Symantec Offers Insight Into Encryption Road Map

Symantec has revealed how it has changed from the OEM approach for encryption, after its acquisitions of PGP and GuardianEdge.

And this past week, Symantec detailed more of its plans for the technologies, unveiling a strategy that stretches from whole-disk encryption to protecting data copied to removable devices. The key word for Symantec is integration – bringing encryption to bear in conjunction with authentication and DLP (data loss prevention) technologies from other acquisitions.

“Symantec’s strategy, the reason for the acquisitions, was really to complete the product set,” explained Tim Matthews, director of product marketing at Symantec. “[The company is] well known for antivirus, anti-malware [and] security in general…it only made sense to buy encryption technologies to protect the information itself.”

Encryption Approach

In the months since the combined $370 million (£232 million) acquisitions of PGP and GuardianEdge, Symantec has been working to address overlap between the two new assets and integrate them into the Symantec portfolio. Those efforts manifested themselves in Symantec’s announcement of four products this week, all of which are slated for release in the winter of 2011.

One is a new version of PGP Whole Disk Encryption, in which Symantec has added support for Intel AES-NI technology. Symantec also integrated the product with Intel’s Anti-Theft Technology, which allows organisations to render stolen or decommissioned PCs unusable. Also in the area of whole-disk encryption, Symantec is adding support for Mac OS X to its Endpoint Encryption Device Control product.

Beyond that, the company also announced plans for Endpoint Encryption Device Control, a rebranding of GuardianEdge’s technology. With Endpoint Encryption Device Control, organisations will be able to manage the use of portable storage devices and media drives. The product is slated to feature a number of capabilities, including the ability to control access to ports and monitor device use and file transfer activity.

Last but not least is Symantec Endpoint Encryption Removable Storage Edition, which the company said will enable content-aware control over information users want to copy to removable devices.

Scott Crawford, research director of Enterprise Management Associates, said Symantec’s acquisitions of PGP and GuardianEdge suggests the priority going forward is not only controlling information but the systems where information is found.

Endpoint Security

“The announcement of [a] capability that supports more advanced anti-theft functionality and device control are early indicators of this,” he said. “Looking ahead, it is possible to see a larger role to be played in concert with, for example, DLP as an engine for automating the application of encryption or device control policy, and the extension of management for these capabilities to hosted offerings following the release of Symantec’s hosted endpoint security offering…Symantec is clearly out to extend its lead in endpoint security management in a market where moves such as Intel’s acquisition of McAfee raises new challenges for the company, and to make sure its stake in endpoint security remains part of its strategic priorities going forward.”

There also are plans for deeper integration with another major Symantec acquisition – VeriSign – in the future as well, Matthews said. For example, PGP encryption products can work together with user authentication to provide stronger overall security.

“In the future, Symantec is considering taking this a step further by using VeriSign authentication – one-time password or client certificate–to allow strong authentication for administrators or users to log into their encryption application, such as an email account, or management console, such as PGP Universal Server,” he said.

“If you look at the most commonly deployed technologies after a data breach…they are encryption, DLP and authentication, and now Symantec has all three of those,” he added. “So [what] we see here already is integration between encryption and DLP, [and] you can look for more integration with the VeriSign technologies down the road as well to offer strong authentication to work with the encryption.”