Public-Key Infrastructure (PKI) provides critical enabling technologies -- such as authentication, data privacy, data integrity and digital signatures -- for new classes of e-business applications. In the current economy, however, organizations require not only a technology case but also a strong business case for their investment in PKI. In other words, what is the return on investment (ROI) for PKI? This is not always an easy question to answer. PKI is a security infrastructure, after all, and the ROI for infrastructure of any kind can be difficult to quantify. Some companies don't try, and have implemented based more or less on a leap of faith. At some point, however, we can observe that ROI for infrastructure often becomes unnecessary to quantify, because the capabilities it enables are both mission-critical and well understood. For example, when is the last time any large business required an ROI analysis to decide whether or not to invest in enabling infrastructure such as telephones, facsimile machines or e-mail? ROI for PKI is presently viewed as somewhere between too difficult and not necessary, between a leap of faith and a matter of course. PKI costs
How much does PKI really cost? To develop a meaningful total cost of ownership (TCO) for PKI, consider all relevant costs in the following high-level categories:
What financial returns does PKI really provide? To develop meaningful financial returns for PKI-enabled applications, focus first on the business process, then establish appropriate metrics, and then look for all relevant returns in the following high-level categories:
Derek E. Brink is the chairman of the PKI Forum, an international, not-for-profit alliance comprising technology and service providers, integrators and end-users whose purpose is to accelerate the adoption and use of PKI and facilitate interoperability through multi-vendor testing of industry standards and educational outreach. The Director of Product Marketing at RSA Security, his work has included market and competitive analysis, strategic planning and product marketing for the company's public-key infrastructure, authentication, services and intrusion-detection offerings.