Skip Links

'PGP' encryption has had stay-powering but does it meet today's enterprise demands?

Symantec, the owner of PGP, continues to develop it but some enterprises balk at certificate management

By , Network World
December 20, 2013 01:04 PM ET

Network World - PGP encryption, as industry old-timers know, started out as “Pretty Good Privacy” invented by Phil Zimmermann in 1991, and since then, was sold on to various corporate owners until it ended in the hands of Symantec in 2010. While it is a widely used vintage brands, does PGP public-key encryption still meet today’s enterprise demands, given the rise of cloud computing and mobile?

pgp

Enterprise managers are somewhat mixed on that, though PGP, over two decades old, is so well known that Symantec, which dropped the PGP moniker in favor of “Symantec Encryption,” still reminds everyone it’s “powered by PGP technology.” In addition, there’s “OpenPGP,” the IETF standard that was championed by Phil Zimmermann, that can be implemented by companies without licensing.

Symantec declines to discuss how many customers it has exactly in the PGP realm, but it does point out that Symantec has invested resources in developing what it inherited with PGP. For example, Symantec offers client app software for both Apple iOS and Google Android devices as part of its Desktop Email Encryption. Symantec says its email encryption encrypts e-mail directly from an end user machine. The result, according to Symantec, is encrypted mail is delivered directly to a user’s device and they use the Symantec Mail Encryptor App to reply.

+Also on Network World: The weirdest, wackiest and coolest sci/tech stories of 2013 | The worst security SNAFUs of 2013 +

But despite this kind of PGP-related development work, one sticking point is managing the digital certificates needed for end-to-end encryption and decryption, especially when it comes to sharing files securely between two separate companies as outside business partners.

“It’s too problematic,” says Yuval Illuz, associate vice president and head of global infrastructure and IT operations at network equipment company ECI Telecom about digital certificate management among business partners. “It’s not something you need today. You change suppliers all too often.”

Illuz said his company has migrated off the PGP-based Symantec Encryption e-mail and filing sharing software that the firm once used for secure communications with business partners. Instead, ECI adopted a different type of exchange, the RSAccess product from Safe-T, in which two nodes are set up on each side of a firewall to support requests for sensitive data from suppliers, business partners and customers. It can also create directories for the cloud-based Dropbox service. Everything is encrypted but it doesn’t depend on certificates, but strong passwords, to get information, he says.

But ECI is sticking with Symantec Encryption for some things, particularly for in-house use. “The laptop encryption for PGP, we are still using it,” he says, expressing confidence about the security and manageability involved in it.

Since acquiring PGP, Symantec has released secure file-sharing with Dropbox in what it calls its File Share Encryption integration with Dropbox. Symantec says it works by simply checking a box in the management server so anything sent to Dropbox is automatically encrypted with the appropriate keys.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News