PGP Blogs

PGP Key Management Server
Wednesday, February 24th, 2010

This week marks a key milestone in the history of PGP Corporation. The shipment of PGP® Universal Server 3.0 in conjunction with January’s shipment of PGP® Desktop 10.0 is the fulfillment of a vision first conceived more than three years ago. These products are the most functional and highest performance products we have ever produced. Beyond that, however, their shipment marks an important strategic extension.

You can learn all of the details of what we refer to as the 10|3 release here. The 10|3 mini-site outlines all of the functional and performance enhancements and contains demos of many of the new features. Rather than review those features here, though, I’d like to talk about why 10|3 is significant to PGP Corporation strategically.

As we’ve grown PGP Corporation over that last seven years, encryption of various kinds has become nearly ubiquitous. Laptops, disk drives, smart phones, USB sticks and many other devices now have encryption capabilities built in. While this is generally a good thing for enterprise security, it vastly complicates the policy and key management issues for IT management.

Based on our experiences deploying PGP Universal Server in thousands of enterprises globally, we determined that there was an emerging need for a general-purpose key management platform. Through extensive interviews with the leading security professionals in enterprises globally we’ve aligned our vision of key management best practices with those of our customers.

So, today we are announcing the first product from PGP Corporation designed specifically to manage the broadest possible range of keys and to impose centralized business and security policies on those keys from a single point of control. Whether they are based on OpenPGP or X.509, asymmetric or symmetric, the PGP® Key Management Server provides a comprehensive key creation/expiration, provisioning, policy enforcement, and reporting solution. Leveraging what we’ve learned from building and deploying the PGP Universal Server, corporations can now utilize trusted PGP technology to manage all of their keys throughout the enterprise.

As I wrote earlier this month, PGP Corporation has historically focused on building easy-to-use encryption applications that solve current enterprise security issues. As a part of that effort we’ve always been mindful of the fact that in order to make encryption deployable in an enterprise of any size, you must have very robust policy and key management built in from the start.

For the last seven years we’ve embedded the policy and key management functionality in the PGP Universal Server. PGP Universal Server has scaled with the rest of the PGP product line and now allows security professionals to manage the complete range of PGP applications from a single console. With the shipment of PGP Key Management Server PGP’s customers will now be able to achieve this same level of centralized control and effectively deploy both policies and keys regardless of the devices, applications, and cloud based services they deploy in the future.

Filed under: CEO Blog
Tags: OpenPGP, PGP Key Management Server, PGP Universal, X.509
Comments: No Comments

PGP Acquisition of TC Trust Center and Chosen Security
Friday, February 5th, 2010

We are, of course, very pleased to announce the acquisition of TC TrustCenter and its US parent company, Chosen Security. You can read the details and view a short presentation describing the reasons for this acquisition here. I didn’t want to let the week pass, however, without offering a personal perspective on why PGP Corporation needs to have a position in the trust services market and why we chose TC TrustCenter as our way of providing these services.

When we started PGP Corporation seven years ago we were focused on building the most robust and easiest to use encryption solutions in the world. We had watched the first generation of PKI companies approach this problem from the direction of offering “trusted communications” and concluded the market and users in particular weren’t ready for that approach.

In 2002, enterprises and individuals had data privacy issues they needed resolved, but they needed them resolved quickly and within the context of the then existent communications infrastructure. That infrastructure was not yet ready to support a new, heavy-duty layer of security infrastructure. It would have been similar to building a 100-floor steel and glass skyscraper directly atop a three-story brownstone.  So, instead PGP Corporation focused on applications that protect data in motion and at rest and integrated them into a single, comprehensive management platform.

Fast forward to 2010 and the world and the approach to data protection has evolved. While enterprises are now spending more than ever to protect their networks, it’s commonly understood that network security technology is not keeping pace with the threats now aimed at those networks. The cost of data breaches continues rise even though most forms of electronic communication have some form of security either built in or layered atop them. Nearly all of these security approaches depend upon keys and certificates that are used either to encrypt the content or guarantee the identity of the sender and/or receiver.

