Thales e-Security Blog

KMIP: The Cure for the Common Key Management Headache

Kristina Cairns
Kristina Cairns More About This Author >

In many organizations, the proliferation of encryption deployments has been directly proportional to the rise in disparate key repositories, and associated key management headaches. The Key Management Interoperability Protocol (KMIP) represents a cure to this common malady. Read on to learn more about the standard and why its usage is starting to see explosive growth.

KMIP: The Cure for the Common Key Management Headache

The Promise of KMIP

Since it was first conceived in 2007, the KMIP standard has promised to help organizations address a critical challenge: How to contend with the proliferation of keys generated by disparate encryption tools and technologies. In the years that followed, the use of encryption has seen dramatic growth, which has only served to intensify the need for a standard-like KMIP.

KMIP provides a standard means of communications between encryption systems and key management services. By leveraging KMIP, an organization can use a single platform to manage keys from different vendors encryption technologies. As a result, KMIP enables organizations to centralize and unify their key management platforms and workflows.

KMIP’s Evolution

Over the past decade, substantial resources have been invested in optimizing the KMIP standard, helping enhance implementations and expand capabilities. The first release of KMIP, version 1.0, came out in 2010. Since then, several releases have been published.

Release 1.4 of the standard, published November 2017, streamlines the portability of keys between different servers. Plans for 2.0 are taking shape and future releases are expected to deliver expanded security functions.

Thales eSecurity: Supporting KMIP from the Start

From day one, Thales has been integrally involved in shaping the KMIP standard. Thales was one of the four original vendors participating in the development of KMIP, and Thales representatives have held senior positions on the OASIS KMIP technical committee since its inception.

With its leading solutions and KMIP expertise, Thales has emerged as a vendor that’s ideally qualified to help customers maximize the advantages of KMIP.

Vormetric Data Security Manager Leverages KMIP

The Vormetric Data Security Manager (DSM) from Thales is a leading solution for centralizing key management. The DSM centralizes management and policy for all Vormetric Data Security Platform products, including Vormetric Transparent Encryption and Vormetric Application Encryption. Further, the DSM offers complete support for the KMIP standard, so organizations can manage keys for KMIP-compliant third-party encryption technologies.

DSM Fueling Expanding KMIP Deployments

In recent years, the use of the DSM in customers’ KMIP deployments has grown rapidly. In addition, the solution continues to support an increasingly broad array of deployment types as well.

Early KMIP implementations were predominantly in the storage arena, where self-encrypting drives of storage vendors were creating an urgent demand for centralized, unified key management. Today, however, customers are using the DSM to support KMIP implementations across a broad range of technologies, including hyperconverged and virtualized infrastructures and next-generation databases.

In addition, the DSM is starting to support a number of new business services as well. Following are a couple examples:

  • Smart grids. In the utilities sector, the DSM is used in KMIP implementations that support smart grids, and the scale is massive. While other deployments may top out at hundreds of thousands of keys, smart grid implementations for national utilities can require the management of tens of millions of keys.
  • Mobile applications. Communications service providers are also looking to capitalize on the promise of KMIP, and their deployments can also be very large scale and highly demanding from a performance and availability standpoint. For example, one service provider is using the DSM to handle keys in its emergency services applications.

With its KMIP support, the DSM is also well equipped to support innovations emerging in such areas as the internet of things and blockchain.


Across regions and industries, the use of KMIP is set to see explosive growth. Through KMIP, organizations can continue to expand their use of encryption, while at the same time, strengthening the security and efficiency of their key management operations. Thales is ideally equipped to help customers fully capitalize on the benefits of KMIP.

To learn more about the standard and the many KMIP-compliant technologies the DSM now supports, be sure to download our white paper, “Maximizing the Advantages of the KMIP Standard in Your Organization: How Thales eSecurity Can Help.” You can also leave a comment below, or find me @kcairns2020.