Tom’s Hardware: Interview with Phil Dukelberger

PGP the product has had a long and interesting past. It began as a piece of shareware written by Phil Zimmerman in the early 1990s called Pretty Good Privacy, a DOS-based command-line encryption utility that was used by uber-hackers to keep their emails from prying eyes and keyboards. Back then the Internet was young, the Web was still to come, and to make matters worse, the US Government quickly banned the nascent software utility, claiming that email encryption was a national security threat.

Well, eventually the government came to its senses and PGP became the gold standard for keeping emails private. A software company grew around the utility and became successful enough that the conglomerate called Network Associates bought PGP in 1997. After several releases, including support for Windows and Unix, a group of investors were formed in 2002 and purchased the assets and intellectual property back from Network Associates (which is now called McAfee) to have a successful life as PGP Corp.  (Note: PGP is now a part of Symantec.)

The company is run by Phil Dunkelberger, who was at the helm in the days before Network Associates era in the mid 1990s. The president and CEO is a soft-spoken but very intense man that is very focused on the task at hand, making PGP into the best encryption software provider bar none. Dunkelberger has a long heritage with his technology chops, going back to Xerox’s Palo Alto Research Labs in the late 1970s when they introduced the Star workstation, the precursor of the modern PC. He runs both Mac and Windows PCs today. We caught up with him recently in San Francisco, where he spoke to us about how the company was formed, where it is going, and how its channel and products have evolved.

Q. How easy was it to take PGP’s assets out of Network Associates (NAI)?

A: It was actually fairly easy for us. NAI had told the world that they were going to discontinue innovating PGP and that they weren’t going to support the products. So the end of life notice was already given when we picked up the assets from NAI.

I have seen more and more resurrected companies since we did our deal. There are a number of small and big opportunities and the traditional venture mode is changing. You can get a head start by acquiring these assets. My advice to entrepreneurs is instead of build it yourself to begin with look for proven, standards-based technology or a vertical market, and then pursue this because in our case it certainly gave us a running start.

Building a real business these days requires a lot deeper and broader set of skills than what was required five or seven years ago: your management team has to be deeper, your VCs have to be more patient. People aren’t as quick to bet on innovative companies these days. If you are entrepreneur, I would recommend that you buy an existing customer base.

Q: Do you ever use a public kiosk or public wifi network to get your own email?

A: I am pretty good about using our own security products. I don’t ever roam freely around those networks without any protection, and there are certain things that I won’t do on a public network. And if you are in a hotel in Europe if you aren’t protected you will likely get some form of malware on your machine from their networks.

Most of the time when I travel I use TMobile’s service, although I have used many others. On a recent trip to Europe I was on Vodaphone’s network at the Munich airport and Swisscom in Switzerland. I also use our own products extensively, including our own disk encryption and firewalls. Although right now I am testing Symantec’s Norton desktop firewall and several VPN clients as part of our internal quality assurance tests. All of us, and especially the executives at PGP, run a lot of different things to test our software against. It was a lucky thing that I had more than one VPN client installed, as one worked on the Lufthansa flight back from Europe and one didn’t. That was very fortuitous.
Q: How important to you personally is hard disk encryption?

A: I have had my laptop taken away from me briefly at airports for security screenings, and have the screeners pick it off the belt where I can’t see it, and that motivates me to make sure that everything on it is encrypted. Our product really is a godsend, and all my files on my laptop are encrypted. These days securing your data and not just encapsulation of the pipe is becoming more and more important, and an absolute business requirement.

Q: How does a corporation get started on setting up email security policy options?

A: We have seen this happen in variety of different ways: channel, reach, compliance and remediation, and industry-specific situations. First, it helps by having a robust channel with some focus on vertical markets where a company is under some kind of compliance and has some kind of external force pushing them to encrypt and protect their email traffic. Second, we have also seen many small businesses that are in business servicing someone big, and that big company mandates their suppliers and customers send email using PGP. We have a large auto manufacturer in Germany that has 5,000 suppliers and that mandated all of those small businesses to send email with PGP. Both are easier entries than just going in there cold and trying to get people to realize that file attachments are an issue.