The problem is that there are now so many of these certificates in use for so many different purposes that it has become nearly impossible for an enterprise to effectively manage them all, let alone determine which are current and valid.  This problem will only get worse as the world’s hacker community begins to exploit the weaknesses in the current certificate generation, distribution and management systems. We’ve already seen attempts to insert “bandit keys” into corporate key chains to allow hackers to read encrypted email. We can expect exploits such as this one to multiply in the coming years.  For this reason, we decided last year that PGP Corporation would need to extend its encryption and security product line to include trust services so that our customers can use our products with confidence while communicating with the broadest range of customers, partners, and regulators globally.

We chose TC Trust Center as our path to market for two reasons. First, they bring unprecedented breadth and depth of experience to the trust services market. Their executive team has dozens of years of experience in the space and a proven track record of building successful security businesses.

Second, the way they have designed and built their products is completely consistent with PGP Corporation’s worldview. TC TrustCenter’s platform enables secure electronic transactions across individuals, servers, and mobile devices.

Today’s announcement, of course, is just the beginning. In the coming months we’ll be telling you about our vision of how combining trust services with the PGP® Encryption Platform will allow us to build solutions to address threats that are just now emerging. With hackers stockpiling Zero Day threats, and more applications and data moving into the cloud, these new security solutions will be required business enablers of the cloud migration plans for many enterprises. With the combined offerings of PGP Corporation, Chosen Security and TC TrustCenter, we will address threats aimed directly at IT infrastructure as well as the increasing number of threats now targeting endpoint devices . These trusted offerings will not only build confidence in the infrastructure of an organization, they will build confidence to withstand threats to data as it moves in and out of an organization.

We are very excited by the opportunities that combining our two companies and technologies offers us. I extend my welcome to my new TC TrustCenter and Chosen Security colleagues to the PGP Corporation family.

Filed under: CEO Blog
Tags: CA, Chosen Security, Data Breach, PKI, TC Trust Center, zero day threat
Comments: No Comments

International Relations Fallout of Google Breach
Monday, January 25th, 2010

The fallout from Google’s announcement last week about their business in China continued on Thursday in a major policy address by Secretary of State Hillary Rodham Clinton. In a wide ranging speech in Washington, D.C. the Secretary again demanded the Chinese authorities conduct a full and transparent investigation of the cyber attacks outlined by Google.

Some analysts have called these attacks and their aftermath a day of reckoning; others a watershed in the development of a secure Internet. It may be one or both of those things, but my own belief is that it is also the day when the world finally grew up relative to the data breach phenomenon. Moving forward the world will come to understand that the Internet is not an inherently safe environment into which cyberattacks occasionally intrude.

Because the internet itself is a community much like that of a developing country, all shared data is at risk.   While this observation is true even in a developed society, the Internet does not come with security, rule of law, or other infrastructure to ensure that “responsible” behavior is the norm.  Those that share their information and data on the Internet truly do so at their own risk. The recent events highlighted by Google only demonsrates the magnitude and consequences of those risks.

These events also prove  that the Internet has become an inherently unsafe environment in which cyberattacks are the norm. To prevent these attacks from rendering the Internet useless for commerce and communications will require an unprecedented level of vigilance and willingness to engage nation states at the highest levels as Secretary Clinton has done.

I thought Mrs. Clinton summed up what is at stake here quite eloquently when she stated:

“Ultimately, this issue isn’t just about information freedom; it’s about what kind of world we’re going to inhabit. It’s about whether we live on a planet with one internet, one global community, and a common body of knowledge that unites and benefits us all. Or a fragmented planet in which access to information and opportunity is dependent on where you live and the whims of censors.”

When current foreign policy includes dialogue and diplomacy about the impact of data breaches, it’s undeniable that data security (or the more correctly, the lack thereof) has ceased to be under the sole purview of cybercriminals and information security officers.They have become an integral part of the fabric of international relations.  My advice is that we all become accustomed to this. It IS the new normal.

