At the MarkLogic World user conference the company has announced it has licensed Key Management Interoperability Protocol (KMIP) technology from Cryptsoft. The goal is to integrate the technology into MarkLogic 9 which has just gone into customer preview.
The announcement builds on the announcement of new integration and security features in MarkLogic 9. By integrating Cryptsoft KMIP technologies, MarkLogic is looking to make the management of encryption keys simpler. The current complexity is leading to an increase in data leakage which it claims in its press release is costing businesses $160 billion per year.
According to David Ponzini, senior vice president, Corporate Development and Marketing, MarkLogic Corporation: “Cryptsoft is the true steward of KMIP. The company was an early proponent of the standard, continues to drive its evolution, and implements the standard in the way it was meant to be—without additional complexity or cost.”
What is the problem with key management?
As companies begin to store data in multiple locations such as their existing systems and the cloud, they are faced with the problem of having multiple key management solutions in place. This creates several problems for operations and security teams. For example data ending up unencrypted because it is moved to a location where the administrator has no access to the local key management system to ensure data is protected. Another issue is where the key management solutions are cloud-based where the IT department has to integrate with the systems provided by the cloud provider.
Any risk of unencrypted data creates the real risk of data being stolen by hackers or even internal staff. As we get closer to the start date for the GDPR, stolen data threatens to cost companies a lot of money. On top of this there are other compliance issues which could see other regulators look to fine a company for failing to protect its data properly.
How will this work?
According to the press release, MarkLogic intends to deploy the Cryptsoft KMIP technologies as a set of SDKs inside MarkLogic 9. What is isn’t saying at the moment is whether that will include it delivering a number of built in integrations to common key management products on the market. Customers will not want to have to do all the heavy lift in order to write bespoke code themselves. This could just open up a new market for MarkLogic partners to deliver integrations as add-on solutions.
While this is designed to deal with data at-rest it does raise two questions over features announced for MarkLogic 9. The first is whether this will be integrated with the new MarkLogic Ops Director? It would certainly make sense for it to be part of the management tools but with the product only just going into Preview it may be some time before we can begin to answer that question.
Another question to be asked is if this will be integrated with the new Optic API? MarkLogic is claiming that it will speed up queries especially with other products. If data is to be taken from different sources which may well be encrypted there will be a need to pass the keys between programmes. One way would be to allow developers to call the SDKs that are using the Cryptsoft KMIP technologies. This would prevent developers hardcoding keys in their code which is a security risk.
Key Management has become a hot potato as companies struggle to protect data stored across a range of different storage technologies. Each storage vendor has their own solution and as cloud providers push further into the storage market they are struggling to deploy multi-tenant key management solutions. By embedding the Cryptsoft KMIP technologies into MarkLogic 9 this is an attempt to simplify key management.
We won’t know just how well this will work until we see the various beta releases of MarkLogic 9 over the next few months. What will be interesting is how much MarkLogic wants to leave to customers own developers, how many integrations MarkLogic delivers built into the product and which partners see this as an opportunity.
For those inside companies charged with protecting their data assets there will be a lot of interest in any solution that promises better and simpler security.