Undercover
Revenge of the PKI Nerds
Wherein a very patient CSO hatches a plan to revive PKI, a technology thought to be dead
By Anonymous
December 01, 2004
—
CSO
—
I recently noticed a curious phenomenon. Public Key Infrastructure (PKI), once rumored to be dead, is making a comeback. Several high-profile institutions are now deploying a technology that I assumed had been extinct since the dot-bomb era. It's sort of technology's version of the coelacanth. This was a fish that was assumed to have been extinct for hundreds of thousands of years and then
I admit I have a certain fondness for Public Key Infrastructure, or PKI as it is commonly known
I should know, because I cut my security teeth on the bleeding edge of PKI. In 1992, I took a position as the director of electronic commerce with a company that sought to deploy a global certificate authority (CA) that would issue the digital certificates used to process PKI. Under our plan, all other CAs would be subordinate to us, and we would sit atop a giant pyramid scheme raking in monopoly profits by charging pennies on all the billions of e-commerce transactions around the world.
The only problem was that other PKI companies were busy scheming with their own plans to take over the e-commerce world. While we were plotting against each other, we forgot to actually deploy the technology. After a few years of hand waving, PowerPoint presentations and whiteboard discussions, investors began demanding that we start earning our keep by making a profit. Silly realists!Dropping the Dot BombThe bottom soon fell out of the dotcom market, and the next thing we knew, we were all posting our résumés on Monster.com. I was lucky and found a job as CISO; others in the business were not so fortunate. Every now and again, when I have lunch with an old acquaintance, we reminisce about the good ol' days of nonprofit technology hedonism and gossip about what company ol' so-and-so eventually wound up with.
In retrospect, there were good reasons why PKI was joined at the hip with the dotcom boom and bust. In the early '90s, every businessman had the same dream: a global marketplace of buyers and sellers linked together in cyberspace. The only problem was that conducting business over the Internet required authentication and encryption technology
pki
Log Management in a Cyber World
With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.
Comparing Research in Motion and Microsoft Mobile Solutions
Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.
- Continuous PCI Compliance and Security with Tripwire Solutions
- The Pursuit of a Standardized Solution for Secure Enterprise RBAC
- Building a Secure and Compliant Windows Desktop
- Root Access Risk Control for the Enterprise
- Demystifying IT Risk to Achieve Greater Security & Compliance
- Cyber Crime: A Clear and Present Danger
Stay current with insightful news and analysis on information security, business continuity, identity and access management, loss prevention and more with CSO newsletters!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
