Encryption Tools Fortified To Lock Down Data
Palo Alto, Calif.-based encryption vendor PGP on Monday released updates to its core product line, PGP Encryption Platform and Universal Server, to better lock down information and allow resellers the ability to offer their customers a full suite of unified encryption tools instead of a variety of siloed products, which can lead to increased operations costs, redundant tasks and inconsistent policy enforcement and reporting.
A recent Ponemon Institute survey on the cost of data breaches found the average cost per lost record in 2007 was $197, compared to the year before when it was $182. Additionally, the survey found that lost business opportunities were the most significant costs, rising 30 percent in 2007 over 2006. Lastly, the Ponemon Institute survey found that breaches by third-party organizations such as outsources, contractors, consultants and business partners were reported by 40 percent of respondents in 2007, up from 29 percent in 2006.
John Dasher, director of product management for PGP, said the vendor released the PGP Encryption Platform 9.8/2.8, updating the management, policy and reporting capabilities across its six Encryption Platform-enabled applications.
The PGP Encryption Platform offers centralized and automatic operation that enables management, policy and provisioning across multiple integrated encryption applications. The updates come as networked data becomes more and more de-perimeterized by the increase number of mobile devices, decentralization and increased threats. PGP's goal, Dasher said, is to protect data wherever it goes.
According to Dasher, Monday's updates include enhancements to PGP Whole Disk Encryption, PGP NetShare, PGP Desktop Email, PGP Universal Gateway Email, PGP Command Line and PGP Universal Server, the central management point for the applications.
Key updates include the addition of PDF Messenger, part of the platform's new Secure Delivery functionality, which ensures secure email communication regardless of the recipient's infrastructure. Secure Delivery functions protect communications without requiring additional installed software. Message recipients use the software they already have installed, for example a mail client, Web browser or standard PDF reader, to securely receive, read and reply to emails. Corporate policies are automatically and uniformly applied to outgoing messages to help ensure compliance.
The PGP Encryption Platform updates also allow organizations to accelerate deployment of endpoint encryption with PGP Whole Disk Encryption, NetShare and Desktop Email; increase the number of strong authentication options available to PGP customers from vendors like Aladdin, Gemalto and RSA Security; and better monitor deployments through new logging and reporting capabilities in PGP Universal Server.
Additionally, administrators can enforce location-based data protection via NetShare, extending a company's encryption policy's reach beyond endpoints to network file shares. PGP also increased support via PGP Command Line for encryption and digitally signing OpenPGP- and S/MIME-formatted email messages.
"The era of siloed solutions just can't work," Dasher said. "Security is not a product you buy once and wash your hands of."
Dasher said an encryption platform can change the way resellers approach their customers. Instead of focusing solely on the networking or security groups, resellers can target both and offer a unified encryption solution as opposed to separate point products.
"It gives resellers more entry points while also making them change their approach and become a trusted advisor," he said.
Additionally, it gives resellers the ability to offer encryption as a service to their customers, Dasher said.
Marc Suttle, security engineer for ANI Direct, an Addison, Texas-based solution provider, said with strict HIPPA and SOX compliance regulations, many of ANI Direct's customers are turning to new encryption tools. ANI Direct also offers management for PGP Universal Server and clients.
"2006 and 2007 were both pretty bad years for data leakage," he said. "And a firewall just isn't enough anymore."
Suttle said encryption tools from PGP have been selling well, as more companies recognize the costs and other repercussions of a data breach and are seeking out solutions to protect data throughout their environments. Suttle added that ANI has performed exhaustive evaluations of the PGP Encryption Platform and found it to be a cost-effective way for enterprises to secure data.
"This stuff sells itself," he said. "There are people out there who are concerned. I've seen a large increase in my encryption business over the last several years."
Suttle said in some cases clients buy all six of PGP's encryption applications, even if they don't need each component right away.
"If we see they'll need it down the line, it makes it easier for implementation," he said.