PGP Corporation sees potential of deperimeterisation

Encryption software vendor PGP Corporation has announced that plans to move into identity management services.

Speaking to ZDNet UK on Wednesday, Phil Dunkelberger, chief executive officer of PGP Corporation said managing user authentication and access rights to critical online business applications will become increasingly important as the deperimeterisation of business systems continues.

Deperimeterisation — where the security emphasis is moved from the edge of the network and onto individual devices, and ultimately to individually encrypted data packets — fits with PGP's plans."We have plans. Absolutely we have plans for moving into identity management," explained Dunkelberger.

PGP Corporation owns the Pretty Good Privacy codebase -- originally developed by Phil Zimmermann. Pretty Good Privacy (PGP) is a security system developed around cryptographic privacy and authentication.

PGP claims to be well positioned to offer services that integrate business processes and policies with security technologies. "We are already working with a number of people to provide "encryption tone". PGP is working behind the scenes with telcos, ISPs and managed service providers to build security systems that integrate readily, said Dunkelberger.

"We've already built the basic plumbing with the PGP Universal platform, which can be combined with Netshare to manage different keys. We have a relationship with RIM using Universal for Blackberry -- we can manage different cryptographic solutions, as we are system agnostic," Dunkelberger added. "We're already doing volume disk encryption, and in data protection, PGP is number one," he claimed.

Dunkelberger explained that some people are trying to solve authentication issues by using ID management, and creating more problems.

"The threat model has to be fully understood," said Dunkelberger. "If not, it taxes both the help desk and the architectural design team. If you're using cryptographic systems that don't work, you've just created more problems for the IT guys."

Symantec is also considering moving into identity management, as well as encryption and a range of managed services, the security giant's chief said at the Symantec Vision conference in May.

Symantec chief executive John Thompson mentioned those fields as areas the company is interested in as it tries to become a single-source supplier for management of data centres and protection of data and of online transactions.

Symantec is not currently a player in the ID management market, which is dominated by CA, IBM, Hewlett-Packard and Oracle, and which research firm IDC predicts will grow to almost $4bn (£2.1bn) in the next three years.

When Zimmermann made PGP available on the Internet as freeware in the early 1990s he became the target of a three-year criminal investigation by authorities in the US under legislation restricting the export of cryptographic software. Eben Moglen, now the Free Software Foundation's lawyer, defended Zimmermann and the case was eventually dismissed.

CNet News.com's Joris Evers contributed to this report