CA today unveiled key-management software that helps automate the storage and distribution of encryption keys for multi-vendor tape encryption purposes.
CA Encryption Key Manager is z/OS-based software (it also runs on Linux, Unix, Windows and Solaris platforms) that can support the IBM TS1120 and TS 1130 tape encryption devices as well as the CA Tape Encryption subsystems from the same interface. According to CA's director of storage product marketing Stefan Kochishan, CA intends to add support for other vendor tape-encryption methods in the future.
"This product will manage the keys," Kochishan says. "If there's a call for centralization of management of either public or private keys, that can be done. You can also set up key stores in various sites and those sites will be updated when there's a change. It's full life cycle key management."
CA Encryption Key Manager will also interface with security systems that include IBM RACF, CA ACF2 for z/OS, and CA Top Secret for z/OS for public/private key and digital certificate storage.
CA Encryption Manager allows tracking and monitoring of encryption keys and digital certificates as well as deletion once a key is no longer used, Kochishan notes. Changes are propagated via SSL-encrypted TCP/IP. The goal is to let IT managers more easily share encryption keys across business units or with outside business partners.
Peoples United Bank in Bridgeport, Conn., has been beta-testing the CA Encryption Key Manager for the past month. Mark Depathy, senior infrastructure engineer there, indicated it has simplified key distribution for business-to-business tapes and other uses. "It's something that gives you real-time key distribution," Depathy says, adding it allows for a common database related to keys.
CA Encryption Key Manager, available now, starts at $16,000.