PGP Corporation Ships New Self-Managing Security Architecture, Delivering Automatic Secure Messaging and Information Storage

Mitigates corporate risk and manages governance and regulatory requirements while securing confidential business assets and intellectual property

LONDON, September 15, 2003 – PGP Corporation, the recognized leader in secure messaging and information storage, today unveiled PGP® Universal at the Gartner Security Summit 2003 in London. PGP Universal is the world’s first security architecture to shift the burden of securing email messages and attachments from the desktop level to the network level in a way that is automatic and entirely transparent to users. The technology has undergone extensive testing and is already in use by large enterprises worldwide. The first release of PGP Universal is available immediately.

Commitments

When PGP Corporation was formed and the core PGP assets were reacquired a year ago, the company announced three guiding principles; continuity, relationship, and innovation. During the past year, PGP Corporation’s public focus has been on continuity and relationships — upgrading and introducing new versions of its existing products, expanding relationships with its loyal customer base, developing and training sales channels worldwide, and establishing significant business alliances. At the same time, PGP Corporation has privately made a major investment in technical innovation.

“From the start, we envisioned a technology that would eliminate the barriers to achieving universal, enterprise-wide information security,” said Phillip Dunkelberger, PGP President and CEO. “We are today announcing and shipping an innovative new architecture that raises the standard for corporate email security, making possible what was not possible in the past. We built PGP Universal to be so flexible and cost-effective that companies can make the transition from securing a few individuals to protecting all their information assets.”

Architecture Goals

Added Mr. Dunkelberger, “Our technology vision extends beyond enterprise-wide secure email. In the future, the PGP Universal technology foundation will also address enterprise security needs for instant messaging, mobile devices, data storage, and other technologies at the network protocol level.”

Technology Advances Automate Secure Messaging

“Privacy concerns and regulatory initiatives like HIPAA, Sarbanes-Oxley and others, coupled with widespread awareness of the security risks posed by unsecured email have driven many enterprises to look for technical solutions in this area,” said Ray Wagner, Research Director for Information Security Strategies for Gartner, Inc. “To date, however, very few organizations have widely deployed solutions due to concerns over cost, convenience, interoperability, and manageability. Network-based, self assembling approaches could offset current limitations and prove attractive to enterprise customers.”

Announcing PGP Universal

PGP Universal is a new architecture and product family built on trusted and proven PGP technology. Its new network proxy- and protocol-based approach provides full end-to-end security in a way that overcomes current deployment, management, usability, and cost objections. PGP Universal makes possible a dramatic change in how organizations think about information security, allowing them to secure all their information assets in a practical, transparent, and cost-effective manner.

Executive and Business Management can now achieve organization-wide compliance with legislative regulations, minimize non-compliance risk, and meet employee and customer privacy requirements at a practical cost by utilizing PGP Universal’s:

– User transparency – allows users to concentrate on business requirements without the burden of learning and adhering to policy and using desktop-oriented security solutions
– Automatic central security policy – provides uniform compliance with policy and regulations by moving enforcement from the desktop to the network
– Two-way policy enforcement – extends internal policy enforcement to external suppliers, partners, outsourcers, and customers
– Digital signatures – protects against falsified or spoofed company and employee communications Immediate, incremental, and scalable deployment – allows benefits to be realized immediately without major investment in IT or related organizations
– Low cost of ownership – achieved by eliminating existing burdens (desktop software, user training and support) and not adding to existing IT, email, and network infrastructure

Network, Email, and IT Management can now deploy an organization-wide information security solution without changing existing network, email, or digital certificate configurations with PGP Universal’s:

– Implementation transparency – achieved through proxy- and protocol-based technology implemented at the transport layer, not the application layer
– Interoperability and standards compatibility – achieved by supporting common and standard network protocols (SMTP, POP, IMAP, MAPI, Notes)
– Certificate and message format compatibility – achieved by supporting and being interoperable among OpenPGP, X.509, and S/MIME standards
– Self-managing security architecture – permits automatic key generation and lifecycle management, automatic encryption and decryption, and digital signatures
– Incremental deployment – allows organizations to deploy according to corporate policies rather than technology limitations
– No user support – eliminates user involvement so IT organizations no longer need to deploy desktop security software or train and support users

Information Security Management can now realize their full organizational charter of implementing organization-wide solutions with automatic and uniform policy enforcement with PGP Universal’s:

– Central, two-way security policy management – applied to all employees, partners, outsourcers, and customers, on both outgoing and incoming email
– Network-based policy enforcement – moves from the desktop to the network, eliminating user costs and involvement while providing central policy control
– Self-managing security architecture – permits automatic key generation and lifecycle management, automatic encryption and decryption, and digital signatures
– Single solution – delivers security beyond the firewall (external), inside the firewall (internal), to all types of recipients in a single, scalable solution
– Keyless recipient management – permits policy enforcement for recipients without keys, using PGP Universal Web Messenger and PGP Universal Satellite
– Certificate- and message format-agnostic – integrates and interoperates with existing X.509 and S/MIME deployments
– Additional decryption keys (ADKs) – gives organizations the ability to recover information, when necessary
– Trusted technology foundation – builds on the existing, proven PGP technology toolkit and includes product source code for peer review

“After a promising evaluation, we have decided to use PGP Universal on a trial basis in our company,” said Don Michniuk, Corporate Manager of Information Security, Bechtel Corporation. “By shifting security from the desktop to the network, PGP Universal reduces the need to rely on users to comply with security policy. This new architecture makes it possible to set and enforce a domain-based security policy uniformly and automatically for all messages, as well as to extend strong email security to all users.”

PGP Universal Relieves Organizational Concerns about Information Security

By enabling enterprise-wide security of information assets, PGP Universal helps organizations mitigate corporate risk and manage governance and regulatory requirements. With PGP Universal, organizations can secure confidential business assets, intellectual property, and ensure customer and employee information privacy both internally and externally. Communications with partners, contractors, outsourcers, and suppliers, as well as shareholders and the media, can be uniformly secured and digitally signed.

PGP Universal Availability

The first release of PGP Universal is available immediately through the PGP Certified Solution Partner program managed by Ingram Micro, Inc. in the United States and Canada and by PGP distributors in Europe, the Middle East, Africa, Japan, Asia-Pacific, and Latin America. For information, see www.pgp.com/partners/universal.html.

About PGP Corporation

The recognized worldwide leader in secure messaging and information storage, PGP Corporation develops, markets, and supports products used by a broad installed base of enterprises, businesses, governments, individuals, and cryptography experts to secure proprietary and confidential information.
v During the past ten years, PGP® technology has built a global reputation for open and trusted security products. The PGP Corporation family of products ranges from automatic, self-managing network-based solutions for enterprises to individual desktop solutions. Venture funding is provided by DCM-Doll Capital Management and Venrock Associates. Contact PGP Corporation at www.pgp.com or +1 650 319 9000.