Zettaset Unveils Encryption Management Console

Zettaset today added a management console to its portfolio that promises to simplify managing encryption on an end-to-end basis via integrations with third-party key managers that comply with the key management interoperability protocol (KMIP).

KMIP defines a set of message formats for the manipulation of cryptographic keys on a key management server that was first published in 2010 by the OASIS standards organization.

Tim Reilly, CEO, Zettaset said the Zettaset Encryption Management Console enables the centralization of encryption management at a time when it is being more widely employed. The challenge is no longer necessarily encouraging organizations to employ encryption, but finding a way to manage it in all its forms, Reilly added.

Using the Zettaset Encryption Management Console, it now becomes simpler to enforce encryption policies across an extended enterprise, including after data is shared externally with a third party, Reilly said. As those processes evolve, it then becomes simpler to centralize the management of encryption within the context of a larger DevSecOps workflow, Reilly added.

Not long ago, encryption use was fairly limited. However, when Amazon Web Services (AWS) and others began promoting “encrypt everything” as a DevSecOps best practice, more organizations began encrypting data by default. At the same time, a much larger number of regulatory compliance mandates required encryption. Finally, many digital business transformation initiatives assumed that all the data being accessed is encrypted. Not surprisingly, from a management perspective, all that encryption can wind up being too much of a good thing.

Now, after more than 10 years, Reilly said it’s only a matter of time before every platform supports the KMIP. In addition to Zettaset, other supporters of KMIP include Hewlett-Packard Enterprise (HPE), VMware, Trend Micro, Oracle, NetApp and IBM. In the longer term, however, Zettaset still plans to add integrations with key managers that have proprietary interfaces.

While encryption is a critical cybersecurity tool, it’s not a panacea. Whenever a system is stolen, goes missing or a set of credentials are compromised, it’s still possible for cybercriminals, posing as a trusted insider, to access encrypted data. However, encryption does make data useless to cybercriminals that try to hack their way into a system or share data that has been stolen from another system.

It not clear yet how many enterprise IT organizations will make KMIP a corporate standard. However, in the interest of not becoming locked into one encryption platform, most enterprise organizations have a vested interest in KMIP. The primary challenge, to date, is that adoption of encryption hasn’t been broad enough to warrant enforcement of an open standard. Now, however, there’s a lot more encrypted data moving across platforms as the enterprise IT environment becomes more extended. As usage of encryption continues to increase, it’s becoming clearer that open interoperability encryption standards are a much more pressing concern.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 746 posts and counting.See all posts by mike-vizard