA’s marketing manager Chris Parkenson.

RSA Key Manager, available later this month, will only support symmetric-key encryption in the first version but there are plans to develop it for use with public-key encryption in the future.