Secured transactions breed enablement

Understanding what each of the four words mean - secured, transactions, breed, enablement - will help you see clearly the case companies like RSA and Microsoft is making across Asia; that plugging the security holes will assure the success of digital commerce - be it e-commerce or mobile commerce.

From Siemens' handsets to NTT DoCoMo and Motorola cable modems, the case for growing your business in a secure environment is huge. "Our customers don't look at mobile or PC as a separate component of user authentication,"explains Scott Schnell, senior vice president of Marketing and Corporate Development at RSA Security.

"If you use an iPaq or a Palm to store passwords, then you should protect it the same way you would your mail server because unauthorized usage could harm you and your company's confidentiality," Scott reiterated.

"Just as you carry different authentication cards - driving licence, passport, office card, bank cards and credit cards - users will have many security certificates," Scott explained. "It's not that you don't trust your business partner and we are all honest people anyway but we keep telling people it's the Internet."

RSA has some 10 million users of SecurID , who contributed 70 percent of its annual revenues of US$260 million last year. The company's OEM and PKI units make up the other 30 percent.

While he sees PKI as a an important component for the success of e-commerce, more often than not a conflict arises between different business practices from one country to another.

"Large companies issue their own digital certs and they act very much like the certification authority that you'll find in Asia. The issue is not so much as cross-vendor interoperability as in streamlining their business practices. The idea is to implement one common infrastructure, one directory and one standard," said Tom Schuster, RSA's senior vice president of Worldwide Sales and Business Operations. Companies like Singapore Airlines and Sony Corp. are creating their brand of authentication among their air crew and game distribution to PS2 players respectively.

According to IDC, the Internet Security market's explosive growth will reach US$14.2 billion in 2005. The Authentication, Authorization and Administration (3A) segment, is by far the fastest growing segment of the total Internet Security market and it is projected to reach US$9.5 billion dollars over the next five years, accounting for 33 percent of total software security expenditures in 2005.

"The role of Internet security has dramatically shifted," said Chris Christiansen, IDC VP of Internet Infrastructure & Security software. "Where before, corporations were primarily focused on preventing people from entering company networks, security features are now allowing corporations to open their internal networks, servers and content to external access via the Internet.

Last week, Microsoft and VeriSign have reached a deal to embed digital authentication technology in Microsoft's pending Web services, part of a continuing bid to address concerns about the security of its ambitious plans for the Internet.

The agreement links VeriSign, a competitor to RSA, in certifying the authenticity of electronic communications, with Microsoft's .Net initiative, a plan to make all its software products work on the Internet, officials at both companies said. It was the second tie-up between the Microsoft, the world's largest software vendor, and a security software maker in as many months, but analysts were divided on whether Microsoft has gone far enough to secure the crucial financial and personal data that would be stored online as part of .Net offerings.

In late May, Microsoft tied up with McAfee.com , to integrate McAfee software - including antivirus, privacy, and firewall products - with Microsoft's .Net servers.

As part of the deal, VeriSign said it would use Microsoft's HailStorm suite of fee-based services throughout its businesses, including its Internet domain registration.

HailStorm, which was criticised by privacy advocates when unveiled by Microsoft in March, would enable users to access their personal information from any location and any device.

Critics pointed to security risks that could arise from storing data in a central location and from using Microsoft's Passport sign-on technology. Passport allows Microsoft users to access different Web sites and services, like email and e-commerce, all by typing in one user name and password.
VeriSign also said it would adopt HailStorm services in its Network Solutions domain registration operation and Web hosting.

"We will use Passport technology for account access at some of our business units, augmenting with our own digital credentials and IDs, to allow customers to interact with us over the Internet," said VeriSign chief executive Stratton Sclavos.

Analysts said the primary security concerns with HailStorm have to do with the storage of information, not with access. But Microsoft's Mr Parthasarathy said .Net service providers, such as banks, would be responsible for storing the user data that was pertinent to their service.
It should be noted that VeriSign's mistaken issuance in March of two Microsoft digital certificates to someone posing as a Microsoft employee could cast a pall over the latest announcement.

Undoubtedly, secured transactions do breed enablement, but will people trust Microsoft with their information given the company's record of vulnerabilities in its software and with its own network and servers?