Web 2.0 security company CertiVox has released SkyKey, a hosted encryption key management service. The product gives developers a tool for enterprise-level encryption key management that does not involve proxies and certificates, "cumbersome" PKI infrastructure, or manual scripting.
White PapersMore >>
- SaaS and E-Discovery: Navigating Complex Waters
- SaaS 2011: Adoption Soars, Yet Deployment Concerns Linger
NOTE: SkyKey is supplied as an API, with an optional SDK for added flexibility. Developers can use the API and/or the SDK to embed SkyKey into their applications. The SkyKey SDK is open source and can be freely downloaded.
Where file transfer or collaboration applications need security provisioning, the firm says that this is not a "1-to-1 or static" scenario. Variable numbers of users have constantly changing degrees of access to constantly evolving folders across multiple devices (PC, smartphone, tablet) and may join, depart, or rejoin at any time.
Traditional security approaches, such as PKI, simply cannot scale to these levels, says SkyKey, because the management of the security certificates and encryption keys involved is a highly manual process.
SkyKey is an Infrastructure as a Service (IaaS) solution that promises developers an option to embed encryption key management into systems, communication layers, and applications, in a way that scales and grows automatically.
Brian Spector, CEO, CertiVox, commented: "Why do you never see a bank using a file-sharing service to communicate with you? Because vendors of these and many other cloud services can't get around the technical problem of providing encryption key management that is secure, scalable, automatic, and meets their customers' legal on-premise requirement. SkyKey certainly addresses these needs, but its impact will go much, much further. PKI won't be able to address the Internet of Things, for example, come 2015, unless it finds a way to automatically manage encryption keys. That way is SkyKey."