December 11, 2000, 11:46 AM — Public-key infrastructure (PKI) is beginning to get a lot of
attention. But just how good is this new technology, and what can vendors do to make it
better? To find out, Network World recently assembled a who's who of PKI vendors
and consultants to kick around the issues. Participants included Vijay Ahuja, a
consultant with Ernst & Young; Gina Jorasch, director of evangelism for VeriSign;
Michael Rothman, executive vice president of SHYM Technology; Christopher Voice, a
product manager for Entrust; Paul Paget Jr., a vice president of CyberTrust, a division
of GTE Internetworking; and Andrew Morbitzer, director of marketing at Baltimore,
What is the state of security today?
VeriSign's Jorasch: I think the state of technology of securities is quite
far along; there are plenty of solutions out there that will solve your problem for
your intranet, your extranet or electronic commerce. The main issues, right now, are:
Is PKI as easy to use as companies would like? Is it as interoperable across all the
different application areas as they would like to see?
From a vendor's perspective, we think PKI is ready for prime time, and we see plenty
of customers who are having great success adopting PKI and enabling secure commerce and
secure extranets. We think the momentum is building for more to do that.
Ernst & Young's Ahuja: From, say, the mid-to-late 1980s to early 1990s,
there was this big pressure on developing security inside the network, such as
passwords and access control, and I think it went pretty well. But there was this
constant, lingering struggle for the security manager to justify the importance to the
financial officers and the CEO. It was almost like it was an expense site investment
with no returns.
Today I think the technologies are really great. And what we need is to provide
complete solutions. To me, a complete solution is that if I'm an end user or I'm a
client application, I should have all the security services in a way that they are
hidden from me, that I do not have to know them, but they provide me complete security.
Baltimore's Morbitzer: When I'm in meetings, for the last six or eight
months, I'm not just dealing with the technology person. I'm in there now with a
business operations owner, a business applications owner or a business services owner,
who's saying to me: 'Show me the business case.'