Trying to make money from doing business over the Internet, the technological and business sides of corporations are drawing closer together and opening an opportunity for public key infrastructure technology, says UK policy consultancy De La Rue InterClear. The PKI company, which has had a good deal of difficulty finding customers over the past two years, believes this will soon result in its business picking up.
InterClear says the main reason PKI technology hasn't found the clientele hoped for at the height of its popularity is that vendors have tried to pretend secure e-commerce is a purely technological matter. PKI encrypts communications and seeks to authenticate identities by using digital certificates and signatures.
"We'd be much further down the line now if it hadn't been for the blather from the technology companies," says Simon Lofthouse, InterClear's head of marketing. "It has seriously hindered the take-up of PKIs as a way of doing business."
Of the thousands of companies that rushed to do business over the Internet with expensive technical implementations, many are now wondering how to make money out of it. One of the biggest problems is that business environments from the 'real' world haven't yet been replicated in e-business. Key areas of concern is whom to trust when doing business over the Internet and how to ensure that transactions leave an audit trail and that disputes are legally admissible. It's these problems that PKIs and business applications secured with PKIs were supposed to solve.
The reality has been somewhat different. PKI vendors have concentrated on the technology needed to secure Internet infrastructures, rather than promoting ease of use or PKI as a way to do business. Selling in this way is fine in a mature market, but this is a new idea and the concept of PKI has been tarnished by its reputation as an onerous and expensive technological implementation without obvious tangible benefits. Even those large financial services companies that have installed the infrastructure aren't necessarily operationally committed to it.
As a result, PKI vendors such as Entrust and Baltimore are going through intensive rebranding efforts and have seen their share prices dip alarmingly. Analysts that were trumpeting PKI technology as the future of secure e-commerce only a year or two ago are now questioning the business models of companies that used to call themselves PKI vendors. "The future of selling purely PKI technology is dubious," says Lofthouse.
This was highlighted recently when US firm VeriSign issued two Microsoft digital certificates to impostors. Lofthouse uses this event to push InterClear's position that PKI is more of a process than a technology and that there is no need for trusted third parties (who issue and verify digital certificates on behalf of companies) to be part of the equation. Companies simply need to apply their own rules and regulations to the administering of certificates ? otherwise certificates have no real value, he says.
Lofthouse has a point, but this obviously plays to the idea of a PKI consultancy like InterClear, which offers no real technology above and beyond the basic PKI security included in Microsoft software, for instance.
De La Rue InterClear, and the technology companies it criticizes, hopes that the gradual convergence of Internet technologies and traditional business processes will give the PKI industry the shot in the arm it desperately needs. The future is likely to lie in the melding of Internet security with insurance against risk - such as is the case in the real world, with burglar alarms, health and safety regulations, and insurance policies. US firm Counterpane, led by Bruce Schneier, is leading the way here, despite the difficulty of calculating risk.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.