• Like
The PGP
Upcoming SlideShare
Loading in...5
×
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
667
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
48
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. PGP® White Paper October 2006 The PGP® Encryption Platform Version 1.1
  • 2. PGP White Paper – PGP Encryption Platform 2 Table of Contents EXECUTIVE SUMMARY ......................................................................................................3 CHALLENGES FACING ENTERPRISE IT ..........................................................................4 FUELING INNOVATION AND GROWTH ................................................................................................. 4 COMPLIANCE AND BRAND PROTECTION ............................................................................................ 4 THE ROLE OF ENCRYPTION .............................................................................................5 EVOLUTION.................................................................................................................................... 5 A NEW APPROACH.............................................................................................................6 EVALUATING ALTERNATIVES ............................................................................................................ 6 THE PGP ENCRYPTION PLATFORM.................................................................................7 INTEGRATED APPLICATIONS............................................................................................................. 8 BEYOND A SUITE ............................................................................................................................ 9 CONCLUSION ................................................................................................................... 10 © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 3. PGP White Paper – PGP Encryption Platform 3 Executive Summary As businesses seek new operational models, diversify globally, and develop closer relationships up and down the value chain to achieve greater profitability, IT organizations are being asked to help drive innovation while securing systems and communications to protect brand equity and meet audit and compliance obligations. To meet these business goals, enterprises are increasing the use of encryption. The PGP Encryption Platform is an architecture and framework offering a new approach that allows businesses to deploy and manage multiple encryption applications cost-effectively, saving capital and human resources to focus on additional projects. The PGP Encryption Platform differs from historical “silo” approaches because it provides shared user management, policy, and provisioning across all applications instead of requiring new infrastructure, configuration, management, deployment, and training for each application installed. This PGP White Paper is intended for business managers and compliance officers participating in IT portfolio management as well as IT management responsible for implementing information security projects. © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 4. PGP White Paper – PGP Encryption Platform 4 Challenges Facing Enterprise IT As businesses worldwide race to enhance profitability through innovation and cost controls, enterprises are challenged to balance opposing forces. Organizations are using innovative business and operational models across borders, increasingly relying on mobile workforces and replacing voice communication with email and instant messaging (IM). While using technology to drive growth, businesses must also comply with a growing range of government and industry regulations and protect time-to-market and competitive advantages by guarding intellectual property that is often transferred globally. Fueling Innovation and Growth The need to operate globally and react in real time to changing business environments is helping to fuel the growth in global communications. Email messaging is now a mission-critical application, and IM is used for a growing range of diverse applications—from reaching colleagues across the world to trading commodity futures. In addition to communicating with customers and partners globally, organizations are increasingly turning to domestic and offshore business process outsourcing (BPO) to scale operations and achieve fiscal flexibility. As businesses to seek to develop closer customer and partner relationships, workforces are becoming increasingly mobile and the boundary between internal and external networks is dissolving. Sales, marketing, support, and other personnel are now able to work more closely with customers and communicate more often, remaining productive even while outside the office thanks to mobile computing. Desktops are being replaced with laptops, and use of wireless handhelds is moving beyond the executive level and board room. These initiatives are strengthening relationships throughout the value chain and, in turn, increasing the amount of sensitive communications and transfers across networks. Compliance and Brand Protection At the same time as businesses try to use IT to drive growth and profitability through innovation, industry and government regulations are mandating compliance. Government regulations such as the EU Data Privacy Directive as well as the Gramm-Leach-Bliley (GLB), Health Insurance