PGP Comes Into The Region
PGP Comes Into The Region
May 22nd, 2006: Preety Good Privacy takes on the Asia Pacific. Open source security code and data encryption the keys to enterprise asset protection.
PGP Corporation, Phil Dunkelberger, told IDM that since purchasing PGP from Network Associates in 2002, the fact that it makes it source code available for peer review has proved to be a positive asset.
While initially counter-intuitive to many IT implementers, the idea of making encryption code open source, and therefore peer reviewable, is now being seen as a sensible way to go.
Speaking with IDM, PGP Corp's director of products, Stephan Somogyi was keen to echo the doctrine espoused by Eric S. Raymond: "Closed source leads not to true security but to a false sense of security. You don't know what's in there, you can't verify it, you can't check the assumptions or honesty of the people who wrote it."
Backing this up is the fact that, according to Dunkelberger, PGP Corporation has seen, "explosive growth' in the take up of PGP data encryption in the enterprise space since 2002 with the company's PGP Universal Encryption Platform.
Universal enables encryption of data from email via FTP to instant messaging and full disk coverage using automated server-based policies. The system enables automatic encryption/decryption with no need for user interaction. Not only does this mean that training is minimised, it also enables server administrators or trusted in-house stakeholders further up the chain of responsibility to be in control of who has access to keys.
The rise in commercial - rather than military - use of encryption, also adds to the security debate that appears to be forming a consensus that perimeter security (protecting the environment) is rapidly slipping in terms of its importance.
Related Article:
Instant Messaging A Genuine Threat