Venafi

Venafi OEMs IBM TKLM, Q&A with Jeff Allen

Gregory Webb of Venafi Marketing sat down with Jeff Allen, Venafi VP of Marketing to discuss what the recent announcement that Venafi will OEM IBM Tivoli Key Lifecycle Manager (TKLM) means to Venafi and IBM customers. Here is a transcript of their discussion:

Gregory: What did Venafi and IBM announce today?

• Jeff: We announced that we have entered into an OEM agreement with IBM to include their Tivoli Key Lifecycle Manager (TKLM) product—a fairly new product IBM built to issue encryption keys to their tape systems—in a future Venafi product.

Gregory: How will this benefit Venafi customers?

• Jeff: Venafi is in the business of providing what we call Systems Management for Encryption. Our customers use our platform to manage encryption keys and certificates throughout a number of operating environments. This announcement will allow Venafi to automate the lifecycle management of the symmetric keys used to encrypt data stored on tapes, which is what TKLM does. By tying into the rest of the Venafi platform, Venafi will also offer additional systems management functionality such as discovery, monitoring (auditing, alerts and reporting), management and automation to tape environments.

Gregory: Are there specific areas where Venafi will add value to the stock TKLM product people can by from IBM today?

• Jeff: IBM offers two software products for managing keys used for encrypting data on tapes – Enterprise Key Manager (EKM) and Tivoli Key Lifecycle Manager (TKLM). Both products come from the same codebase, but TKLM has a richer user experience than EKM and a few additional features. Customers we’ve talked to indicate they are being compelled to encrypt data on tapes because of the financial and reputational impact of having to disclose lost or stolen tapes (as required by the breach reporting laws including and inspired by California Senate Bill 1386). Venafi is good at reducing the operational impact of implementing encryption. We see several places our products can complement and extend the great work IBM has done on TKLM to deliver a very compelling offering to the market.

Gregory: How will this affect the IBM sales people who are selling TKLM today?

• Jeff: IBM currently only sells TKLM through its IBM System Storage sales team. Currently, it bundles EKM (which we described above) with every sale, and offers TKLM as an up-sale. This combined product gives IBM customers a third option for efficiently running their IBM tape systems. IBM has told us there are competitive situations where having this option to offer to their customers will be very helpful.

Gregory: Is there a specific scenario you can describe where the Venafi product will help IBM tape customers?

• Jeff: As you know, we aren’t ready to announce specific features the resulting Venafi product will include. There is one maintenance task that Venafi is tailor made to perform for TKLM, however, and that’s certificate management. For enterprise tape customers who use TKLM or EKM today—this includes customers who are using IBM tape drives that support 3590 cartridges (like TS-1120 and TS-1130 drives)—TKLM uses a very clever methodology for key management that includes using digital certificates to encrypt copies of the encryption keys so they can be stored on the tapes. This method introduces a number of perishable certificates into the system that require regular maintenance. If one of these certificates expires unexpectedly, it can cause costly downtime. Automated certificate management is our bread and butter.

Gregory: What does this announcement mean to the industry as a whole?

• Jeff: Venafi has spent a lot of time talking to customers around the world about these problems, and I’ve been especially interested in watching the evolution of people’s understanding of key and certificate management. I think the most fascinating thing about all of this is what it means to the industry discussion around key management specifically. Most of the companies that come to mind when you think about key management either manage keys out of necessity because they sell software that generates encryption certificates or keys or they sell a piece of hardware that performs encryption, and as a result, interacts heavily with keys (I’m primarily talking about storage vendors and HSM vendors). If you start looking at each of these vendors by themselves, you will find that they each see themselves as an enterprise’s sole source for whatever they do, which is why there are still no key management standards out there. Our customers started complaining to us about this problem several years ago with their SSL certificates, and that’s where our patented system for managing multiple certificate authorities from a single central system came from. We’re now hearing customers clamor for a single key management system that will make all of their symmetric key environments work efficiently, and if possible, together. Venafi takes a different approach than anybody else in the key management world, because we don’t sell hardware and we don’t perform encryption. We help our customers look at encryption horizontally, and give them the tools to minimize the operational complexity while gaining the critical regulatory compliance they need, regardless of the operating environment or the encryption system they choose to use.

Gregory: Is this a big market opportunity for Venafi?

• Jeff: According to IDC, there are more than 2 million IBM tape drives that have been sold to date with EKM bundled (meaning TKLM can be used with them).

Gregory: Thanks for your time, Jeff.

• Jeff: My Pleasure

See the official Venafi announcement here: Venafi and IBM Join Forces for Key Management