As we look at the overall trends in business, there is more awareness about security in general and encryption. For example, in California there are small real estate companies and banks that are very aware of what they have to do to secure their data.

Q: You got your start with selling command-line encryption tools. How is that market doing?

A: We re-introduced the command line encryption products the middle of last year, and the business has grown 100% a quarter for the past three quarters. It has been a very pleasant surprise. We have had days where people order $50,000 off our Web site with their own credit cards. We have everything from a large aircraft manufacturer that takes all of the manuals to banks on Wall Street using the command line product. Some of our customers are encrypting their backup files and then storing them on tapes.

Q: Who of the surviving email security vendors is your competition these days?

A: We usually have two kinds of competitors now. First are the PKI infrastructure vendors, including Microsoft, Entrust, Cisco, Juniper, Aventail and those kinds of solutions. We usually win based on usability and reliability. Then we also have traditional email vendors that are selling into particular vertical markets such as Tumbleweed and Sigaba, and we win when the solution involves more than just selling email as part of the entire solution. We tend to be a suite vendor rather than selling a single product.

Q: Your PGP Universal product is supposedly very easy to deploy. Can you give me an example?

A: Universal is ready to run on a number of platforms, you just add hardware, and it works. Our biggest solution to date was with one of the top pharmaceutical firms and we had it running in less than 30 days for over 70,000 users. One of the very valuable features of the product is something we call “learn mode” which means the product just observes the traffic but doesn’t interfere with the mail stream and is very useful to help our installers as they tune the system to a particular customer’s needs.

Q: What do you think of the Microsoft/Groove announcement?

A: I think this validates the whole idea of peer-to-peer security that we have been talking about for many years and we welcome what they are doing.

Q: Tell me more about how you have developed your channel program and how it evolved.

A: We have three tiers of resellers. The top tier has the same training that our own system engineers have, and have to be able to install all the products and understand their interaction with our various partner products as well. The next tier has specific service contracts typically for larger corporate customers and they only need to know a couple of our products. The last tier are not very solutions oriented, just sell in quantity one to five units, typically only deal with our desktop products and specialize with one or two products and not sell enterprise-level products.

Our channel has evolved over the past several years. We now have 300 resellers in 91 countries and have added 30,000 new customers in the less than three years since we began our company and taken it out of NAI. In fact, our sales now are better than any of the years when we were part of NAI.

When I was in charge of sales at Symantec, we found that you couldn’t rely on the channels to create demand for new products like PGP Universal. The channel makes money on support, service, hardware management, off-site monitoring and so forth. But we had to go out and find the market segment, recruit the resellers, and do things like build hands-on labs to train our VARs and find other partnerships that would work for us.

For example we just put on a four-day training session in Singapore, for our local partners. We get everyone involved in installing the software and understanding how the products work in a very hands-on session.

But we also established a series of technology partnerships with vendors that have major email solutions such as IronPort, SendMail and MailFrontier. These vendors all offer things like anti-spam and content filtering solutions. First they wanted to cross-train their sales teams to resell our products and as their gained experience with PGP they became OEMs and wanted to bundle their software with ours on a single box. Now they are an active channel for us and we have consolidated reporting. They sell a single solution and everyone gets a better margin and the customer gets one vendor to buy all of it from and fewer vendors to deal with for front line support.

Q: So any final thoughts?

A: We have become successful because of several things. First, encryption is just becoming a standard feature for more and more people. It operates down at the transport layer and is just like a network dial tone, what I call “encryption tone” these days. Second, we got a great start by being established and not having to recreate everything from scratch when we came out of NAI. Third, it helps that we are an open standards vendor and we publish our source code. We wish more companies would publish their code as well. Finally, we have a very good product road map and we spend a lot of time listening to our customers, asking them what they want in the next two versions of the products and so forth.

