Moving Your PGP to the Cloud? Here’s What You Need to Know
Is PGP encryption part of your secure messaging strategy? Are you currently hosting this system on-premise? Ever thought about moving your PGP email encryption to the cloud? It may sound daunting, but, with the right tools and services, moving to the cloud is an investment to consider for you and your customers.
An on-premise PGP system is resource intensive, and requires software installed on your workstation and servers. The demand on your IT department can be considerable – migrating it to the cloud can take a lot of strain off your staff.
Here are a few points to consider if you are thinking of making the move:
Email encryption should be more than just adequate
We have a responsibility to protect the sensitive messages that we send, and we need to do it in a way that doesn’t get in the way of doing business.
An effective email encryption solution has five main qualities:
- It is easy to implement
- It can scale to keep up with growing demands and sudden bursts in email volumes
- It is feature rich, standards-based and current, supporting encryption technologies widely used today
- It is jurisdictionally aware, so messages sent from the EU, for example, aren’t stored in or sent through the U.S. or other jurisdictions which might compromise compliance with GDPR rules
- It is operated securely by a trusted vendor which is dedicated to security
Legacy systems shouldn’t stop you moving to the cloud
Moving an on-premise PGP system to the cloud is not only possible, these legacy systems can actually be migrated without disruption, a critical business consideration if your organization sends large numbers of secure messages daily. And you gain access to additional secure delivery methods, like the ability to send messages via web portal, and additional features, like the ability to custom brand encrypted messages.
Key management without the management
According to the thirteenth encryption study commissioned by Thales to the Ponemon Institute, key management continues to be a major pain-point for 57 per cent of organizations. And many of these organizations report they continue to manually manage their key process. This is not a new stat. In fact, key management has remained a consistent pain-point year over year! Moving to the cloud allows you to simplify your key management process – and automate it.
Why use Security as a Service?
In today’s climate, businesses must scale quickly to meet everchanging demands. Security threats are always evolving, and technology continues to transform at a rapid pace. New developments such as mobile computing, the Internet of Things, Software as a Service and Infrastructure as a Service are leading to fundamental changes in the way businesses operate.
Working with a cloud Security as a Service provider can bring many benefits. Sheila Jordan, CIO at Symantec, for example, points out that while IT and technology investments can be used to operate and grow a company, the list of tasks to be performed will always be greater than the resources and funds available. IT is often seen as an easy place to cut costs, and in response, CIOs “must prioritize the demands that most directly affect the profitability and financial goals of the company.” CIOs are responsible not only for protecting data, but also for helping companies use that data to generate actionable insights. Moving to the cloud lets organizations track and report in real time.
Thinking about Security as a Service? Here are some questions to consider:
- What is your risk profile?
- Is there a specific crisis you’re responding to?
- Do you have a clear plan in place?
Once the decision to move to the cloud has been made, choose your vendor carefully. Don’t look for a single point solution: if you do, you might find that the solution you’ve chosen has quickly become obsolete or is not the sole focus of a bigger product. Look to your new partner to educate and train your teams and guide your company through the process. Most importantly, get to know the team you’ll be working with, as good relationships can make the difference when dealing with a crisis.
Sheila Jordan from Symantec puts it best: “When you work with a partner that understands your business and where you are headed, they can offer global support and solutions that will grow with your organization. The right partners will always be customer-focused, doing everything in their power to drive your company forward.”
By Christian Peel, VP Engineering, Echoworx
 Sheila Jordan, “Security as a Service,” in Canadian Cybersecurity 2018: An Anthology of CIO/CISO Enterprise-Level Perspectives, ed. Ajay K. Sood (Toronto: CLX Forum, 2018), 23-45.