CA EKM automatically replicates encryption keys across a set of local and dispersed hosts via SSL-encrypted TCP/IP, so that keys can quickly and transparently be recovered in case of a disaster, hardware errors or a system outage. It also automatically enforces policies regarding the change of encryption keys and digital certificates, thereby mitigating the labor and risk associated with manual administration.
As a vendor-neutral solution, CA EKM helps IT organizations avoid being locked into costly standalone hardware or software purchases that could introduce single points of failure or lack the flexibility to meet changing business needs. Because the solution can support both popular IBM tape encryption devices and CA Tape Encryption subsystems from the same interface, CA EKM can streamline customers' approach to this critical issue.*
"As large organizations deploy a myriad of encryption technologies, vendor-specific key management systems can't provide enterprise class security operations or support business continuity objectives, and they often lack functionality that is critical for business enablement -- such as the ability to share keys across the network," said Jon Oltsik, principal analyst at the Enterprise Strategy Group. "CA has responded to this market need with a centralized key management solution that aligns these essential key management requirements with its robust mainframe-based management portfolio."
IT organizations face new encryption key management issues as expanding compliance mandates and growing consumer concerns about privacy drive more rigorous protection of sensitive data. These issues include:
-- The time and effort required to manage keys -- The accuracy with which keys must be distributed to authorized users -- The need to ensure the availability of all keys under any conditions -- The need to credibly document encryption measures to auditors
CA EKM helps customers address these issues and others by providing a single, centralized interface that can be used for any combination of IBM TS1120 and IBM TS1130 tape encryption devices, as well as CA Tape Encryption subsystems.
CA EKM also interfaces with z/OS external security systems such as IBM RACF½, CA ACF2(TM) for z/OS and CA Top Secret½ for z/OS for Public/Private keys, and digital certificates storage. Encryption keys and digital certificates from these sources can be automatically re-imported if they are not found, further accelerating the recovery of encrypted data in the event of a disruption.
"While it is essential for us to safeguard sensitive information through the diligent use of encryption, the loss or accidental corruption of encryption keys is also a significant business risk that we have to mitigate," said Mark Depathy, senior infrastructure engineer at Peoples United Bank. "With CA Encryption Key Manager, we can effectively mitigate this risk while reducing the time and effort required to secure our mainframe environment."
CA EKM integrates with the CA Graphical Management Interface so that users can respond quickly to internal or external auditing requests and validate compliance for events such as certificate generation, key migration, key store synchronization, and key deletion.
By reducing the effort and complexity associated with key management, CA EKM supports CA's broader Mainframe 2.0 initiative -- which is empowering a new generation of IT professionals to effectively and efficiently operate a new generation of IBM mainframes. CA EKM can also be installed and configured with CA Mainframe Software Manager, a key Mainframe 2.0 solution.
"An overwhelming volume of the world's most critical business data continues to reside on the mainframe," said Stefan Kochishan, director of storage product marketing at CA. "With CA EKM, CA is again demonstrating that it is uniquely committed to helping our customers extract even greater value from these workhorse mainframe investments by both enhancing their mainframe's capabilities and reducing their mainframe TCO."
CA EKM is designed in accordance with the guidance for key management set forth in the National Institute of Standards and Technology, document NIST 800-57.
For technical specifications for CA EKM, please visit www.ca.com/mainframe/storage.
* The CA EKM solution utilizes the same base technology for encryption key management. Support for the IBM devices and CA Tape Encryption is made available via two separately licensed components.
CA (Nasdaq: CA), the world's leading independent IT management software company, helps customers optimize IT for better business results. CA's Enterprise IT Management solutions for mainframe and distributed computing enable Lean IT -- empowering organizations to more effectively govern, manage and secure their IT operations. For more information, visit www.ca.com.