IBM® Security Key Lifecycle Manager—formerly Tivoli Key Lifecycle Manager—centralizes, simplifies and automates the encryption and key management process to help minimize risk and reduce operational costs. It offers robust key storage, serving and lifecycle management for IBM and non-IBM storage devices.
IBM Security Key Lifecycle Manager helps meet regulations and standards such as the Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA). It supports the OASIS Key Management Interoperability Protocol (KMIP) standard.
IBM Security Key Lifecycle Manager:
- Provides more efficient, simplified, consolidated and transparent key management through centralized storage of key material in a location designed for security and serves keys at the time of use.
- Offers simple, secure integration between IBM storage systems and IBM Security Key Lifecycle Manager, which provides strong protection of data and encryption keys.
- Reduces key management costs by automating the assignment of keys and rotation of keys.
- Helps address regulations such as PCI-DSS, which call for strong protection of encryption keys.
Provides more efficient, simplified, consolidated and transparent key management
- Manages the lifecycle of keys by automating the creation, import, distribution and backing up of keys.
- Centralizes key generation and distribution.
- Groups devices into separate domains and allows multiple administrators with different roles and permissions to be defined.
- Integrates centralized directory servers for role-based access control.
Offers simple secure integration between IBM storage systems and IBM Security Key Lifecycle Manager
- Designed to provide cryptographically proven, end-to-end security for key management and serving.
- Keys are never readable outside of the encryption hardware and keys are only delivered to known devices.
- Provides automated replication for high-availability deployments.
- Supports Federal Information Processing Standard (FIPS) 140-2 Level 1 and offers users the option to use FIPS 140-2 Level 3 validated hardware to enhance key security.
- Aligns with NIST SP800-131a for recommended minimal key sizes.
Reduces key management costs
- Optimizes existing security, servers, high availability and disaster recovery investments, and can simplify complex key distribution.
- Offers consolidated management of keys across domains and supports standards that extend management to IBM and non-IBM products.
- Offers improved availability and support for disaster recovery by working with a wide variety of clustering, replication and failover implementations.
- Provides automated clone replication that can clone up to five copies, and be configured to do automated backups of the master.
- Supports customers who wish to leverage Cryptographic Erasure as described by NIST SP800-88 for end-of-life media disposal.
Helps address regulations such as PCI-DSS
- Provides encryption as an optional layer of protection to help reduce the scope of audits.
- Demonstrates strong and auditable key management practices.
- Supports external log storage for historical analysis of key usage.
- Provide proof-of-encryption information.