Read More
Dark blogs

(Note: this was first written in 2005.)

Blogs are everywhere, and you know they have reached the point of no return when corporate IT departments begin to evaluate different blogging software tools and the topic gets cover story treatment from Business Week and Fast Company, for those of you that haven’t looked at a printed magazine in a while.

But what got me going was reading the a research report written by Suw Charman called Dark Blogs: The Use of Blogs in Business. The report is a case study of large European pharmaceutical company’s implementation of Traction Software’s TeamPage, a commercial blogging tool. Given that the report was paid for by Traction, you want to take a few of its conclusions with care, but still it gives some good advice when it comes to implementing blogs in the corporate world.

There has been a lot written about using corporate blogs for external communication, such as the CEO blogs from Schwartz, Cuban et al. But what caught my eye was how blogs have developed into a new IT tool for internal communications of the common cubicle dwellers, deep behind the corporate firewall (hence the name dark blog).

Before I roll through Charman’s conclusions I want to point out a couple of things that struck me reading her report. The pharma needed some software to keep track of its competitors and have a central place where researchers and corporate management could easily capture this information and comment on it. They were having problems with keeping up to date and getting the right people to discuss what was going on, and went looking for solutions.

They weren’t happy with their previous systems, using various Web-based intranets and applications built on top of Lotus Notes. The information they track is fairly unstructured and comes from lots of different sources. Notes is a very structured program, which is great for building databases on the fly but not so great if the information doesn’t have a consistent format and structure. The company wanted something that had the group collaboration dynamic of a blog, with the flavor of editing-on-the-fly of a wiki that was easy to use and didn’t require special software outside of the Web browser. Does this sound familiar? I can’t tell you how many companies I talk to want something similar. Heck, I want something similar for my crew here at Tom’s.

So what happened? The company built its blogs (they had several underway, which shows you how useful they were) in such a way as to tie in with the corporate LDAP directory structure (for a single user login) and to provide email notifications when new entries were posted. I think both of these are big reasons for its success, because it wasn’t as technologically disruptive to the corporate culture as it could have been. Pharmas are big email consumers, and having a blog technology that fit in with their email habits was important.

Second, they ran their blog like we run our publishing mini-empire here at Tom’s, with an editor-in-chief and a publishing process that was well defined to get material from the individual author to the Web. A lot of people mistake this process with censorship or control of information, but the actual use (and what seems to be happening at this pharma company) is to polish and make the information readable and attractive and organized. The Traction software also allows for an edit audit trail to see who was editing what piece when and a permissions system so that not everyone can edit or even view every piece. Too many blogs are just typing and not a real editorial product. You need extra pairs of eyes and brains (hopefully both connected and working together) to make sure that what gets posted makes sense.

Charman mentioned these other lessons:

  • Taking blogs to the corporate masses
  • The blogs’ aims were clear and precise and had been well defined
  • The project had the full support of the CEO and upper management
  • There was a well constructed project plan, which included consideration of high level issues such as structure, taxonomy and search requirements as well as day to day user requirements
  • The open commenting system allows for dialogue with users
  • Integration with existing systems and technologies created a more seamless user experience
  • Read permission control means that potentially sensitive information can only be accessed only by those who need it

Charman says in the report that “Compared to setting up a similar project on a more traditional CMS or KM platform, the project has been simpler, faster, more effective and less expensive to implement.” And that is perhaps the best lesson for today’s IT departments: find a technology that you can roll out quickly, that doesn’t require a great deal of training, and get the right people behind it. While you are at it, roll it out to a focused user group to build word of corporate mouth prior to a company-wide launch.

Looking for more tips about dark blogs? CIO Insight’s Edward Cone offers these suggestions in his story about corporate blogging.

Blogging.org has a nice rundown on how to make money with your blog that is aimed more for individuals, but still has some great advice for corporations.