Portability and Accountability (HIPAA), Sarbanes-Oxley (SOX), and other acts require tight controls 1 on information and privacy. More than two dozen states in the U.S. now have laws requiring organizations to notify those affected of information security breaches, and a federal law has been proposed as well. No longer a subject for finance and compliance teams, the resulting consequences of failed audits and compliance and data security breaches are a serious threat to the investments organizations make in brand equity and building customer trust. Beyond compliance, protecting time-to-market and competitive advantages is critical as the lead time from concept to delivery shortens. As organizations rely on centers of excellence dispersed globally and offshore BPO, the need to protect intellectual property is not only greater, but also more complex. 1 2006 Breach of Information Legislation: http://www.ncsl.org/programs/lis/cip/priv/breach.htm © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 5. PGP White Paper – PGP Encryption Platform 5 The Role of Encryption These often contradictory business drivers require IT organizations to use encryption. Access to data must be enforced both inside and outside the organization, even in the event of a security breach. Encryption allows organizational policy to be enforced whether data is traversing networks or stored locally on laptops. Businesses seeking to maintain competitiveness by increasing communication and agility while remaining compliant and protecting their brand are discovering that encryption is more important than ever. Encryption is now in use throughout enterprises: securing business transactions across networks, maintaining the confidentiality of email communications, or protecting client data stored on consultants’ laptops. In the past, the use of encryption required both specialized knowledge and additional effort to use. Today, innovative encryption technology no longer requires manual intervention, but allows end users to make use of encryption without even knowing it is present— improving their productivity plus that of administrators. Even as the use of encryption has evolved, the deployment and management of encryption applications is changing as well. Evolution To date, encryption applications were acquired, deployed, and managed separately: Each project was distinct and addressed a single threat to the business. Although encryption addressed business risk mitigation, each project required a different encryption application. Each new encryption application entailed separate acquisition, deployment, training, and ongoing maintenance requirements. This scenario incurred direct costs to the business and also required administrators and users to perform redundant tasks for each application, generating indirect costs that lowered productivity and siphoned resources from new or additional projects. Because of their separate nature and redundant resource investment, encryption applications have often been considered application “silos.” In comparison, encryption is now being used for Figure 1: Deploying multiple multiple applications such as email, locking down encryption applications without laptops, securing tape backups, protecting financial common management, policy, transactions, and controlling access to file servers. provision, & other services creates These diverse functions mean businesses need to redundant tasks and costs reevaluate both the time and cost required to deploy and support the silo approach. For IT organizations, the effort required to manage multiple encryption applications while ensuring compliance is draining resources that could be used for new or expanded projects. For business managers, the cost of deploying and managing multiple encryption applications raises questions about the effectiveness of capital deployed. Figure 1 illustrates how deploying applications using the silo approach generates redundant tasks, incurring unnecessary costs and diverting teams from other critical activities. For compliance groups, separately managing multiple encryption applications raises concerns that compliance and risk mitigation could be suffering if policies are applied and enforced differently across applications. © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 6. PGP White Paper – PGP Encryption Platform 6 A New Approach IT organizations have been faced with planning, deploying, and managing multiple applications before. Enterprise resource planning (ERP), customer relationship management (CRM), and Web Services all require multiple applications that IT organizations turned into a platform approach on which to build and deliver critical applications. Using a platform, multiple applications can leverage shared resources and common frameworks, shorten learning curves, and eliminate redundant deployment and administrative tasks. Compared to a silo approach, a platform strategy allows more applications to be deployed cost-effectively, thereby reducing operational costs and freeing IT resources to focus on additional projects. Evaluating Alternatives To help evaluate the differences between approaches to deploying, managing, and using encryption applications, IT organizations can use two important metrics to judge project effectiveness: overall business risk and operational cost (see Figure 2). When the organization identifies an application requiring encryption, it has a number of