E-business Embraces PKI

[InfoSec News <isn () C4I ORG>]

http://www.techweb.com/wire/story/TWB20000526S0006

By Diane E. Levine, InformationWeek
May 26, 2000 (9:13 AM)

Conventional security systems are built with the idea of keeping
people out. But in e-business, it's vital to let people in -- to give
authorized outsiders access to the crucial resources and applications
that would allow them to complete transactions online. That has many
companies looking at public key infrastructure (PKI) technology. PKI
allows use of digital certificates to ensure the confidentiality and
integrity of data through encryption, control access through private
keys, authenticate documents via digital signatures, and ease
completion of business transactions.

More companies are learning the benefits of PKI firsthand. A security
survey of 2,700 executives, security professionals, and technology
managers in 49 countries conducted last year by InformationWeek
Research and PricewaterhouseCoopers showed that PKI use had more than
doubled from 6 percent to 13 percent in a year.

New York Life Insurance, for instance, implemented a PKI system from
Entrust Technologies (stock: ENTU) to automate internal processes and
procedures. The insurance company has issued 12,000 digital
certificates that are used daily to verify identities and to ensure
security.

"We selected Entrust because it could provide us with a shrink-wrapped
solution," says David Klinkman, assistant vice president of
Internet/security infrastructure development at New York Life. "Out of
the box, the software worked perfectly."

One warning: Implementing PKI can be a challenge. "A central services
approach where the PKI provides keys and key management for multiple
applications is expensive, complicated, and if not done well,
career-limiting," says Victor Wheatman, a vice president and research
director at GartnerGroup, Stamford, Conn. "That's scary for managers
who need to sign off on these projects."

But that's not likely to slow the deployment of PKI. Windows 2000 has
PKI built in. PKI prices are falling: Meta Group, Stamford, Conn.,
predicts costs will drop 30 percent to 40 percent in the next few
years.

"There's nothing else available that does what PKI does," says Bill
McQuaide, vice president of product management at security systems
vendor RSA Security (stock: RSAS). "Any company that's going to do
business over the Internet has increased risk, and security becomes
paramount. PKI is the most promising solution because you can control
who does what by issuing digital certificates."

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".