A new security-led version of the popular Zip compression technology has been released Tuesday, extending the tool into the business market and putting it up against PGP.
Zip developer PKWare Inc. has added encryption and centralized management to SecureZip, so documents can be protected and compressed at the same time with a sysadmin able to define variables from one location. Currently the program is solely for Windows desktops but Unix, Linux are in the wings and a server version is currently in beta, the company's COO and president Tim Kennedy said.
Security became PKWare's new focus after it acquired PKZip vendor Ascent in 2002, the idea being to marry compression and password-based encryption and make them both centrally manageable. Now, in addition to its own encryption capability based on passwords, SecureZip can integrate with LDAP directories and support PKI certificate-based encryption.
Kennedy said this means companies can opt for a passwords-only policy or combine passwords and certificates. PKWare has also included "the capability for administrative policy lockdowns", so, for example, the need for both a password and certificate to open encrypted files can be enforced across an organization. Similarly, policies can be set whereby "all Excel files must be encrypted. Or all files coming out of the human resources department."
SecureZip for Windows is licensed per user, and the basic package costs (US$116), while LDAP directory integration and the central lockdown feature takes it up to US$161.
Kennedy sees PGP as the primary competitor in the enterprise security space it is now aiming at. His sales arguments are that PGP's technology is proprietary while "most companies want standard-based products", and that most desktop users are already familiar with Zip.
Director of products at PGP Stephan Somogyi refuted the proprietary accusation, arguing that the OpenPGP message format is RFC 2440, ratified by the IETF, which requires at least two reference implementations to be in existence. Aside from PGP's, another implementation is the open-source GPG variety.
He also questioned Kenendy's assertion that end users' familiarity with Zip compression was beneficial to the adoption of SecureZip. "Ease of use is only a fraction of the requirements of an enterprise-grade, broad-based secure messaging system," he argued.
Indeed, as PGP has been offering a desktop version of its software since November 2002 and the server version (PGP Universal) since September last year, it could be argued that PKWare is in catch-up mode. "They're embarking on the desktop path where we've been since 1997, " Somogyi argued, referring to his company's former life, first as PGP (founded 1996), then as a division of Network Associates, after it was acquired in 1997.