FollowUs

follow facebook

case studies

webinars

podcast

 

Facebook Google+ Twitter LinkedIn

Our Blog to Your Inbox

Your email:

Latest Posts

Posts by category

Townsend Security Data Privacy Blog

Current Articles | RSS Feed RSS Feed

What is the difference between AES and PGP Encryption?

Posted by Kristie Edwards on Thu, Jan 12, 2012 @ 05:55 PM
  
  
  
Add to delicious  delicious  
  

I recently had a conversation with one of our customers about the automatic encryption webinar they attended.  The webinar demonstrated how companies can implement AES encryption on their AS/400 without making application changes. This customer currently has our managed file transfer solution, FTP Manager with PGP encryption, and was confused as to why they would need AES encryption if they were using PGP.  I explained that PGP encryption protects data in motion - when it is transferred outside his company.  If he was storing data on his AS/400, he would need AES encryption to protect his data at rest.

aes encryptionAES Encryption
AES encryption is the standard when it comes to encrypting data in a database.  Advanced Encryption Standard (AES) has been adopted as a standard by the US government and many state and local agencies. AES is the recommended encryption method for PCI, HIPAA/HITECH, GLBA and individual state privacy regulations.  AES encryption uses an encryption key to encrypt the data. Typically, this key is stored on the AS/400 and used when the data needs to be decrypted.  To side track here a little, this is not a good idea.  Leaving your encrypted data and keys in the same place is like leaving the key to your house under your door mat.  If you want to learn more about why this is a bad idea, take a look at this blog article on the topic.

PGP Encryption
PGP encryptionPGP encryption is the standard when it comes to encrypting files that need to be transferred.  Pretty Good Privacy (PGP) is the standard for encrypted file exchange among the world’s largest financial, medical, industrial, and services companies.  Also know that when encrypting a file with PGP, you may be using AES encryption.  

AES encryption and PGP encryption solutions work together to ensure that all your sensitive data is secure.  AES will protect data at rest within your organization and PGP encryption keeps it secure when it is sent outside your company.

I hope this has been helpful in better understanding the differences and similarities of PGP encryption and AES encryption.  If you have any questions you can always email me at kristie.edwards@townsendsecurity.com or learn more about AES and PGP encryption.  Additionally, you can view the webinar "Automatic Encryption on the IBM i" that spurred this conversation.

Tags: , , ,

Comments

We are in the process of certify PCI and OS 7.1. users. 
 
Posted @ Wednesday, January 18, 2012 7:57 PM by Mario Bibolotti
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics