Wasn't 1999 supposed to be "the year of Public Key Infrastructure (PKI)?" Yes, I know, another analyst prediction that didn't come to fruition. It's fair to chastise the analysts for another missed call, but PKI certainly shares some of the blame.
It really is difficult to imagine a "year of PKI" because PKI isn't your typical technology trend. PKI isn't a standalone security widget, it is a complex infrastructure that must be integrated into existing applications and business processes. Once implemented however, PKI can really improve security, protect data integrity, and bolster identity management.
PKI never took off because of demand- and supply-side issues. Customers eschewed PKI because it was expensive, difficult to implement, and lacked support of many applications. Vendor solutions really didn't address these issues very well. PKI products have always been rather clunky or academic. IT people love technology but not science projects.
This situation is finally changing. On the demand side, PKI is riding on the back of regulatory compliance, security, and business-to-business requirements. More companies and government agencies are adopting smart cards for physical and IT security, a perfect complement to PKI. Application support is more ubiquitous and integration is easier than it was in the past. Companies also need to secure data exchange and develop trust relationships with external constituencies. PKI to the rescue!
So what about product complexity? The supply-side gang is dealing with this as well. Microsoft gets it--its Microsoft Identity Lifecycle Manager and Certificate Lifecycle Manager products marry PKI functionality with Windows ease of use. Don't get me wrong, PKI is no "day at the beach," but Microsoft will continue to tame PKI complexity over time. This combined with Windows 2008 server and Vista desktops will pave the road from broad PKI adoption.
Organizations who remain averse to managing a PKI infrastructure have other attractive options. How about PKI in the clouds? PKI services experts like Chosen Security, RSA Security, and Verisign can handle the whole enchilada without fussing with server implementation. One phone call and PKI becomes an operating expense.
I'm too old to stick out my neck and say that 2008 will be "the year of PKI," but in my view, PKI is inevitable. Heck, if you consider secure Internet traffic using SSL, it already is. In this era of data breaches and identity theft, PKI is rapidly becoming a requirement. Shrewd vendors like Chosen Security and Microsoft are meeting this demand with robust simplified product offerings. Supply and demand lines are likely to cross soon.