options: • Silo approach – Using multiple encryption applications without a common management system. With each new application, the organization must perform installation, setup, configuration, management, training, and ongoing maintenance separately. • Platform solution – Leveraging shared user management and policy using a framework for integrated applications. • Wrong choice, deploy again – Selecting the wrong vendor or technology, and then needing to perform acquisition, deployment, and management tasks again. • Do nothing – Deferring action until later. Figure 2: Comparing Options for Addressing Business Risk with Encryption Low Risk Business Silo Approach Platform Solution Risk ($) Wrong choice, deploy again Do nothing High Risk High Cost Low Cost © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 7. PGP White Paper – PGP Encryption Platform 7 As illustrated in Figure 2, the foregoing approaches differ significantly in how much they reduce business risk and the expected effect on operation costs: • Silo approach – This approach addresses the initial threat; however, as additional applications are needed, the lack of common policy does not help reduce overall business risk. As the organization deploys additional applications, the budget required to maintain and support different applications and their management interfaces increases. • Platform solution – Common user management and policy enforced consistently across applications not only allows organizations to address the initial and subsequent threats, but reduces operational costs by reducing the need for redundant resources. • Wrong choice, deploy again – As organizations make wrong choices, they fail to address threats, allowing risk and operational costs to increase as the result of acquiring, deploying, and maintaining new systems. • Do nothing – Although not incurring a direct cost, doing nothing does not address the identified threat. In the long term, the risk may be exploited and the resulting costs to recover from a security breach dwarf the proposed operating costs of acquiring an appropriate encryption solution. The PGP Encryption Platform Recognizing the needs of businesses, PGP Corporation delivers the PGP Encryption Platform with encryption applications for enterprises. The PGP Encryption Platform is an architecture and framework for shared user management, policy, and provisioning automated across multiple encryption applications. The PGP Encryption Platform is deployed with the first application so that installing a separate or additional infrastructure is unnecessary. Figure 3: The PGP Encryption Platform Automates Encryption for Integrated Applications © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 8. PGP White Paper – PGP Encryption Platform 8 Integrated Applications PGP Corporation and its partners deliver integrated applications that automatically provide and use the management, policies, provisioning, and other services delivered with the PGP Encryption Platform architecture. The automated user and key management, provisioning, policy enforcement, and reporting and logging for the PGP Encryption Platform architecture are provided by the PGP Universal™ Server. The PGP Universal Server provides scalable, centralized gateway and desktop encryption management, deployment automation, and policy enforcement across PGP Encryption Platform– enabled applications, Role-based administration through a unified Web-based console delivers rapid deployment into existing security infrastructures. PGP Universal Server provides all the tools required for administrative access to protected data. PGP Corporation develops applications that include and deploy the PGP Encryption Platform when first installed: • ® PGP NetShare – Protects files all the way from shared PGP product packages are also storage to local client storage with end-to-end encryption. available that combine multiple PGP NetShare allows users to work securely in PGP Encryption Platform- collaborative and dynamic environments without affecting enabled applications into a workflow or productivity. PGP NetShare does not require single encryption solution changes to an organization’s storage architecture or infrastructure and can be quickly deployed and managed installed on the desktop. PGP® using PGP Universal. Desktop Professional, PGP® Desktop Storage, and PGP® • ® PGP Whole Disk Encryption – Provides Desktop Enterprise offer comprehensive, nonstop encryption for securing all files multiple combinations of PGP on desktops, laptops, and removable media, transparently NetShare, PGP Whole Disk securing all disk contents, including system and temporary files, and enabling quick, cost-effective Encryption, and PGP Desktop protection for sensitive data. As a PGP Encryption Email. Platform–enabled application, PGP Whole Disk Encryption leverages PGP Universal Server policies, users, keys, and configurations, expediting deployment and policy enforcement. PGP Whole Disk Encryption can be used in combination with other PGP encryption solutions to provide multiple layers of security. • PGP® Desktop Email – Secures email communications from the sender’s email client to the recipient’s—and all points in between—automatically, using centrally defined, policy- based encryption. PGP Desktop Email supports major email security standards and will interoperate seamlessly with most popular email security software solutions. As a PGP Encryption