Granted, blogs are the new religion, or the new color black, or the return of/son of push technology or the latest killer app, depending on your time and tenure in the IT industry. But like so many other corporate IT projects, their success or failure hinges not on the actual technology itself, but how you finesse the people parts of the equation and sell the app to userland.  The pharma case study is a good example of these “softer” parts of the IT equilibrium and how well it can work. It is nice to see that sometimes IT can get it right and be the good guys for a change.

Read More
Phil Dunkelberger from PGP

PGP the product has had a long and interesting past. It began as a piece of shareware written by Phil Zimmerman in the early 1990s called Pretty Good Privacy, a DOS-based command-line encryption utility that was used by uber-hackers to keep their emails from prying eyes and keyboards. Back then the Internet was young, the Web was still to come, and to make matters worse, the US Government quickly banned the nascent software utility, claiming that email encryption was a national security threat.

Well, eventually the government came to its senses and PGP became the gold standard for keeping emails private. A software company grew around the utility and became successful enough that the conglomerate called Network Associates bought PGP in 1997. After several releases, including support for Windows and Unix, a group of investors were formed in 2002 and purchased the assets and intellectual property back from Network Associates (which is now called McAfee) to have a successful life as PGP Corp.

The company is run by Phil Dunkelberger, who was at the helm in the days before Network Associates era in the mid 1990s. The president and CEO is a soft-spoken but very intense man that is very focused on the task at hand, making PGP into the best encryption software provider bar none. Dunkelberger has a long heritage with his technology chops, going back to Xerox’s Palo Alto Research Labs in the late 1970s when they introduced the Star workstation, the precursor of the modern PC. He runs both Mac and Windows PCs today. We caught up with him recently in San Francisco, where he spoke to us about how the company was formed, where it is going, and how its channel and products have evolved.

Q. How easy was it to take PGP’s assets out of Network Associates (NAI)?

A: It was actually fairly easy for us. NAI had told the world that they were going to discontinue innovating PGP and that they weren’t going to support the products. So the end of life notice was already given when we picked up the assets from NAI.

I have seen more and more resurrected companies since we did our deal. There are a number of small and big opportunities and the traditional venture mode is changing. You can get a head start by acquiring these assets. My advice to entrepreneurs is instead of build it yourself to begin with look for proven, standards-based technology or a vertical market, and then pursue this because in our case it certainly gave us a running start.

Building a real business these days requires a lot deeper and broader set of skills than what was required five or seven years ago: your management team has to be deeper, your VCs have to be more patient. People aren’t as quick to bet on innovative companies these days. If you are entrepreneur, I would recommend that you buy an existing customer base.

Q: Do you ever use a public kiosk or public wifi network to get your own email?

A: I am pretty good about using our own security products. I don’t ever roam freely around those networks without any protection, and there are certain things that I won’t do on a public network. And if you are in a hotel in Europe if you aren’t protected you will likely get some form of malware on your machine from their networks.

Most of the time when I travel I use TMobile’s service, although I have used many others. On a recent trip to Europe I was on Vodaphone’s network at the Munich airport and Swisscom in Switzerland. I also use our own products extensively, including our own disk encryption and firewalls. Although right now I am testing Symantec’s Norton desktop firewall and several VPN clients as part of our internal quality assurance tests. All of us, and especially the executives at PGP, run a lot of different things to test our software against. It was a lucky thing that I had more than one VPN client installed, as one worked on the Lufthansa flight back from Europe and one didn’t. That was very fortuitous.

Q: How important to you personally is hard disk encryption?

A: I have had my laptop taken away from me briefly at airports for security screenings, and have the screeners pick it off the belt where I can’t see it, and that motivates me to make sure that everything on it is encrypted. Our product really is a godsend, and all my files on my laptop are encrypted. These days securing your data and not just encapsulation of the pipe is becoming more and more important, and an absolute business requirement.

Q: How does a corporation get started on setting up email security policy options?