Filed under: CEO Blog
Tags: china, Google, Secretary of State Clinton
Comments: No Comments

Google Stands Up for Corporate and Personal Rights
Tuesday, January 19th, 2010

It was remarkable last week watching how a single cyber-attack has ignited a firestorm of global reaction. I’m referring, of course, to the “highly sophisticated and targeted attack” on Google and a few dozen other companies. While the common wisdom is that the attacks were initiated in China, it hardly matters. All enterprises of any size (including PGP Corporation) are under cyber-attack every hour of every day from a large number of bad actors both foreign and domestic.

While most of the news coverage has focused on speculation about the source of the attacks, the real news here is that a corporate entity is standing up to defend both corporate confidentiality and individual rights. This sort of attack has the potential to not only affect global commerce, but global conventions on what rights individuals inherently possess regardless of their citizenship.

First, let me acknowledge and applaud Google for taking a leadership position on this key issue. For a company like Google that makes its living providing consumer focused products and services, it takes no small measure of courage to threaten to abandon the largest consumer Internet market on earth.

Second, I have to point out that even if the facts eventually prove China was attempting to monitor the communications of their own citizens, this issue is in no way unique to China. In fact, the American government has shown enthusiastic willingness monitor its citizen’s communications.  Historically, governments, even very liberal governments, have had a hard time recognizing and respecting an individual’s right of privacy. Even the U.S. Constitution, with its enumeration of specific individual rights, contains no explicit right of privacy.

PGP Corporation was founded on the core belief that every citizen of each nation possesses an inherent right of private communication.  PGP Corporation’s founder Phil Zimmermann predicted 20 years ago that global governments would attempt to use the Internet to diminish our individual rights to privacy, and Phil nearly went to prison defending those rights.

Third, I believe that the political and economic ramifications of Google’s public statement and disclosure of the attack will echo for months, if not years. Western governments will be forced to respond both technically and diplomatically to avoid being perceived as weak in the face of a clear and present danger. Companies that have moved manufacturing and/or customer service operations to jurisdictions that refuse to recognize the fundamental rights of their employees who are citizens of those countries will come under increasing pressure to curtail their engagement in those regions. This issue is not going to go away quickly and I believe it will leave a very different set of international business practices and standards in its wake. It’s going to be fascinating to see how this plays out, particularly given how dependent western economies are upon Asian manufacturing and financial resources. The only thing I know for sure is that somewhere in the world Phil Zimmermann is smiling and thinking, “I knew this would happen!”

Filed under: CEO Blog
Tags: china, Google, privacy
Comments: No Comments

U.S. House Passes DATA Act
Tuesday, January 12th, 2010

The U.S. House of Representatives delivered an early Christmas present last month when it passed the Data Accountability and Trust Act (DATA). HR 2221, sponsored by Representative Bobby Rush (D-Il), is just about everything you’d want in a well-considered piece of legislation on such a complex topic. The bill not only protects consumers in that it requires nearly all businesses to take steps to protect personally identifiable information at rest and in motion, it also requires companies to publicly disclose any breaches of that data. HR 2221 singles out data brokers as a special class and requires they put processes in place to protect the information they maintain and submit to periodic audits to ensure they comply.

The DATA act also addresses a growing concern on the part of consumers by requiring that data brokers provide a method for individuals to prevent their personal information from being used for certain marketing purposes. Responsible consumer brand companies have long had access to far more information about us than they were comfortable using and adopted an informal code of conduct that constrained their use of that data. HR 2221 gives that code of conduct the force of law and applies to all companies involved in interstate commerce.

Besides providing extensive consumer protection, the DATA act also provides businesses a reasonable “safe harbor” by declaring loss of data that is “unusable, unreadable, or indecipherable” by the use of encryption or other technology not subject to the breach disclosure requirements. This bill also, of course, will unify the existing 47 state data breach bills now in effect. The fact that the DATA act has passed doesn’t make it law, however, as it now needs to be modified in committee to make it consistent with whatever bill the Senate passes (there are two under consideration).

Even when a federal bill does become law, it will not completely end the debate over various state laws that address issues on topics where the federal bill is silent. The primary example of this is the Massachusetts data protection act (201 CMR 17).  The Massachusetts law, set to take effect next March, specifies exactly what classes of data must be protected based on physical attributes, not just content.  It also specifies exactly what types of technology must be used to protect them. While the diligence of the Massachusetts legislators is laudable, history demonstrates that this type of prescriptive legislation that involves rapidly evolving technologies, generally creates as many problems as it solves. An excellent example of the issues being raised by 201 CMR 17 can be found on TechTarget’s SearchCompliance site.

