Services & Software

Commentary: Don't blame freeware

Network Associates had sales difficulties with its Pretty Good Privacy desktop e-mail security system because enterprises simply found it too difficult to use and manage.

By Vic Wheatman, John Pescatore and Joyce Graff, Gartner Analyst

Network Associates had sales difficulties with its desktop e-mail security system, Pretty Good Privacy (PGP), because enterprises simply found it too difficult to use and manage.

See news story:
Security company drops PGP encryption
Ideally, all messages should be encrypted. However, many enterprises shy away from universal encryption because it adds another step and risks making the information inaccessible to the recipient.

Network Associates cited PGP's free availability for personal use as a major reason for its inability to be successful in selling the product to enterprise customers. However, Gartner believes that the difficulties in selling PGP--the most widely used desktop e-mail encryption software product--do not reflect any inherent difficulties in selling commercial software when freeware equivalents exist.

Instead, Gartner believes the failure of commercial PGP likely resulted from Network Associates' past organizational problems, lack of demand for secure e-mail, and, most importantly, Network Associates' failure to make PGP easier for enterprises to use and manage.

Since 2001, difficulty of use has emerged as the principal inhibitor of adoption of public-key infrastructure (PKI) encryption products such as PGP and S/MIME (Secure Multipurpose Internet Mail Extensions). The entire process--assigning, distributing and managing keys and finding compatible software for both ends of the exchange--is too complicated for most people.

In addition, many enterprises prefer not to encrypt from desktop to desktop but would rather have time to check the message for viruses, malicious content, appropriate language and transfer of confidential information, and then add a standard disclaimer before encrypting the message.

However, some enterprises consider the best approach to be an end-to-end encryption model that takes into account the possibility that one of the end points might be a handheld device, kiosk or telephone. Endpoint encryption provides the best security--especially for laptops and palmtop devices, which are more vulnerable to being lost or stolen.

The key to successful implementation of secure messaging is making the process easy to use. Implementations will fail if they delay message delivery, interfere with readability of messages or require too much work by the sender or recipient.

(For related commentary on security and privacy, see

Entire contents, Copyright © 2002 Gartner, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.