We are a creative and inventive species! As I look back over the last year of this decade, it amazes me how many new technologies and services have been introduced despite the challenging economic times. We’ve seen new smart phones, tablets, book readers (galore), cloud computing services, web services, and more. Many of these wondrous technologies have the amazing ability to entertain as well as educate. What a divine gift we’ve received in this ability to create new ideas and new tools!
These innovations inspire us to help PTSS customers protect their data carried on these new technologies. This year we’ve brought forward new encryption, key management, tokenization, and systems management products. These include new PGP encryption offerings on the IBM System i and IBM System z platforms, a new key management solution for all platforms, a data tokenization product to complement encryption, and a wide variety of enhancements and features in our existing products. It has been an exciting year for us as a company.
Of course, to keep up with these innovations we make a large investment in research and development. The PTSS development team is a much larger percentage of our company than you would find at the typical software company. I believe that this is a necessary fact of life for a data security products company. To keep our customers safe, we have to keep up with a constant stream of technological innovations, while always working to stay a step ahead of the cyber-criminals trying to break into all this shiny new technology.
I’m especially grateful for the uptake of our security technologies in the ISV and embedded systems market. Our products are increasingly being incorporated into third-party solutions where they quietly help customers protect sensitive information. I’m proud of our relationship with Quantum, the leading provider of managed tape backup solutions; as well as partnership with companies like PGP Corp. You will be hearing more about our partner successes in the coming months.
A large part of my job is to try to look into the future and anticipate the coming needs in data security. Some time ago we saw the emergence of NIST standards as a part of compliance regulations. We did the hard work early on, and now have our encryption solutions NIST certified. We are currently in FIPS-140 certification for our new key management solution, and I am confident that we will complete this process in 2010. I continue to believe strongly that NIST certification will be important to our customers in the future. I believe that our current and future customers will benefit from this effort.
I hope you all have a good holiday and I wish you a happy new year!
Patrick
As business use of the Internet was taking off in mid-1998 I began hearing this consistent message from IBM AS/400 users: “We need encryption to protect our data as it moves over the Internet.” I only needed to hear this a few times before I began looking at incorporating encryption options into our file transfer applications.
My research included talking to a handful of encryption vendors, before finding an application called “Pretty Good Privacy,” or PGP. The application was the work of Phil Zimmermann and a small cohort of fellow off-the-map developers. I researched Phil a bit before contacting him, and — uh oh — I found he had been in trouble with the US government back when encryption was considered a “munition.” So it was with a little hesitation that I decided to place a call to this “outlaw” programmer.
By this time, the controversy over Phil’s activities had died down, and many of the restrictions on encryption had been relaxed. I found it surprisingly easy to get his phone number, get Phil on the phone, and see what he thought about using PGP on large systems.
We had a good conversation about PGP and its prospects for becoming a commercial standard for data protection. Phil was very helpful and we discussed some of the technical issues in porting PGP to the AS/400. He encouraged me to take the leap into the PGP project, and gave me referrals to the development team in charge of the commercial version of PGP. That call and his encouragement were crucial to our efforts over the next 10 years to bring PGP encryption to large IBM platforms.
After some twists and turns, and a few months of laboring in the trenches, we released the first version of PGP for the AS/400. The port to the AS/400 turned out to be a really big challenge. The C compiler was in its infancy, and we struggled with its limitations. And the ASCII to EBCDIC conversions were a nightmare. But we got the product released in 1999. It was very popular and remains so today. We now have hundreds of customers using PGP to protect their data.
PGP is now the de facto standard for whole file encryption in eCommerce. It is deployed by banks, insurance companies, medical suppliers, payroll servicers, and a wide variety of other organizations. Almost every organization on planet Earth deploys PGP to protect sensitive data. Phil’s vision of PGP becoming a widely accepted method of protecting data has become a reality.
Of course, PGP has been through some changes over the years. New encryption algorithms have been added such as AES and Elliptic Curve Cryptography. The product found a new home at PGP Corporation, and has undergone steady development since then. We have a great relationship with the folks at PGP, and many of them have been working with the product from the first days.
PGP Corporation recently completed a FIPS-140 certification of the PGP technology, and this was an important step. As we watch the evolution of security standards, I believe that independent certification by NIST will be crucially important in the months and years ahead. I know from personal experience that certification is hard to do and demands a deep commitment on the part of an encryption vendor. But there is no substitute for the rigor and discipline that it requires.
Here at PTSS we continue to incorporate PGP into new solutions. It’s a rock-solid platform on which to build. I’m happy to continue working with PGP Corporation, and you’ll be hearing from us soon about some of our new developments that incorporate PGP encryption.
After all these years, I’m grateful for Phil’s words of encouragement back in 1998. And am reminded to never underestimate what a few encouraging words can do. Thanks Phil!
It’s hard to believe that it’s been 10 years since we brought the first version of Pretty Good Privacy (PGP) to the IBM i platform (then known as the AS/400). I remember a conversation I had early on with Phil Zimmerman about the future of encryption and of PGP itself. At the time Phil was under investigation by the US government over the export of strong encryption. Those were the days when strong encryption was considered “munitions” and subject to export restrictions.
Phil was very upbeat about the future of PGP, despite the obvious challenges, and was confident that one day Enterprise environments would see the benefits of protecting all types of sensitive data. He encouraged me to pursue a commercial version of PGP and lent his support to the idea. We released the first version of PGP for the IBM i in early 1999.
PGP encryption is now in wide use across all types of industries to protect sensitive data. Healthcare organizations use it to protect patient data and medical claims. Retailers use it to protect credit card information and to send data to their banks to prevent check fraud. Banks and insurance companies use PGP to protect customer social security numbers and other private information. And companies across the spectrum use PGP to protect payroll information and bank transfers.
We are now starting to release the newest version of PGP – PGP Command Line 9 – in our Alliance All-Ways Secure product. PGP Command Line 9 has lots of new features including support for advanced encryption methods, integration with PGP Universal Key Server, more target platforms for Self-Decrypting Archives, and much more. Our existing All-Ways Secure customers can upgrade to PGP Command Line 9 for free.
Alliance All-Ways Secure gives you several methods for secure FTP transfer of your PGP encrypted files. You can use SSL FTP to achieve an encrypted transfer, or you can use SSH Secure FTP (sFTP). In either case you combine the security of PGP encryption with the encryption of the actual transfer. Both SSL FTP and Secure Shell sFTP come with full automation features.
Bottom line, you have many options for file encryption. But because we’re no longer living in the 1990s, NOT encrypting is no longer an option. A data loss can have a devastating impact on your company, and PGP encryption is proven technology to help prevent that loss.