Computer Associates, which aims to provide corporations with comprehensive IT security, is entering the public key infrastructure (PKI) field with a product designed to boost companies' internal IT security. CA's size and brand name may help it succeed where smaller pure-play PKI companies have failed.
Software vendors like Baltimore and Entrust that sell only PKI technology - which uses public and private keys to digitally identify, encrypt and sign Internet communications and transactions - haven't had great success in selling the product. The technology is considered by many to be expensive and difficult to install. It is also particularly vulnerable to spending cuts as the current economic environment continues to darken.
CA, which is 25 times bigger than the biggest PKI vendor Entrust, will be able to capitalize on its existing install base. It will also benefit from its ability to negotiate directly with boards and at the very start of IT negotiations.
The company will release its eTrust PKI product as part of its eTrust suite to help companies manage better their security. For the moment, CA will only offer internal PKI installations rather than the complicated and expensive outward-facing PKIs available from other e-security vendors. That means it can only secure communications within the company.
Due out in the third quarter, eTrust PKI will manage digital certificates to provide more secure access and stronger authentication for an enterprise's employees. This adds an extra level of security beyond user names and passwords, strengthens systems against hacking, and makes it more difficult for outsiders to use employees to gain access to systems. And because the records of communications involving digital certificates are legally admissible in European courts, they provide companies with a means to prove fraud.
"This is the main reason why the industry is selectively moving towards PKI," said Piers McMahon, CA's senior product strategist for eTrust PKI.
In truth, very few companies use PKIs, though they are popular with governments. The technology suits governments' need to send private communications and supports their proposals for digital signatures to become a de facto standard for secure e-commerce. Banks have installed PKIs - many as part of the Identrus banking PKI consortium - but they see their PKIs as a future option rather than as an immediate business tool.
This is one reason why CA is dipping a toe into the PKI market rather than aiming at the secure business-to-business opportunity. Also, CA receives 90% of its revenue from products as opposed to services, and doesn't have the expertise required to install outward-facing PKI installations.
However, there are questions about how much of the security spectrum CA covers and about how easy it is to integrate CA's security software. At the moment, a client using products from other vendors must install CA software agents designed to integrate and manage that application.
The cost of eTrust PKI will be between $2 (at 100,000 users) and $20 per user, and it has to be used with CA's single sign-on product, which costs between $20 and $50 per user.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.