The passage of HR 2221 will also have important implications internationally as it is likely to form the basis upon which the Federal Trade Commission will commence negotiations to create consistency in breach regulations with the European Union. As I’ve noted before, the EU continues to lead the way in enforcing some of the most stringent privacy regulations on the Internet. Continuing this trend, the UK’s Information Commissioner last week published a draft policy that, if adopted, will severely limit the ability of web sites to track user behavior. With regulators in the Euro zone moving ahead on their plans to provide even more privacy safeguards for their citizens, it’s critical that U.S. regulators finalize the data breach requirements so they can focus on some of the more current issues.

It will take some time to work out how the pending federal bill will impact some of regulations imposed by state regulators and how enterprises can best comply with the new requirements. Overall though, it was a very good month on the data protection front and we can only hope the Senate acts quickly to deliver the final bill for which Americans have been waiting so patiently.

Filed under: CEO Blog
Tags: DATA Act, Data Breach, HR 2221, Massachusetts 201 CMR 17, Representative Bobby Rush
Comments: No Comments

Howard Schmidt Appointed National Cybersecurity Coordinator
Tuesday, January 5th, 2010

I was pleased to learn late last month that President Obama has decided to appoint Howard Schmidt as the White House Cybersecurity Coordinator. It may have taken seven months from the President’s original pronouncement establishing the position, but I think it’s fair to say the President ‘got his man’.  I also think it’s fair to say that in Howard Schmidt we all got a leader that deeply understands the challenges associated with securing the nation’s critical cyber-infrastructure.

These challenges now go far beyond the common criminals that have historically generated the majority of online threats. As recent attacks have demonstrated, we now face new threats from increasingly aggressive and technically capable nation-states that intend us harm. Finally, there are serious challenges facing the new Cybersecurity Coordinator in simply bringing together the various agencies that must address these issues. As John Markoff points out in his story in the New York Times, the President has made the job a bit easier by simplifying the reporting structure, but make no mistake, this is a big, complex job Howard has accepted.

I believe, however, that if anyone can do this job, Howard Schmidt can. I’ve known Howard for many years and he has been a valued member of PGP Corporation’s Business Advisory Board since 2003. I can personally attest to Howard’s depth of resolve in addressing the cybersecurity threats we face from enemies foreign and domestic.

The announcement on the whitehouse.gov includes a video in which Howard introduces himself and lays out the top priorities on which the President has asked him to focus:

• “Developing a new comprehensive strategy to secure American networks”
• “Ensuring a unified, organized response to future cyber incidents”
• “Strengthening public/private partnerships here at home and international partnerships with allies and partners”
• “Promoting research and development of the next generation of technologies”
• “Leading a national campaign to promote national cybersecurity awareness and education”

We will miss Howard’s wisdom and insight on our Business Advisory Board and I am grateful for his contributions over the last six years. We can take comfort, however, that he’s applying those same energies to resolving the issues above and the others we will face in protecting the nation’s critical infrastructure.

As Howard states, “When it comes to cybersecurity, our vulnerability is shared and so is the responsibility to ensure that our networks are secure, trustworthy, and resilient.” It will require significant effort and focus from both he public and private sectors to achieve the goals set forth by the President and at PGP Corporation we are committed to contributing to this effort and supporting Howard Schmidt and his team in any way we can.

Filed under: CEO Blog
Tags: cybersecurity coordinator, Howard Schmidt, John Markoff
Comments: No Comments

2010: Finally a Year of Action
Wednesday, December 30th, 2009

Those of us in the information security business have been hoping with each passing year that the “next year” would be the one in which our elected representatives recognize the threats to our privacy and actually DO something about it. I think we can now say with a fair amount of certainty that in 2010, we’ll get our wish.

