PGP, or Pretty Good Privacy, is a security program that allows users to encrypt and decrypt e-mail, as well as incorporating the added protection of digital signatures for user verification. OpenPGP builds upon PGP with enhanced PGP standards, military-grade security and an increased number of encryption algorithms. Michael W. Lucas, author of PGP & GPG: E-mail for the Practical Paranoid recommends that IT managers take advantage of easy-to-use OpenPGP to add an extra layer of internal security that can prevent tampering from within an organization. The most difficult part is not installation or using OpenPGP but educating users.

OpenPGP puts control of security in the hands of the IT manager. Even if you only use it internally amongst your IT staff, it provides a layer of security that's difficult to achieve otherwise. One common problem in computer security is 'who watches the watchmen?' Your e-mail administrator has the ability to view and edit any e-mail message that passes through the system. When I'm troubleshooting a network problem, I often must use a packet sniffer. At that point, I will see the contents of e-mail messages unless I take specific steps to prevent it. Even your helpdesk staff has access to people's personal data. All of these people can change that data, or even create entirely fraudulent data, files and messages and attribute them to other people.

The link for this article located at TechTarget is no longer available.