Users shy of PKIs

Suppliers of public key infrastructure technology (PKI) are facing a market shakeout as users shun their marketing message.

Suppliers such as RSA, Entrust, Baltimore Technologies - which recently bought another supplier, GTE Cybertrust - have all struggled to convince commercial users that they need security architecture based in digital certificates.

Some have started to change their marketing strategy to focus on the need for a "trust infrastructure" rather than selling a PKI. But "trust" too has become a difficult concept for users to grasp.

Users who have bought an expensive, proprietary PKI technology are beginning to reject the digital certificate-based approach, because they believe that - for the time being - they do not need it.

Security specialists such as Inter Clear and Trustis are ignoring the "PKI sell" in favour of solely discussing business requirements with clients.

Inter Clear, which is a specialist in PKI outsourcing, now discusses security with users in terms of "risk management", and warns against users losing control of their own security infrastructure.

"When implementing a PKI, organisations must be wary of having their e-business strategy dictated to them by PKI technology or a supplier's procedures," it said.

"They must ensure that they remain in control of who issues, owns and manages the rules under which digital certificates are used within a PKI."

Trustis technical director Alan Liddle said, "We still have users telling us they want a PKI, and we have had to tell them: 'PKI might be a good idea, but not just yet.'

"A lot of it has been oversold. Large, all-embracing PKIs are difficult to build. You might even be better off integrating five PKIs for different divisions, rather than one large one," he said.

Liddle offers the following advice for IT directors facing a PKI-sell from suppliers:

  • Look at what your business needs are
  • Think about what you need to do, not what the technology is
  • Don't try and do too much, too soon.
  • Email Alerts

    Register now to receive IT-related news, guides and more, delivered to your inbox.
    By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

    This was first published in March 2000


    COMMENTS powered by Disqus  //  Commenting policy