Is There A Better Solution To Online Security?What information is worth protecting? It might be a private opinion, business-critical data such as a customer list or a negotiating strategy; all of it is sensitive, and all of it has value to you and your messaging partners. The need to ensure totally secure electronic communications is highlighted by the explosive growth of e-commerce. The biggest challenge to the continued growth of the e-commerce market is the competitive necessity for instant information contrasted with the equal necessity for privacy and confidentiality. Companies will continue to make significant capital expenditures on technology to ensure their future viability in the modern world. Until recently, companies that require security solutions have been forced to build in-house security systems or purchase expensive "turnkey" solutions. As either option is a tremendously costly endeavor that requires skilled staff, hardware and software, more and more companies are choosing to outsource their security needs to trusted third parties In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. TTPs are common in cryptographic protocols, for example, a certificate authority (CA). . What Are The Solutions? Revenues from PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of products and services are predicted to reach a total of $8.56bn by 2004. --International Data Corporation. Most vendors of online security solutions, if they're at all credible, offer PKI-based solutions. PKI or Public Key Infrastructure is a significant departure from less sophisticated forms of coded communication available prior to its emergence in the 1970s. In a PKI cryptosystem, each individual is issued with a pair of keys. These keys are used both to encrypt See encryption. and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. electronic information. The compelling feature of PKI is that whichever key out of the pair is used to encrypt a piece of information, the other key is required to decrypt it. This is in complete contrast to conventional cryptography, where the encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. and decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. process require the same key. The roster of companies that offer either consumer or business security solutions is constantly growing. Our of the PKI family, two encryption methods have distinguished themselves: the X.509 and the OpenPGP, or PGP (Pretty Good Privacy) A data encryption program from PGP Corporation, Palo Alto, CA (www.pgp.com). Published as freeware in 1991 and widely used around the world for encrypting e-mail messages and securing files, PGP is available for commercial use and as freeware for , standard. X.509 is generally associated with SMIME SMIME Secure Multipurpose Internet Mail Extension SMIME Security Multipurpose Internet Mail Extension (Secure Multipurpose Internet Mail Extensions (messaging, standard) Secure Multipurpose Internet Mail Extensions - (S-MIME) A specification for secure electronic mail. S-MIME was designed to add security to e-mail messages in MIME format. ) and certificate-based products. Most SMIME vendors require that the end user install software, remember a password and manage both the public and private keys. The other system that has enjoyed success in the marketplace is the PGP standard, PGP requires the end user to manage a password and the public and private keys. Further, users of this system must exchange keys with other users of the system so that they may encrypt and decrypt messages. Both systems have their champions, Neither system has ever fully penetrated the consumer or corporate markets, Generally, either cryptosystem is only available at a particular computer terminal, making roaming use impossible. Further, regardless of the level of security offered by either system, people and companies will not purchase, deploy or use products that are hard to use. If the security industry is to adequately address the ongoing market need for security solutions, it must provide solutions that are easy to use and enable users to protect messages from any computer terminal on the planet with an Internet connection, The other more technical step the security industry must make to fulfill the market's need for reliable, sophisticated security solutions is to create products that support more than one encryption standard. As time and technology progress, the number of available standards will surely increase. If a company sells a product that is built to operate using only one standard (remember PGP and X.509), then the product's ability to work with the widest range of customers is greatly diminished. Security products must be designed to be platform independent, allowing for further development or interoperability The capability of two or more hardware devices or two or more software routines to work harmoniously together. For example, in an Ethernet network, display adapters, hubs, switches and routers from different vendors must conform to the Ethernet standard and interoperate with each other. when appropriate and possible. The Way Forward: Managed Key Security Technology PKI services will make up the most significant part of ongoing costs incurred by any institution implementing a PKI solution. Datamonitor The only way for aspiring as·pire intr.v. as·pired, as·pir·ing, as·pires 1. To have a great ambition or ultimate goal; desire strongly: aspired to stardom. 2. vendors to provide online security solutions to the mass market is to avoid ibuprofen ibuprofen (ī`by  prō'fən), nonsteroidal anti-inflammatory drug (NSAID) that reduces pain, fever, and inflammation. versus aspirin aspirin, acetyl derivative of salicylic acid (see salicylate) that is used to lower fever, relieve pain, reduce inflammation, and thin the blood. Common conditions treated with aspirin include headache, muscle and joint pain, and the inflammation caused by rheumatic debates over which standard is better. The real challenge is to create
and maintain technology that allows users to enjoy the best available
standards as well as being extremely easy to use. To create true global
access to secure communications, a system of key server networks could
act as repositories for users' public and private keys. Companies
and end users will be able to create key pairs using their chosen
programs, leaving third parties to manage the keys. Whenever possible,
the network would allow key pair holders of any standard, whether it be
X.509 or PGP, to exchange electronic communications with each other in a
completely secure environment. The key server network will manage the
cryptosysrem standard as well as key pairs. The expansion of key serving
networks can be assured only if the network works toward the greatest
level of communications between standards.
Why Outsource Security? The best reasons to outsource the online security function of a business or organization is to keep internal resources focused on the core competencies A core competency is something that a firm can do well and that meets the following three conditions specified by Hamel and Prahalad (1990):
Jon Matonis is the president and chief executive officer for Hush Communications. He has over 15 years' managerial experience in the areas of security and encryption technology, embedded software Instructions that permanently reside in a ROM or flash memory chip. Embedded software may be immediately available to the CPU or, for faster execution, may be transferred to RAM first and then executed. systems, international payment systems and foreign exchange. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion