PKI: The good, the bad...

PKI offers a standard of security, confidentiality and accountability for businesses that use the Internet as a medium – an environment that was built without security being a concern.

PKI offers a standard of security, confidentiality and accountability for businesses that use the Internet as a medium - an environment that was built without security being a concern.

And although it may seem to be the answer to many a secure transaction, there are still wrinkles to be ironed out.

PKI is an expensive venture for some, and though some companies are willing to go with lower end, security, businesses with high financial risk have little choice but to consider investing in a sound infrastructure.

The present brain drain in terms of IT personnel also generally means that most enterprises tend to outsource their PKI, since this would also free up company resources and leave the complexities to the experts. As e-business continues to grow and more companies require the use of a public key infrastructure, its not misleading to assume that the e-security industry will grow along with it, especially in this niche of the industry.

However, like any other new way of doing things, there are pros, cons and complications.

The Good
Having a fixed algorithm and only changing the individual keys makes things a lot cheaper in the long run. It's a lot like having a lock from the same manufacturer, but a different key for each customer.

Algorithms remain as hard to break, whether or not they are available for public view or if they're proprietary, thus making the infrastructure cheaper to set up, as opposed to having to come up with a different algorithm for every customer. And because of that, rollout is also much faster.

A dual key system in which the public key can be published openly helps to ensure security for privacy-conscious industries. The healthcare sector, for example, sometimes requires for information to be exchanged quickly and painlessly, but still be kept private and confidential.

Ideally, once the PKI is in place, it will be transparent to the user (or as much as is possible) since the encryption and decryption authentication processes all take place on the back end. Less hassle is good, at least in theory - later we'll see how this is bad.

The Bad
Though the long-term monetary costs of setting up a public-key infrastructure tend to be lower for a rather secure solution, the start-up costs can be steep. Which is another reason why PKI tends to be outsourced - companies who specialize in it already have the knowledge base.

Also one of the considerations has to do with the fact that certificates and keys need to be managed. Therein lies the fact that resources such as manpower for administration will be required, on top of policies that need to be drafted, managed and enforced.

Having a speedy encryption process also relies heavily on computational resources such as encryption co-processors. Which also makes scalability an issue as the organization grows and the use of PKI technology increases.

Read more about PKI in Asia.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All