Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog
Showing posts in English
Doug McLean | 16 May 2009 | 0 comments

The Data Loss Database is a record of data breaches going back to 1995. As such it is one of the most comprehensive records of global breaches. Maintained by the Open Security Foundation, the DataLoss DB is published monthly.

Below is the classification of all recorded breaches by type since 1995.


Historical Data Loss by Type

Doug McLean | 15 May 2009 | 0 comments

dmclean_webfinalWe spend a lot of space on our blogs talking about the hard and soft costs of data breaches. PGP Corporation also sponsors the annual Ponemon surveys of this topic. I don't tend to focus on it in my blog because I find the crimes that cause breaches so interesting, but last week I saw some new numbers that are truly startling.  Heartland Payment Systems released their Q1 earnings report. According to this story at, Heartland has so far spent $12.6 million to remediate the breach they experienced in December. The...

Brian Tokuyoshi | 15 May 2009 | 1 comment

Brian Tokuyoshi - Product Marketing Manager btokuyoshi_webfinal

One of the problems of the Payment Card Industry Data Security Standard is that it will never reach a state of completion. That’s because PCI DSS it defines protections against known security risks, and then maps out a list of things that it must do to meet the minimum requirement for an acceptable level of security.

The goals of PCI DSS are noble, for it establishes practices for handling of sensitive data, and thus ensures security experts address the issues that can’t be taken for granted anymore.

The problem, though, is that PCI DSS sets up the requirements in a way that creates checklists of technology to deploy, which prescribes protection against the known threats. You can’t prescribe...

Brian Tokuyoshi | 12 May 2009 | 0 comments

Brian Tokuyoshi - Product Marketing Manager btokuyoshi_webfinal

The PGP® Universal Server delivers the administrative functions for the PGP Encryption Platform. It’s the console that’s used by our largest customers to keep tabs on their applications, enforce policy, and provide logging capabilities without having to deploy multiple consoles. PGP uses this platform, as well as 3rd parties who develop applications that support PGP Universal Server so that they do not have to write their own management console. While the administrative functions for PGP Universal Server are well understood, what’s not so commonly known is that PGP...

Doug McLean | 08 May 2009 | 0 comments

There have been a number of calls lately for the creation of an agency like the Federal Emergency Management Agency (FEMA) focused on the Internet. The theory is that by integrating the currently fragmented cyber-security efforts of the Departments of Defense, Homeland Security, OMB and a half dozen other agencies, that we’ll be better able to respond to cyber-attacks from predators foreign and domestic. While such integration is surely needed and is very effectively documented in the recent report by the Center for Strategic and International Studies (CSIS), I’m not sure that a “Cyber-FEMA” is enough to address the threats now bearing down on the nation’s Internet infrastructure.

While FEMA’s charter is formally defined to be both proactive and reactive, the fact is that it’s core mission is to react when disasters both natural and man-made occur. While it’s easy to build a case that...

Brian Tokuyoshi | 07 May 2009 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

btokuyoshi_webfinalIn the pursuit of providing protection for enterprise data, many organizations make the mistake of thinking that their responsibilities to protect data start and end with the deployment of an encryption application. What often happens, in the rush to secure data, is that the need for strategic key management can be overlooked. This often occurs when there’s been an imperative driving the need, such as a new compliance mandate or the revelation of a data breach. These types of incidents can often create a singular focus to deploying encryption products that can unfortunately prove to be short sighted.

For compliance initiatives, sometimes even the best intentioned efforts to protect data can lead to unforeseen...

Shilpi Dey | 01 May 2009 | 0 comments

sdeyShilpi Dey- Product Marketing Manager

PGP Corporation recently announced a new product - PGP® Whole Disk Encryption Workgroup Edition which is specifically tailored to protect small companies and enterprise workgroup’s data on laptops, desktops and USB devices while supporting compliance requirements. PGP Whole Disk Encryption Workgroup Edition provides administrators a simple, intuitive and easy-to-use solution to manage and deploy full disk encryption.  The beauty of this solution is that there is no need to manage servers or databases nor does it require additional dedicated hardware.

PGP Whole Disk Encryption Workgroup Edition consists of a management application (PGP® Whole Disk Encryption Controller) and PGP® Whole Disk...

Doug McLean | 14 Apr 2009 | 2 comments

dmcleanEarlier this month, Senators John Rockefeller (D, West Virgina) and Olympia Snowe (R, Maine) introduced S.773, the Cybersecurity Act of 2009. It's actually a companion bill to one they proposed a few days earlier to create a cabinet level Cybersecurity Czar. It's S.773,  however, that contains all of the meat in the Senate's attempt to legislate better cybersecurity. We've seen half-hearted attempts to do this in the past, but as Chairman of Senate Committee that overseas Commerce, Science and Transportation, Senator Rockefeller's bill will be seriously considered and Senator Snowe's presence on the co-sponsor list indicates that it will also have at least some bipartisan support.

At 53...

Bryan Gillson | 08 Apr 2009 | 0 comments

Encryption can be a transformative and disruptive technology. It can transform otherwise perfectly good data into something completely unreadable, potentially disrupting typical enterprise systems such as data leak prevention, disk imaging, help desk operations, and data recovery.

Often, ensuring that these systems work well with encryption products requires collaboration between PGP® Corporation and our partners. Internally we refer to the combination of these partners and our customers as the "PGP Ecosystem". An excellent example of how the ecosystem is addressing one of these thorny issues is disk imaging.

Over the years, imaging has grown from a rarely-used, fairly obscure IT time saver, to a critical component of an enterprise (or individual) backup and deployment strategy. But how does a PGP Whole Disk Encryption (WDE) deployment affect this strategy?...

Bryan Gillson | 08 Apr 2009 | 0 comments

Last time, I reviewed the issues associated with the use of disk image backups in a PGP® Whole Disk Encryption environment – or with any full disk encryption system for that matter, including hardware (or self-) encrypting drives. I closed by saying the following:

What's needed is an imaging solution that operates from within Windows (to provide all of the automation, UI, and ease of use that users expect), lets users enjoy all the benefits of modern disk image backups, and yet operates seamlessly with PGP Whole Disk Encryption to offer fully encrypted backups and restores.

Now I'm pleased to introduce a solution that satisfies that exact set of requirements.

Future Systems Solutions, Inc. has announced the beta testing of Casper Secure for PGP Whole Disk Encryption, the first backup and recovery solution designed specifically for users of PGP's Whole Disk...