An outsider is likely to take the news that IBM is moving to whole-disk encryption across its entire Big Blue universe in one of two ways: As further evidence that the technology has arrived, or with a bit of surprise that IBM didn't make the move earlier.
In any case, IBM said this week that it will deploy PGP's system this year. The story says the company already uses some encryption, but this is the most organized and comprehensive initiative to date, driven by fear of data loss and the need to comply with regulations. Network World reports IBM's heavily regulated banking and finance clients pushed the move. These companies will be freer to share information with IBM once the PGP software is in place.
Perhaps the CEO of PGP took time out from celebrating the IBM agreement to write this commentary for CNET. The piece does a good job of describing the tension between the changing hot spots in security and the speed with which organizations can react. Phil Dunkelberger says he doesn't necessarily believe the perimeter no longer exists -- that mobile devices have completely obliterated the difference between being inside and outside the firewall -- but that relying solely on firewalls is no longer a viable solution.
Dunkelberger points to several things about the need for encryption that IT staffs and organizations increasingly understand. The bottom line is that data is leaving the confines of the office, and this is a risky and potentially costly trend. On the other hand, rolling out encryption isn't easy: It is difficult to retrofit into applications and a variety of encryption systems must be deployed and integrated to protect the entire enterprise.
Encryption, judging from the IBM deal and this announcement by McAfee, is finding a home deeper within organizations and software. McAfee has introduced Total Protection for Data which, according to this eChannelLine story, is an extension of the vendor's Total Protection family. The story describes the suite, which includes data-loss prevention (DLP), device control and various other tools in addition to the encryption element. The piece says that McAfee Endpoint Encryption encrypts everything on a laptop, PDA or other mobile device. Use of the data is impossible without authorization from McAfee Device Control.
There are several types of encryption and, of course, a number of vendors in each category. Whole- (or full-) disk encryption is perhaps the most comprehensive. This piece at CopiaTECH is written for those who know their way around the inside of a computing device. Even to a non expert, however, it is obvious that full-disk encryption -- the type PGP is providing to IBM -- is preferable. The piece provides four reasons this is so.
The bottom line is that more constricted types of encryption seem vulnerable. The writer also lists six features to look for in an encryption system. In addition to advocating full-disk encryption, the writer says companies should insist on strong access control, synchronized password changes, centralized management, detailed reporting and auditing capabilities, and seamless integration with the existing infrastructure, the story says.