Phil Dunkelberger, president and CEO of PGP Corporation, said that encryption was the only answer to modern security.
“In cloud computing – where there’s a need for federated systems – the only way you can protect this data is to encrypt it. There will be many different types of clouds, which will do many different things. And they’ll be run by big players as well as small, such as eBay, Yahoo! and Google. And because they’re all different, and all vulnerable, the only way to protect data is good encryption.”
Modern attacks are backed by unprecedented power, said Dunkelberger.
“You can now put so much more processing power in to attack encryption. I think you’re going to see processors that simply encrypt or decrypt data.
“There’s no perfect system. Eventually people will find a faster system crack. 128 is fine for now, according to all the people I know. But soon it’ll be cracked and we’ll have to move to 260 and 512.”
This power is directed not at stealing personal data anymore, but stealing corporate data and intellectual property.
Traditional threats, such as corporate espionage, can come from surprising places.
“One of my biggest concerns is the people who service PCs and hardware. Are these people being properly vetted?
“I recently saw a 500gb hard drive the size of a quarter [or a 20c piece]. With one of those, an unauthorised staff member could walk out with literally millions of records.”
PGP Corporation’s core protection software is open source, allowing users – and critics – to see inside the software engine.
“We’re proud that people can look at our security code. Over a million people have. We get tangible business and security benefits from it,” said Dunkelberger.
Dunkelberger stressed that PGP sought to provide a single solution to customers that covered all of their needs.
“We sell it as a solution, not a set of solutions. And in that regard, key management is the core of good security.
“Imagine if you needed five keys to start your car.
"Our products allow you to manage multiple keys with one vantage point, so that users have universal access without sacrificing security.
“This is why decrypting is harder than encrypting – because you have to manage the keys properly. Ultimately, you’re not going to have cloud computing without key management.”
PGP currently works with banks, financial services, government, mining and telecommunications firms to protect data, although Dunkelberger stresses that PGP does not provide security services to the ATO.
PGP is a 100 per cent channel company with 30 resellers in Australia.
“We’re committed to selling through the channel, and our channel partners have been incredibly valuable to us,” said Dunkelberger.
Key management is crucial to cloud computing: Dunkelberger
By Kathryn Small on Nov 21, 2008 3:35PM
Key management and cross-application encryption will be the next big thing, according to new research by the Ponemon Institute commissioned by PGP Corporation.
Got a news tip for our journalists? Share it with us anonymously here.