First the good news. On both sides of the Atlantic our governments have recently taken concrete steps to protect our personal information. Here in the U.S. the Senate has passed not one, but two bills out of committee that would materially protect U.S. citizens from the affects of large data breaches. The first (S.1490) is the Personal Data Privacy and Security Act; also known as the Leahy bill. The primary provision of S. 1490 prohibits the concealment of a data breach.  The companion bill (S.139) is the Feinstein Data Breach Notification Act. The Feinstein bill requires enterprises both public and private engaged in interstate commerce to notify American residents if their personal information is accessed during a known breach.

At roughly the same time, the Information Commissioner’s Office in the UK published a watershed document entitled the Guide to Data Protection. It is a very thorough examination of the UK’s Data Protection Act and what it means for both businesses and consumers. Besides being comprehensive it’s also written in the sort of plain English we rarely see from the public sector on either side of the Atlantic.

When you layer atop these two developments the provisions in the American economic stimulus bill that essentially provides a national breach law for healthcare information, it becomes clear that the landscape is changing very rapidly on the data protection front

Now the bad news. Our senators can spin a story about the Leahy and Feinstein bills being complementary, but the fact is that having two bills (and rumor has it there’s at least one more on the way), just means this process is far from over and will require substantial negotiation within the Senate before there is a vote on any of them. THEN the House must take up the issue and whatever bill they pass harmonized with the final Senate language.  Net, given the other pressing business in Congress we might get a bill on the President’s desk in 2010, but it’s going to take exceptional leadership and courage in both houses to get it done.

Phil Zimmermann predicted in 1991 that the commercial development of the Internet would put our privacy at risk from actors in the public and private sectors. As the statistics on DataLoss DB show, he could not have been more prescient. We’re now at the point where not a week passes without the disclosure of a material data breach somewhere in the world. So while I’m heartened by the actions of the public sector in the both the UK and here in the U.S., it’s clear that actually protecting ourselves from the negative affects of the ongoing pandemic of breaches is going to require vigilance on all our parts.

I’ve written previously about steps you can take to prevent the loss of personal information both online and offline. Unfortunately, most of the world’s cybercriminals have concluded the conducting attacks on individuals is a very low yield approach to collecting data with which they can perpetrate other profitable crimes.  Most significant identity thefts now begin with the kind of data breaches that DataLoss DB tracks and about which many of us are now receiving notifications from our credit card companies on a regular basis.

What this means is that taking the steps I outlined earlier while still necessary, achieve less than they used to in protecting you from such crimes. Particularly with the advent of social networking platforms such as Facebook, there are now more large repositories than ever that cybercriminals can use to vacuum up large amounts of personal information.

So, in addition to using a locking mailbox, shredder, and not carrying anything with your Social Security Number on it, there is a new list of things we all need to do to protect our identities in the coming decade. For now please seriously consider the following:

• Unless you have a compelling reason not to, freeze your credit reports. This remains the one thing you can do to block the impact of your personal information being swept up in a large-scale data breach. Since I first wrote about this three years ago, the three credit reporting agencies have made significant strides in making it easier to freeze (and temporarily unfreeze) your credit report.

• If you are active on any of the social network platforms don’t post personally identifiable information that you don’t want in the public domain in perpetuity and utilized to target you with email, ads, and potentially criminal activity. This is particularly important as there is a new class of tool emerging that allows criminals to identify and target victims based on their employer, location, and other attributes. To put a finer point on this, we now live in a world in which criminals can determine your home address and whether or not you’re home at the moment by aggregating information across Facebook, Twitter, etc.

• If you carry USB memory sticks that contain sensitive information (personal or professional) please, please encrypt that data. PGP Corporation offers several different ways to do this and I’ll take these up in my next posting.

As I said at the top, it would appear that 2010 is indeed the year that we get some of the legal protections required to protect our personal and sensitive professional information. This doesn’t mean, however, that the world is going to be a safer place for that information. If anything, more individual vigilance will be required to protect ourselves from the growing number and sophistication of the threats we all face each day.

