- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - The annual RSA Conference, now in its 20th year, will be rocking this month as the security industry gathers in the weeklong extravaganza of product introductions and security experts arguing cloud and mobile computing security issues.
Industry executives stepping into the limelight at the show will include Scott Charney, Microsoft's corporate vice president for trustworthy computing. Charney will be posing the idea of a "collective defense for Internet health" that might involve a new type of computer check-up to detect botnet or other malware code, and what might be social and political implications. The Pentagon's deputy secretary of defense, William Lynn, is expected to speak about the Defense Department's cybersecurity strategy — and ask for assistance from industry to develop technologies against adversaries trying to get into sensitive networks.
Other keynote speakers will be Enrique Salem, president and CEO of Symantec; Bill Veghte, executive vice president, software and solutions, enterprise business at HP, expected to discuss what HP will be doing to innovate with its recent acquisitions of ArcSight and Fortify; and Tom Gillis, Cisco's vice president and general manager, security technology business unit, likely to discuss Cisco's security strategies in mobile and cloud computing.
But far from the hoopla, the RSA Conference — which began two decades ago as a modest gathering of cryptography experts invited to a conference of their peers organized by what was RSA Data Security (now part of EMC) — still remains a place to explore some of the latest thinking about public- and private-key encryption.
And this year a good place to start would be at the Oasis KMIP Interoperability Demonstration, where members of the industry group Organization for the Advancement of Structured Information Standards (OASIS) will be demonstrating secure communication of key-management information across vendor product boundaries using products based on the OASIS Key Management Interoperability Protocol v. 1.0.
KMIP is an industry specification developed by OASIS participants, including IBM, HP, EMC/RSA and nCipher (acquired by Thales), among others, for policy-based centralized control over "cryptographic material, public/private keys, certificates, all kinds of materials with cryptographic keys that need to be managed," says Robert Haas, manager of storage systems research at IBM's Zurich Research Lab.
Managing encryption keys, wherever used in storage and database systems, servers and hosts, or elsewhere, has always been hugely difficult — and the complexity has sometimes been called "the Achilles' heel of cryptography," Haas adds.
The KMIP v. 1.0 specification appears to be the best shot so far to create a standard for multivendor interoperability in key management, Haas points out. The demonstration at the RSA Conference will show how it's possible to do tasks such as generate keys, locate existing keys, and retrieve, register and delete keys across vendor client/server boundaries using products from SafeNet, Emulex, RSA/EMC, Cryptsoft, IBM, HP and High Density Devices.