PGP Blogs

Protecting Data and Speeding Up the User Experience: all in a day’s work at Intel Developer Forum
Tuesday, October 6th, 2009

Shilpi Dey – Product Marketing Manager

I spent the better part of last week at the Intel Developer Forum, a great forum that brings together various technology solution providers who are integrating the next generation of Intel technologies. It was exciting and an honor to showcase PGP® solutions for Intel® Anti-Theft and Intel® AES-NI.

Standing at the booth surrounded by dazzling demos and silicon chips, I was taken back to when I bought my first laptop almost a decade ago. It was from an online auction site and was advertised as “scrubbed clean”. On receiving the laptop I realized there was actually data on it and most of it was actually very sensitive data, including bank passwords, LDAP login information, emails and a few family pictures. Fast forward ten years and here we are today with accountability requirements to HITECH/HIPAA/PCI, etc. and words such as PHI, PII, data breaches and fines keeping CFOs, CISOs and risk management officers awake at night.

Today, full disk encryption is a must-have if organizations want to protect data (user data and temporary files, swap files, etc.) on their laptops from loss or theft. The beauty of PGP Whole Disk Encryption with Intel Anti-Theft is that it not only protects the asset, but the data itself.  If a laptop is lost or stolen, it will turn into a brick and the data will stay protected.

The elegance of this solution is that if it turns out you left the laptop at the coffee shop and the kind employee behind the counter kept it safe for you, access to the laptop can easily be reactivated securely.

So the protection sounds great, but what about performance? I often get asked about user experience and performance with PGP Whole Disk Encryption. The truth is, yes, it’s a piece of software and like all other piece of software you install there is a little lag to the normal operation of the system. The good news is that it’s hardly perceptible and being a user myself, the user experience is business as usual. Even better news is that with Intel’s new instruction set, AES-NI (available in Westmere processors), the performance of PGP Whole Disk Encryption is enhanced several times over.

As for me, I can’t wait for next year’s IDF.

Filed under: Perspectives
Tags: AES-NI, Intel Developer Forum, Intel® Anti-Theft, PGP Whole Disk Encryption, WDE
Comments: No Comments

PGP Desktop Support for Snow Leopard
Thursday, August 27th, 2009

Tim Matthews -Senior Director Product Marketing
Like everyone in the Macintosh user community, we’re excited by Apple’s early Friday delivery of Snow Leopard (Mac OS X 10.6). Unfortunately, like many applications at the moment, the currently shipping versions of PGP Desktop products (v 9.10) are not supported on Snow Leopard. This includes PGP Desktop Professional, PGP Desktop Home, PGP Desktop Email and PGP Whole Disk Encryption (a comprehensive list of Mac OS X applications and their status on Snow Leopard is available on the MacInTouch site).

While we are working diligently to complete the Snow Leopard compatible versions of the PGP Desktop products, we do not recommend you use the currently shipping versions on any system that has been upgraded to Snow Leopard. Please note that users wanting to migrate to Snow Leopard immediately must first decrypt all of their PGP WDE encrypted drives and uninstall their PGP Desktop application prior to upgrading to Snow Leopard. Failure to decrypt PGP WDE encrypted drives prior to installing Snow Leopard could result in data loss or other system issues. Do not attempt to reinstall the currently shipping versions of the PGP Desktop applications (v 9.10) after installing Snow Leopard. Please refer to this PGP Support article for more information.

When the Snow Leopard compatible versions of these products ship, PGP Desktop application users with current Subscription licenses or under current Maintenance will receive the updated applications free of charge. If you are interested in participating in the PGP Desktop for Snow Leopard beta program, please sign up here and we will contact you when it’s ready.

PGP Corporation announced PGP WDE for OS X  last year and it’s been very well received.  A big part of this has to do with the fact that it’s a native Mac application that was designed from the ground up for the Mac.  PGP Corporation is committed to providing Macintosh users the best possible encryption solutions and we’ve been building them since re-starting the company in 2003.

To get a sense of what the overall experience is like with PGP WDE for OS X, take a look at Paul Stamatiou’s excellent step-by-step overview.   The experience on Snow Leopard will be the same.  You’ll notice PGP WDE for OS X is controlled using PGP Desktop, which can be expanded to secure email and files as well.

Users of PGP WDE for OS X will have a new pre-boot authentication screen that protects access to the machine before the operating system loads.   Here’s what it looks like on a Mac with Snow Leopard.

PGP WDE Pre Boot Authentication Dialog Box

Once installed, users can access the PGP Desktop application via the PGP lock icon on the Menu Bar.

PGP Desktop Menu Bar

Users can see the progress of their initial disk encryption from within PGP Desktop.

PGP WDE Progress Bar

Filed under: Perspectives
Tags: PGP Desktop, Snow Leopard, WDE
Comments: 16

Ensuring Disks are Encrypted
Wednesday, April 1st, 2009

Q: I want to do an audit of my IT environment to see which machines are encrypted.  I want to make sure the machine’s encrypted, not just have PGP installed.

A: The best way to do this is to run a managed environment using PGP Universal. If, however, you’re running an un-managed environment there are other ways to check. If you have physical access to the machine, go to the command line and type:  pgpwde –status –disk 0. The response will tell you if the disk is instrumented with bootguard or not which indicates whether or not the disk is encrypted.

If you don’t have physical access to the machine in question, but you can access via the ‘net, you’ll need to use the schtasks.exe command with something like this:

@echo off
for /F “tokens=1,3,5,9 delims= ” %%A in (‘pgpwde –disk-status –disk 0′) do if “%%A”==”Total” (set /a WDEStatus=”((%%C+%%D)/%%B)*100″ )
echo Disk is %WDEStatus%%% encrypted.

(Note that there are only 3 lines: @echo off, for /F (until the line ends with *100″ ), and echo Disk…encrypted)

Filed under: Ask the Expert, Product Q & A
Tags: audit, WDE
Comments: No Comments

Installing Whole Disk Encryption on a Previously Encrypted Drive
Wednesday, March 25th, 2009

Q: After using various encryption solutions, we have chosen PGP as the best solution, but I have a couple of machines causing problems. These machines previously had  another vendor’s full disk encryption product installed on them, but they have been decrypted and the software uninstalled.
PGP installs fine on the machines, but when Whole Disk Encryption is chosen, they come up with the following error :

‘Another whole disk encryption product is installed. Please remove it before trying to encrypt your drive.’

I know that the recommended solution would be to re-image them, but this is going to cause problems with legacy software installed on a few of them. Is there another way round this ?

A: The most common cause of this issue is that the previously installed product was not completely uninstalled. Specifically, unless the system registry entries are cleaned up, PGP Whole Disk Encryption will believe that the older product is still installed. If you know the product has been removed and you know how to manually delete the registry entries, WDE should work just fine.

Filed under: Ask the Expert, Product Q & A
Tags: disk encryption, system registry, WDE
Comments: No Comments