Filed under: CEO Blog
Tags: Data Breach Notification Act, Dataloss DB, Feinstein, Leahy, Personal Privacy and Security Act, Phil Zimmermann, S.139, S.1490, UK Guide to Data Protection
Comments: No Comments

New Global Privacy and Breach Regulations
Monday, November 2nd, 2009

There have been two very significant developments this week that indicate just how seriously governments globally now take the threats identity theft and data breach pose to our basic freedoms and economic development. On Tuesday, Canada passed tough new regulations that empower law enforcement to more easily prosecute perpetrators of identity theft. By making the theft, trafficking, or possession of illegally obtained personal information crimes punishable by up to five years in prison, the Canadian government is showing global leadership on this issue that I hope many other countries will emulate.

Then Wednesday the European Commission announced that they are rethinking their policy on data breach disclosure. Specifically, Viviane Reding, the EU Commissioner for Information Society and Media, gave a speech in which she announced that the Commission will evaluate new EU-wide legislation that would require most European enterprises to disclose data breaches both to those affected and the authorities. Previously, the commission had opposed such regulation. So this constitutes a pretty significant change in policy if the Commission proceeds with the plan disclosed by Reding.

Much of the path forward here is complicated by the political process inside the European Parliament and conflicting policies in individual EU member countries. However, the fact that the European Commission has agreed to even debate the issue is a significant step forward. As I’ve observed previously, it’s going to be very difficult to make material progress in protecting individual privacy in an era of rampant cybercrime without harmonizing the basic regulatory environments amongst world’s major economic zones. It’s bad enough that the U.S. has 46 separate state data breach laws. I’m confident Congress will resolve that issue in due time. The larger issue here is that we can’t even begin to have a harmonization discussion with the EU because at the moment the official policy is that no breach disclosure is required.

I’m heartened by the actions of both the Canadian parliament and the European Commission. They both demonstrate, in their own way, that our elected officials are paying attention to the threats we now face. Even more significant, these developments demonstrate that the public sector is prepared to act to protect our confidential information and that they are prepared to act against those that intend to harm us through its misuse. It is also my hope that the regulatory bodies in all three global trading blocks not only continue this momentum, but leverage these actions to pursue the harmonized regulatory environment that will allow us to better address the escalating threats to our privacy and safety online.

Filed under: CEO Blog
Tags: breach notification, European Commission, Identity Theft, regulatory harmonization
Comments: No Comments

Snow Leopard Redux
Monday, September 21st, 2009

Phil Dunkelberger – President & CEO
I’ll echo what Tim Matthews said in his blog about our excitement over Snow Leopard shipping. It’s great when the OS vendors really listen to their customers and decide to take a break from “feature-itis” and spend a release cycle making their existing features faster, smaller and more reliable. Unfortunately, like many operating system upgrades, some of the changes Apple made affected our PGP Desktop products and cause them to behave in unpredictable ways or to simply fail. This is the reason we communicated directly with all of our Macintosh users urging them not to attempt to use the currently shipping versions of PGP Desktop products with Snow Leopard.

Since we sent that communication and posted Tim’s blog, I’ve received a number of questions from individual Mac users; the most common of which are:

1-Why didn’t you tell us sooner that I can’t use my current PGP Desktop products with Snow Leopard?

2-Does PGP Corporation intend to continue to support Mac OS?

3-Since Apple has been shipping pre-release versions of Snow Leopard for some time, why do we now have to wait for a version of PGP Desktop that supports it?

The answer to the first question is very simple, we could have done better. I want to apologize to all PGP customers that use our Mac OS products that we didn’t notify you of the issues we’d discovered with Snow Leopard sooner. We’ve taken steps to ensure we never leave any of our customers in the dark again when it comes to support of major operating system upgrades…this applies to both Macintosh and Windows users.

The answer to the second question is equally simple.  PGP Corporation is categorically committed to supporting the Macintosh platform. Hundreds of PGP Corporation’s employees are Mac users and we’ve been building Mac OS based products since restarting the company seven years ago. We intend to continue to support the Macintosh platform and build the best security products for it that we can.

The answer to the third question is a little more complex and has more to do with the commercial realities of developing complex security software than it does our commitment to the Macintosh platform and our customers that use it. Our product development plan for each year typically includes one major release, one minor release, and whatever patch releases are required. In addition, we provide maintenance releases to all customers that have current subscription licenses or maintenance contracts in place.