Platform–enabled application, PGP Desktop Email leverages existing PGP Universal Server policies, users, keys, and configurations, expediting deployment and policy enforcement. PGP Desktop Email can be used in combination with other PGP encryption solutions to provide multiple layers of security. © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 9. PGP White Paper – PGP Encryption Platform 9 • PGP Universal™ Gateway Email – Delivers standards-based enterprise email encryption and digital signatures without client software. PGP Universal Gateway Email integrates seamlessly with existing S/MIME and PGP infrastructures and provides centralized, real- time security policy enforcement of inbound and outbound email. PGP Universal Gateway Email is transparent to managed end users, requiring no special training, client software, or changes in user behavior. As a PGP Encryption Platform–enabled application, PGP Universal Gateway Email leverages PGP Universal Server policies, users, keys, and configurations and can be used in combination with new or existing PGP Desktop Email deployments to provide multiple layers of email security. Applications also available from PGP Corporation that integrate with the PGP Encryption Platform: • ® PGP Command Line – Enables organizations to automate protection of confidential information using trusted PGP encryption, securing data for local storage, transfer over the Internet, or backup. PGP Command Line includes patented Additional Decryption Key (ADK) technology that helps ensure long-term access to encrypted data according to ® security policy and regulatory or audit requirements. Available for Windows, UNIX, IBM ™ ® ® iSeries , and IBM zSeries platforms. Third-party developers also provide applications that integrate with the PGP Encryption Platform: • PGP® Support Package for BlackBerry® – Research In Motion® (RIM®), the maker of BlackBerry® handheld devices, developed the PGP Support Package for BlackBerry to provide handheld users with end-to-end PGP email encryption using native BlackBerry email applications. Email encryption is performed transparently according to policy defined with PGP Universal Server. Beyond a Suite The PGP Encryption Platform and integrated applications differ from other encryption approaches, including suites or sets of application. Unlike the PGP Encryption Platform, application suites lack integrated user management, policy, and other services, requiring administrators to manage multiple, different administrative consoles. Additionally, suites of applications may include applications licensed and re-branded from other vendors, which can complicate deployment, administration, and technical support, when needed. If they are not centralized, policies may differ across applications or users and require administrators to focus on configuration, leading to questions and concerns about compliance achievement and risk mitigation. Over the long term, the direct costs associated with managing multiple applications and the indirect costs of resulting lost productivity can outweigh the value of the risk itself. © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 10. PGP White Paper – PGP Encryption Platform 10 Conclusion With the PGP Encryption Platform, businesses can now select from a Figure 4: Comparing the cost and effort of platform versus growing range of managed encryption silo approaches when deploying encryption applications solutions and develop a comprehensive encryption strategy. Previously, the silo approach incurred accelerating costs and effort to deploy and maintain differing management interfaces and applications (see Figure 4). Today, organizations can deploy multiple, centrally managed encryption applications, decreasing the incremental cost and effort to deploy and maintain these applications and reducing the overall investment required for effective information security and risk mitigation compared to alternative approaches. As PGP Corporation and its partners continue to add platform-ready encryption applications, businesses can continue to embrace innovation and change while cost-effectively addressing compliance and brand protection. © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION
  • 11. PGP White Paper – PGP Encryption Platform 11 PGP Corporation 3460 West Bayshore Road Palo Alto, CA 94303 USA Tel: +1 650 319 9000 Fax: +1 650 319 9001 Sales: +1 877 228 9747 Support: support.pgp.com Website: www.pgp.com © 2006 PGP Corporation All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form by any means without the prior written approval of PGP Corporation. The information described in this document may be protected by one or more U.S. patents, foreign patents, or pending applications. PGP and the PGP logo are registered trademarks of PGP Corporation. Product and brand names used in the document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners. The information in this document is provided “as is” without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document could include technical inaccuracies or typographical errors. All strategic and product statements in this document are subject to change at PGP Corporation's sole discretion, including the right to alter or cancel features, functionality, or release dates. Changes to this document may be made at any time without notice. © 2006 PGP Corporation. All Rights Reserved. EEGBP060625 APPROVED FOR EXTERNAL DISTRIBUTION