Brian Tokuyoshi - Product Marketing Manager
As the Academy Awards wrap up, I’m reminded of the film Amadeus, which won the Oscar for Best Picture in 1985. The eponymous film is a dramatization about the life of Wolfgang Amadeus Mozart. In a famous scene, Emperor Joseph II, offering his opinion on Mozart’s new symphony, comments that, “There are simply too many notes”, without providing any deeper insight into which particular sequence trouble him.
Enterprises today are facing a related situation, except the issue should be called “too many encryption keys” as well as its closely related issue called “too many encryption products”. Let’s take a common example. Growing concerns about data breach notification laws lead ACME company to deploy a disk encryption product. Over time new requirements emerge, and ACME realizes that they need to secure email due to new local legislation in some regions. Recently, ACME won a bid to work on a classified project, and must deploy yet another encryption product that supports collaboration.
During the initial deployment of disk encryption products, ACME didn’t realize they may have future encryption needs. Thus, ACME missed the opportunity to plan for what they need down the road. Instead, the IT department deployed one point solution after another, with a different encryption key management toolkit for each one. The users had to learn three different pieces of client software, each with their own PIN/password and separate user interfaces. The administrators had to develop skill sets to support three different administration consoles. Simply put, there were too many encryption keys, and too many encryption products.
Much like Emperor Joseph’s critique of Mozart, it’s not easy to pinpoint when ACME reached the breaking point, but they became painfully aware of their situation once they got there. In order to avoid ACME’s predicament, IT organizations should consider encryption management and outline possible future requirements in order to determine the right fit for secure employee desktops. This is also precisely the reasoning behind the design core of the PGP Encryption Platform. By starting with PGP Universal Server, companies can manage one or multiple encryption products with one client and one key, simplifying management while reducing costs and the impact on the user.
If you’re just getting started with your encryption strategy, make sure to consider the management of the policies and keys to be an important part of the overall usability of the system. After all, nobody wants to be painted in the corner of having too many keys.