The company’s new PGP Endpoint technology promises to bring whole-disk encryption to all those pocket-sized devices that keep winding up in data-breach headlines.
Thumb drives: Great for pocketing your data, terrible for falling out of your pocket and sticking your company with the latest “xxx records lost” headlines.
PGP on Feb. 26 announced a whole-disk encryption setup that it says can control those oft-errant thumb drives and other devices and spare companies the need to ban such useful gadgets outright.
The company's new tool, PGP Endpoint, is a centrally managed device and application control setup integrated with PGP Whole Disk Encryption that PGP says will offer control over devices including removable media gadgets that plug in via USB, FireWire, WiFi and Bluetooth connections, as well as encryption and policy control over DVDs/CDs.
PGP Endpoint is also designed to prevent data loss through unauthorized connections and applications.
The time is ripe for encrypting those gumstick-sized troublemakers. Research from the Ponemon Institute shows that in 2007, the leading source of data breaches in the United States and the United Kingdom was caused by the loss or theft of mobile devices such as USB flash drives and external hard drives. As PGP points out in its press release, the cost of data breaches averaged out at $197 and £47 per record, making the enforcement of policy over devices and their usage a critical priority.
For PGP Endpoint, PGP partnered with Lumension Security to integrate its Sanctuary Device and Application Control with PGP Whole Disk Encryption to protect data transferred or stored on portable devices.
John Dasher, director of Product Management for PGP, said that PGP Endpoint is an answer for midmarket or smaller companies that don’t want to completely ban portable devices, as well as for enterprises that deal with contractors or suppliers who carry the potential security traps.
“PGP Endpoint will give them the flexibility to specifically identify which devices are allowed and which are not allowed to be used, and, for those allowed, gives administrators the ability to specify what the policies are governing use,” he said. “Which data should be encrypted? What should be read-only, what should be read-and-write, etc., etc.?”
And regardless of company size, Dasher pointed out, companies are subject to the same regulatory compliance needs, and that can mean encryption mandates.
“Whether you're a one-person consultant with a shingle on the door or you’re midmarket or you’re enterprise, you need to securely communicate and collaborate,” Dasher said.
On the midmarket front, though, such a product can particularly help out, he said, given limited IT staff to set up a formal or rigid encryption infrastructure, as well as mobile staffs that rely on removable devices. “[If you’re an SMB,] you got to where you got by being flexible and dynamic, and that relies on leveraging a mobile work force and mobile devices,” he said.
Key features of PGP Endpoint include data loss prevention, enabled via the prevention of unauthorized access to data on PCs, laptops, tablet PCs, PDAs, portable devices, removable storage drives and USB media. Another feature is encryption policy that enables administrators to require removable device encryption.
Also, the product includes an audit trail on all actions that enables organizations to log and prove that endpoints, devices and media have been protected with permissions, policies and encryption. The product also enables encrypted removable media to be read on systems that aren’t running PGP encryption.
PGP Endpoint will be available in the second quarter through PGP’s worldwide channel partners.
