Compliance Management, Critical Infrastructure Security, Privacy, Security Strategy, Plan, Budget

Encryption: PGP

No matter how much things change, they stay the same. As I have pointed out, there have been massive changes in security drivers over the past 12 months. The changes have generated a new set of challenges, but, even though our encryption innovator has done a first-rate job of addressing them over the past year, the new issues are generating a sort of déjà vu picture of the encryption market.

Key management still is a challenge, for example, not because PGP has not addressed it, but because the ballgame is changing rapidly. Now there is a strong movement toward universality in encryption. Clearly not everyone uses the same encryption product, but everyone now seems to have learned that encryption is a critical component of security. That means some sort of universal key management system that supports third-party keys is needed. This is not a new problem, but certainly one that has moved up in the stack.

Another new challenge that has been on the horizon, at least at the state level, is breach reporting. More than 40 states now have breach reporting laws and there will be a federal law in the foreseeable future. That implies some sort of safe harbor for email using encryption. An extension of that is email and document retention. Here, as in most encryption applications, the challenge is not in encrypting information, it's decrypting it.

Applying encryption to multiple platforms is another area that has become important over the past 12 months. PGP has addressed that with new products that focus on more platforms. In addition to multiple platforms, we now see multiple environments, such as SaaS, cloud computing and others.

The last new “big deal” is personal encryption. This is not just email and documents, but now we have wikis and social networking sites. This implies a way around the key management and decryption problems.

Those are the challenges. The good news is that when you are the world's largest purveyor of encryption software, you have a lot of customers all telling you what they want and what their needs are. All you have to do is listen and that – listening and responding – is one of the key strengths of this perennial innovator.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.