PGP is something that has been about for some time (I think it was Zimmerman in the very early 90’s) and something that I have been using myself for over a decade, thanks to @ashipton and @shorefront. I recently re-installed the MAC version on my laptop (yes it’s a fully licensed copy) so I could digitally sign my endorsement of a friend’s CISSP application. What took me by surprise is, I’ve had my new laptop since last year and this is the first time I’ve HAD to actually sign anything in this way in a while.
Whilst I can understand that I’m not in the security field directly anymore, I do send a lot of extremely sensitive information about via email to my customers. It is not that I forgot that such technology exsts (or I’ve become completely careless – I now send pass protected zip files), It was something I asked about when I first started but never got an answer and gave up persuing after a year.
I’m amazed that now-a-days with the level of regulatory oversight and hoops to jump through for certification, it is still the one thing that isn’t mainstream or mandated solution.
For example, PCI DSS forces you to use email encryption, however only if it pertains to a card PAN. What about all that other critical information that could be potentially passed that would allow the underlying infrastructure to be compromised, or even accidental transmition of card holder information because someone forgot to press “encrypt” before they pressed send?
Just some food for thought.