A: We have seen this happen in variety of different ways: channel, reach, compliance and remediation, and industry-specific situations. First, it helps by having a robust channel with some focus on vertical markets where a company is under some kind of compliance and has some kind of external force pushing them to encrypt and protect their email traffic. Second, we have also seen many small businesses that are in business servicing someone big, and that big company mandates their suppliers and customers send email using PGP.  We have a large auto manufacturer in Germany that has 5,000 suppliers and that mandated all of those small businesses to send email with PGP. Both are easier entries than just going in there cold and trying to get people to realize that file attachments are an issue.

As we look at the overall trends in business, there is more awareness about security in general and encryption. For example, in California there are small real estate companies and banks that are very aware of what they have to do to secure their data.

Q: You got your start with selling command-line encryption tools. How is that market doing?

A: We re-introduced the command line encryption products the middle of last year, and the business has grown 100% a quarter for the past three quarters. It has been a very pleasant surprise. We have had days where people order $50,000 off our Web site with their own credit cards. We have everything from a large aircraft manufacturer that takes all of the manuals to banks on Wall Street using the command line product. Some of our customers are encrypting their backup files and then storing them on tapes.

Q: Who of the surviving email security vendors is your competition these days?

A: We usually have two kinds of competitors now. First are the PKI infrastructure vendors, including Microsoft, Entrust, Cisco, Juniper, Aventail and those kinds of solutions. We usually win based on usability and reliability. Then we also have traditional email vendors that are selling into particular vertical markets such as Tumbleweed and Sigaba, and we win when the solution involves more than just selling email as part of the entire solution. We tend to be a suite vendor rather than selling a single product.

Q: Your PGP Universal product is supposedly very easy to deploy. Can you give me an example?

A: Universal is ready to run on a number of platforms, you just add hardware, and it works. Our biggest solution to date was with one of the top pharmaceutical firms and we had it running in less than 30 days for over 70,000 users. One of the very valuable features of the product is something we call “learn mode” which means the product just observes the traffic but doesn’t interfere with the mail stream and is very useful to help our installers as they tune the system to a particular customer’s needs.

Q: What do you think of the Microsoft/Groove announcement?

A: I think this validates the whole idea of peer-to-peer security that we have been talking about for many years and we welcome what they are doing.

Q: Tell me more about how you have developed your channel program and how it evolved.

A: We have three tiers of resellers. The top tier has the same training that our own system engineers have, and have to be able to install all the products and understand their interaction with our various partner products as well. The next tier has specific service contracts typically for larger corporate customers and they only need to know a couple of our products. The last tier are not very solutions oriented, just sell in quantity one to five units, typically only deal with our desktop products and specialize with one or two products and not sell enterprise-level products.

Our channel has evolved over the past several years. We now have 300 resellers in 91 countries and have added 30,000 new customers in the less than three years since we began our company and taken it out of NAI. In fact, our sales now are better than any of the years when we were part of NAI.

When I was in charge of sales at Symantec, we found that you couldn’t rely on the channels to create demand for new products like PGP Universal. The channel makes money on support, service, hardware management, off-site monitoring and so forth. But we had to go out and find the market segment, recruit the resellers, and do things like build hands-on labs to train our VARs and find other partnerships that would work for us.

For example we just put on a four-day training session in Singapore, for our local partners. We get everyone involved in installing the software and understanding how the products work in a very hands-on session.

But we also established a series of technology partnerships with vendors that have major email solutions such as IronPort, SendMail and MailFrontier. These vendors all offer things like anti-spam and content filtering solutions. First they wanted to cross-train their sales teams to resell our products and as their gained experience with PGP they became OEMs and wanted to bundle their software with ours on a single box. Now they are an active channel for us and we have consolidated reporting. They sell a single solution and everyone gets a better margin and the customer gets one vendor to buy all of it from and fewer vendors to deal with for front line support.

Q: So any final thoughts?