If the changes in Snow Leopard had been minor relative to PGP Desktop products, we’d have likely done a very quick patch release. Unfortunately, the changes in Snow Leopard were profound enough that it requires significant work to support Mac OS 10.6 and we’ve been doing that work for months. The other issue is that there are certain things we can do only AFTER an operating system upgrade is complete and that’s the work that our Macintosh products team is doing now. As this story points out, Snow Leopard may not have included many new features, it was still a very significant change “under the hood”.

This question is further complicated by our design and ship philosophies here at PGP Corporation. From a design perspective, we build all of our Macintosh products to meet the expectations of Mac users from the bottoms up. We don’t port Windows products because we don’t believe you get very good Macintosh products that way. What this means is that when Apple releases a new OS, particularly one with the infrastructural changes that are the hallmark of Snow Leopard, it means our Mac engineers dive into those new code libraries to leverage them extensively to create the functionality and experience Mac users expect. This type of OS update also requires we completely retest all of the functionality in the product (not just those features we know we need to test). We do this to ensure we don’t “assume” something isn’t broken because there’s no obvious change in the operating system that would break it. For all these reasons, it means there is inevitably going to be some delay between the time we receive the final version of an OS upgrade and when we’re comfortable shipping products that we know support all of the changes made by the OS vendor.

We’re not alone in needing to wait to complete certain types of functionality as the list of products that don’t support Snow Leopard yet demonstrates. We’re working to complete the last of the changes to our products as quickly as we can before subjecting all of the PGP Mac OS Desktop products to the very thorough testing cycle through which all PGP products must pass.

When the Snow Leopard compatible versions of PGP Desktop products ship, users with current Subscription licenses or current Maintenance in place will receive the updated applications free of charge. If you are interested in participating in the “PGP Desktop for Snow Leopard beta program,” please sign up here and we will contact you when it’s ready.

Filed under: CEO Blog
Tags: Mac OS, Macintosh, PGP Desktop, Snow Leopard, Whole Disk Encryption
Comments: No Comments

Of Oscars and Magic Quadrants
Wednesday, September 16th, 2009

Phil Dunkelberger – President & CEO
The movies have their Oscars, Césars , and BAFTAs. Television has the Emmy’s, Deutsche Fernsehpreis, and ASTRA Awards. The enterprise software sector also has its fair share of awards programs to recognize both commercial and engineering excellence. They’re not all called “awards”, but they are treated as such by all software developers. Recently, a number of these awards have been announced and I’m pleased to report that PGP Corporation’s products have done very well indeed.

The most recent announcement (today) is that, according to TheInfoPro’s Information Security Wave 11 Report, PGP Corporation was ranked the #1 “in-use” provider of data encryption among Fortune® 1000 companies for the fourth year in a row. Additionally, PGP Corporation was ranked the #2 in use provider of secure email messaging behind only Microsoft. I’m fond of saying that in the data security business, “deployments win”. So, I find the recognition of PGP Corporation’s products as the most deployed in our segment to be particularly satisfying.

However, it takes more than just deployments to build a great software company. It also takes a compelling vision and ours was recognized last week when the Gartner Group released its annual Magic Quadrant for Mobile Data Protection. We were recognized as a top ranked vendor in the visionary cell of this year’s Mobile Data Protection quadrant. In Gartner terms, this means that PGP Corporation is considered a visionary vendor with a demonstrated ability to execute.

Finally, just last month SC Magazine honored PGP Whole Disk Encryption v9.10 with a five star rating, their highest. The SC Magazine writers cited the product’s ease-of-use and declared “PGP Corporation is still an industry leader and this product is a great value for the money.”

Vision, deployment, execution, and value; it’s hard not to be pleased when some of the leading IT analysts and publications are saying these things about a single company. As that company, we are more committed than ever to helping you protect your confidential information today at the lowest cost while maintaining our vision of helping you meet tomorrow’s threats when they arrive. Don’t get me wrong, the awards are nice, but the ones I care most about happen in the marketplace with our customers.

Filed under: CEO Blog
Tags: Gartner Magic Quadrant, SC Magazine, TheInfoPro
Comments: No Comments