Blog | Townsend Security

Securing Data in Motion with PGP Encryption

Written by Michelle Larson | Aug 28, 2013 10:22:00 PM

In their latest podcast, Paul Taylor with Security Insider Podcast Edition and Patrick Townsend, CTO of Townsend Security discuss using PGP encryption to secure data in motion for meeting compliance regulations, the OpenPGP standard, the differences between Open and Commercial PGP solutions, and ways to automate your managed file transfers on the IBM i.

PGP stands for “Pretty Good Privacy”, and it’s an encryption solution that originally started in the 1990s. Over 20 years ago, Phil Zimmerman and a group of developers decided to produce secure file encryption technology and felt that PGP should be used everywhere to protect data-in-motion, both for individuals and for companies who need to transfer data across networks. Originally, Phil Zimmerman’s development team offered a free, open-source version of PGP. Over the years, ownership of PGP was transferred from Network Associates to McAfee, and is now owned and commercially licensed by Symantec.  Throughout that development, Townsend Security has helped to bring this important encryption technology to IBM enterprise platforms. We have partnered with Symantec to offer the only commercial version of PGP Command Line on the IBM i.

In their podcast, Paul and Patrick discuss the OpenPGP standard and the two solution versions of PGP, Open and Commercial, and the confusion around them. OpenPGP is a standard (RFC 4880 & RFC 2440), not software, and that standard covers what an Open PGP solution is and should do. There are multiple open source editions for software, available from a number of different organizations, that should meet the OpenPGP standard.

The commercial version from Symantec was created and continues to be advanced by the original PGP developers. It conforms to the OpenPGP standard, and it adds additional functions that are important to enterprise customers.

For example:

    • Additional decryption key support (the ability to encrypt a file for multiple recipients)

If you need to send and recover an encrypted file to yourself for due diligence, your ability to recover that encrypted file through additional decryption key support becomes an important regulatory component.

    • Self-decrypting archives (the ability to encrypt data and send it to almost anyone for processing)

You can create an encrypted file on your system, even on IBM z mainframe or IBM i platform that can be decrypted as an executable on a Mac system, a Windows PC, or even a Linux box.

    • Support for X.509 Certificates, external key management protocols, and the ability to actually store encryption keys on an external server.

With the Commercial PGP product comes full support for OpenPGP standard, as well as these additional features, which really make a difference for enterprise businesses. When you base your company reputation on something mission-critical like PGP encryption, you deserve the comfort of knowing that there’s a support team there ready to stand behind you.

“Pretty Good Privacy” is well recognized and accepted across a broad number of compliance regulations as a secure way to protect sensitive data as it is in transit to your trading partners. PGP encryption helps businesses meet PCI DSS by encrypting credit card numbers and other PII as required by HIPAA/HITECH Act, Sarbanes-Oxley, and FISMA compliance regulations.

Listen to the podcast for more in-depth information and a discussion on how PGP meets compliance regulations with it’s NIST certifications, and how Townsend Security, the only Symantec partner on the IBM i or AS/400 platform as well as the IBM z platform providing PGP Command Line 9, can help IBM i users with PGP!

 

If you have topics you would like to hear discussed in future podcasts, please email them to us at podcast@townsendsecurity.com or post your comments here in the blog!