A: We have become successful because of several things. First, encryption is just becoming a standard feature for more and more people. It operates down at the transport layer and is just like a network dial tone, what I call “encryption tone” these days. Second, we got a great start by being established and not having to recreate everything from scratch when we came out of NAI. Third, it helps that we are an open standards vendor and we publish our source code. We wish more companies would publish their code as well. Finally, we have a very good product road map and we spend a lot of time listening to our customers, asking them what they want in the next two versions of the products and so forth.

Read More
Power to Your Laptop

I want to take a moment to help you become a more powerful user. It won’t take much time and effort, and it will save you a ton of time if the unexpected strikes you down the road. And it is really simple to do and doesn’t require much in the way of technical knowledge.

Last week I lost the power supply to my laptop somewhere between the airport and home. It isn’t a big thing, and compared to losing my laptop ranks low down there on the charts. But it could have been much easier, if all I had to do was take note of something very simple: the power specs of my AC adapter.

You can read more about it here.

Read More
Pat Gelsinger from Intel

There are few people in the computer industry that have shaped the evolution of the microprocessor (and related technologies) as much as Pat Gelsinger. More than 25 years ago, he began his career “one step above janitor” as a Technician 2 at Intel, stuffing boards. He eventually rose to the position of the company’s first chief technology officer (CTO), before taking his current posting as executive vice president of the Digital Enterprise Group.

Read the full interview that Wolfgang Gruener and I conducted here.

Read More
One Button Wireless Security

Most wireless networks these days operate without any encryption whatsoever. And while security professionals (and the FBI) try to make the point that this is a foolish practice, very few of us take the time to do otherwise.

I can’t tell you the wireless networks that are running in the clear at people’s homes who should know better: IT executives, corporate titans of industry, and computing professionals who are familiar with PKI and hacking tools. Why do so many people forgo encryption? There isn’t any one good reason. Setting up encryption over your wireless network often requires a Computer Science degree, plenty of patience, reading at least two manuals, or just dumb luck.

It could be that since setting up a wireless router has become so easy, and the routers themselves now retail at less than $100, that we have all become complacent. Maybe when you get unencrypted communications working you stop and are so thankful that you router is working at all.

Here’s more information and links to the products.

Read More
Remember the Rainbow?

After seeing some new developments in the gaming world, I am not having much fun. We are about to repeat some of the same things we went through during the dawn of the PC era in the mid 1980s. Do you remember way back when with copy protected software, and incompatible disk media formats? Do the names Ashton Tate and DEC’s Rainbow mean anything to you?

Here is how gamers are about to repeat this history.

Read More
How Cars Are Leading Platform Independence

Your car is the leading edge for computing platform independence. Hard to believe, but true.

It is ironic. I spend a lot of time telling you which computing platforms are the right choices for your applications, and how to extract that last bit of performance out of your systems.

But my thoughts today are that eventually, these choices aren’t so important. And in some areas, the platform choices are so indistinguishable that it is hard to tell.

Take your car as an example.

Read More
Personalized RSS feeds for everyone

The more I use it, the more I am becoming a bigger fan of RSS. It is almost becoming a borderline obsession in the past few weeks. I like the way it acts as both a content syndication service and a notification system. And it is nice that RSS doesn’t require any specialized software, so I don’t have to download any new applications.

RSS has become popular in the age of blogs, but it has more universal and interesting applications. It is certainly here to stay.

You can read more of this post here.
And here is a great list of various RSS applications, more up to date than my post.

Read More
The Ultimate Smart Home

I wanted to describe the ultimate smart home that I’ve seen and draw some lessons for you, the enthusiast and early adopter.

The scene is a suburban house that was built from scratch by John Patrick, who retired from running IBM’s Internet business several years ago. And the first lesson is that you have to design your home systems – not just computing but distribution of water, power, and other services – like IBM designed its mainframe computers, with centralized management but distributed control. We truly have come full circle with desktop computing.

You can read more about his home here.

Read More
1 185 186 187 188 189 195