Brian Tokuyoshi - Product Marketing Manager
I recently met with a customer who was concerned about his data retention policies. He’s responsible for a number of servers and data on mainframes, and he fully supports the idea of doing encryption to keep it safe.
This particular customer understands the value of using open standards for encryption. He said the following to me. “We’re encrypting data and backing it up. So let me ask you what you think, you backup the data, you backup the key, but do you backup the application?” That’s a problem that never occurred to me, because PGP Encryption Platform applications use the OpenPGP standard. Files encrypted with PGP software can be decrypted with other software that supports the OpenPGP standard, as long as you have the key and the ciphertext.
The problem my customer discovered is that many encryption solutions do not encrypt data with an open standard. In fact, even with the key, you still need to have the application in order to decrypt the data.
So suppose your data retention policy requires keeping backup tapes for 10 years. That’s a long time, imagine trying to recover a 10 year old tape today? That’s hard enough even if the data wasn’t encrypted. If it was encrypted, and it used proprietary encryption, then getting the application to run could pose a significant road block. Perhaps the original company is no longer in business. Do you still have a copy of the application that created it? Do you have the supported OS and will it run on the hardware that you have? Getting these factors wrong could spell the difference between what you thought was recoverable data to yet another scenario where the data is forever lost when you thought it was preserved.
Don’t make the same mistake, and test this scenario out for yourself. Can you recover your encrypted data if you have the key but not the application that encrypted it? You may be surprised with what you find out.