IBM® Security Key Lifecycle Manager — formerly Tivoli Key Lifecycle Manager — centralizes, simplifies and automates the encryption key management process to help minimize risk and reduce operational costs of encryption key management. It offers secure and robust key storage, key serving and key lifecycle management for IBM and non-IBM storage solutions using the OASIS Key Management Interoperability Protocol (KMIP).

IBM Security Key Lifecycle Manager helps customers meet regulations and standards such as the Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA) by providing centralized control and management of encryption keys.

IBM Security Key Lifecycle Manager:

  • Provides centralized, simplified, and transparent key management through the secure storage of key material and the serving of keys at the time of use
  • Offers simple, secure integration between data-at-rest storage systems and IBM Security Key Lifecycle Manager with the industry-standard KMIP protocol
  • Reduces key management costs by automating the assignment and rotation of keys
  • Helps address regulations such as PCI-DSS, which call for strong protection of encryption keys and control of the processes that manage them
  • Reduces operating costs, speeds implementation and enables interoperability with wizard-based assistance that guides administrators through a series of simple, task-based screens

Provides more efficient, simplified, consolidated and transparent key management

  • Manages the lifecycle of keys by automating the creation, import, distribution and back-up of keys
  • Enables key generation and distribution from a centralized location
  • Groups devices into separate domains for simpler key management and supports role-based access control of administrative accounts

Offers simple secure integration between IBM storage systems and IBM Security Key Lifecycle Manager

  • Designed to provide cryptographically proven, end-to-end security for key serving
  • Keys are never readable outside of the encryption hardware and keys are only delivered to known devices through secure protocols
  • Provides automated replication for high-availability deployments
  • Supports Federal Information Processing Standard (FIPS) 140-2 Level 1 and offers users the option to use FIPS 140-2 Level 3 validated hardware to enhance key security

Reduces key management costs

  • Optimizes existing security, high availability, disaster recovery and server investments, and can simplify complex key distribution
  • Offers consolidated management of keys across domains and supports standards that extend management to IBM and non-IBM products, including data warehouses, cloud storage devices, network storage devices and smart meters
  • Offers improved availability and support for disaster recovery by working with a wide variety of clustering, replication and failover implementations
  • Scales to support many target encrypting devices
  • Provides automated key replication with up to 20 clones

Certified Communications

  • Certified with the Storage Networking Industry Association Secure Storage Industry Forum (SNIA-SSIF) as compliant with version 1.2 of the OASIS KMIP standard

Reduces operating costs, speeds implementation and enables interoperability with wizard-based assistance

  • Allows administrators to quickly configure integration with multiple KMIP- and IPP-compatible devices
  • Provides an administration welcome page that delivers critical notices, including information about last backups, available protocols, and integrated devices
  • Offers a web-based GUI that helps ease key configuration and management tasks, including automating key provisioning, rotating keys and destroying keys