What is PGP?
PGP stands for Pretty Good Privacy, which is easy to remember, but also not terribly descriptive. PGP is a way of encrypting data that’s stored on workstations or servers. Its most popular use is to secure email attachments, since email is not sent over a secure protocol.
PGP is a free tool which uses several layers of symmetrical and asymmetrical key encryptions to render data inaccessible to unauthorized users, unhealthy even if they manage to get ahold of a file they shouldn’t.
Why use PGP?
PGP is most commonly used to encrypt email attachments, but there are a number of good reasons to use PGP for encrypting data that you keep on your servers. Storing data on your server in an encrypted state gives your files an added layer of security, both from external breaches, as well as legitimate internal access.
- Ensure privacy compliance. System administrators have legitimate reasons to access the server. In order to manages users and to perform server updates and maintenance, administrators often have unrestricted access. However, if you store files with HIPAA-restricted medical information or credit card data, even incidental access can be noncompliant to regulations or outright illegal. Keeping files encrypted can protect against this type of incidental access.
- Protect against external data breaches. If a cyber thief is able to access your server, is your data cryptographically naked? PGP encryption can act as a last line of defense; an attacker who manages to get into your server will only find files full of undecipherable gibberish. If you have mechanisms set up on the server to thwart hackers, such as kicking users and banning IP addresses, an attack can be shut down before any data is exposed
- Protect against employee theft of data. Of course, some users who have proper authorization access data with ill intent. We hear story after story about employees with high company clearances stealing data for personal gain. A PGP encryption system that embeds the encryption keys and does automatic, rather than manual, encryption and decryption can protect internal data from prying eyes.
Rather than trusting your network’s firewalls and protocols to protect your sensitive data with a bubble of security, keep your data encrypted as a matter of course. Most Managed File Transfer (MFT) systems can perform PGP encryption of data at rest. Look for an MFT solution that encrypts the data on-the-fly, encrypting and writing in a single step, so that unencrypted data is never written to the disk. If your MFT solution does not offer this feature, make sure that there is a function to scrub the unencrypted version of the file, rather than simply just marking it as deleted.
PGP encrypting your stored data is a simple precaution to save headaches down the line.