Last month, we initiated PGP Corporation's participation in a new program to highlight the risks associated with unsecured corporate data. We believe that data is the new corporate "currency," and we're committed to bringing products and practices into the mainstream that treat it as such. The interesting thing about this particular metaphor is that it’s quite instructive in highlighting just how far we have to go in developing standards of conduct for handling confidential information.

Every first-year accounting student knows that when it comes to tracking money and transactions, it's "debits to the left, credits to the right," and no one goes home until they balance. What most people and even relatively few accounting students know is that the core principles around which the entire accounting profession are based were codified more than 500 years ago by Luca Pacioli. A contemporary and colleague of Leonardo Da Vinci, Pacioli's first book, Everything about Arithmetic, Geometry, and Proportions (Summa de Arithmetica, Geometria, Proportioni et Proportionalita), published in 1494, outlined most of the accounting cycle as we know it today.

In the intervening 500 years, of course, Pacioli's work has been enhanced and extended many times to encompass ever more complex business structures and transactions. The current Federal Accounting Standards Board’s Statement of Standards now consists of 159 separate documents and tens of thousands of pages. Despite this extensive documentation, there is a lot of unfinished business when it comes to documenting how money and transactions should be tracked and controlled, as the recent Enron case so painfully demonstrated.

If it's taken us 500 years to develop this level of standards for financial accounting, imagine how long it might take to develop comprehensive standards for the handling of confidential information. As the Chinese philosopher Lao Tzu said, "A journey of 1,000 miles begins with a single step," and earlier this month in New York, we took that step. In conjunction with IDC and a number of other partners, we launched the Enterprise Data Protection (EDP) program.

At a high level, the concept of EDP is based on four key premises:

• Data really is the new corporate currency.
• De-perimeterization is a reality, and no firewall architecture is capable of protecting corporate data on all the devices on which it now resides.
• Data security is becoming an increasingly complex problem that will only become more complex for the foreseeable future.
• Enterprises require new approaches to achieve a comprehensive solution to the problem of protecting confidential information.

Responding to this emerging and increasingly dangerous threat requires that public and private enterprises plan and implement four separate security efforts:

• Detect – Identify & locate data that must be secured
• Access – Authenticate & manage identity
• Manage – Archive, backup, & store
• Protect – Defend data according to policy

We believe that only when an enterprise puts practices, policies, and products in place that address all four of these areas can it claim to be pursuing best practices in protecting its customers', partners', and employees' confidential information. Once these measures are in place, the enterprise must review and enhance them periodically as the business and threat models evolve.

You'll be seeing much more about Enterprise Data Protection and how you can apply its concepts to your business in the coming months. We believe that EDP is the right way to think about this problem and the required solutions. Once you understand the concept, I think you’ll agree that short-term action is required to address current threats to confidential information. Keep in mind, however, that this really is a journey we’ll take together and that like financial accounting, the data protection discipline will evolve for many years to come.

- Phil