TechTarget

Users shy of PKIs



Suppliers of public key infrastructure technology (PKI) are facing a market shakeout as users shun their marketing message.

Suppliers such as RSA,...



Suppliers of public key infrastructure technology (PKI) are facing a market shakeout as users shun their marketing message.

Suppliers such as RSA, Entrust, Baltimore Technologies - which recently bought another supplier, GTE Cybertrust - have all struggled to convince commercial users that they need security architecture based in digital certificates.

Some have started to change their marketing strategy to focus on the need for a "trust infrastructure" rather than selling a PKI. But "trust" too has become a difficult concept for users to grasp.

Users who have bought an expensive, proprietary PKI technology are beginning to reject the digital certificate-based approach, because they believe that - for the time being - they do not need it.

Security specialists such as Inter Clear and Trustis are ignoring the "PKI sell" in favour of solely discussing business requirements with clients.

Inter Clear, which is a specialist in PKI outsourcing, now discusses security with users in terms of "risk management", and warns against users losing control of their own security infrastructure.

"When implementing a PKI, organisations must be wary of having their e-business strategy dictated to them by PKI technology or a supplier's procedures," it said.

"They must ensure that they remain in control of who issues, owns and manages the rules under which digital certificates are used within a PKI."

Trustis technical director Alan Liddle said, "We still have users telling us they want a PKI, and we have had to tell them: 'PKI might be a good idea, but not just yet.'

"A lot of it has been oversold. Large, all-embracing PKIs are difficult to build. You might even be better off integrating five PKIs for different divisions, rather than one large one," he said.

Liddle offers the following advice for IT directors facing a PKI-sell from suppliers:

  • Look at what your business needs are
  • Think about what you need to do, not what the technology is
  • Don't try and do too much, too soon.
  • This was first published in March 2000

    CW+

    Features

    Enjoy the benefits of CW+ membership, learn more and join.

    Read more

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCIO

    SearchSecurity

    SearchNetworking

    SearchDataCenter

    SearchDataManagement

    Close