Industry View

Magnum PKI

Why public key infrastructure is gaining renewed popularity pushed by legal requirements on one side and new service offerings on the other

By Tom Greco

August 02, 2006 — CSO —

In the physical world, trust is built on social, legal and business interactions that can take generations to mature. People rely on symbols to establish trust—drivers' licenses, employee badges, credit cards. Organizations, however, are required to conduct business with a much keener eye to establishing and securing user identities on more than trust. With a growing list of regulations and mandates such as HIPAA, Gramm-Leach-Bliley, Sarbanes-Oxley, HSPD-12 and 21 CFR Part 11, businesses and governments are looking for solutions and services to provide identity management and encryption, as well as the confidentiality, integrity, authentication and non-repudiation of information on which their viability depends.

Public key infrastructure (PKI) is one of the identity and access management strategies gaining momentum due to this growing number of mandates. PKI provides organizations with the ability to digitally sign and encrypt critical data that can be deciphered or viewed only by individuals possessing a digital certificate or credentials. PKI is not a new technology; it has been used in military, intelligence and commercial applications for several decades. It has gone through a number of “boom and bust” cycles. Its ability to meet a full range of information security needs makes it desirable, but the perception that it is a difficult solution to implement puts people off. PKI is currently experiencing a great deal of interest as various countries, including Belgium, Singapore and Malaysia, embrace it as fundamental to their national identity infrastructure. PKI is also emerging as the technology of choice in government identity programs, such as the U.S. federal employee ID mandated by HSPD-12. Applications are emerging to take advantage of the growth of digital credentials. Another strong sign that PKI is here to stay is its integration into the latest version of the Windows operating system, the yet-to-be-released Vista.

PKI is perhaps one of the most valuable identity and access management solutions on the market today due to its ability to both digitally sign and encrypt data. Other common access management tools involve user names and passwords, one-time or multi-factor authentication tokens and biometrics, such as fingerprint or iris scans. These tools, however, are not as effective as PKI since they do not enable encryption of data. Additionally, they are not as robust an electronic signature as those created using digital certificates. With cost being a key criterion in most CFOs’ and CSOs’ security strategies, PKI’s functionality provides a cost-effective way to leverage the technology already in-house, while at the same time improving security processes to ensure that critical data is protected.  

• Email
• Print
• Comments
• Digg This
• SlashDot