Serious problems face the global rollout of the computer and administrative network needed for keeping Internet transactions secure, but the electronic commerce market will develop rapidly regardless, according to industry analysts at a Dublin conference.
Analysts attending Dublin security company Baltimore Technologies' Global e-Security Conference this week unanimously said that despite difficulties, they believed a worldwide security system called public key infrastructure (PKI) would be widely and swiftly adopted over the next two years.
Revenues in the sector will rise from $630 million today (€601 million) to $2.2 billion in 2003, according to Mr Jim Hurley, managing director of US analysts, the Aberdeen Group. He said that 75 per cent of companies they surveyed had heard of PKI and they are either already using it or considering its use. "It's perceived to be the one hope" for a universal, and eventually, easy-to-use security system, he said.
PKI is a complex system of policies and procedures for exchanging information securely over computer networks and the Internet. Information is kept secure by encoding and decoding it with mathematical "keys" generated by computer software programs. The PKI system also involves the use of electronic signatures and the establishment of a network of certification authorities (CAs), also known as "trusted third parties" (TTPs) - organisations that issue and validate the authenticity of the signatures by providing digital certificates. Although the system is complex, the goal is for it to be an automatic and nearly invisible security process for computer users.
Mr Hurley believes that once companies have moved beyond the "Year 2000" computer glitch, "the spigot (for PKI take-up by companies) is going to turn on rapidly". He said digital certificates would be "everywhere" before long and that a range of CAs would spring up to provide them.
Governments, telecommunication companies and Internet service providers (ISPs) were all likely to be the first adopters of PKI and would also themselves become trusted third parties, said Mr Jonathan Tikochinsky, senior analyst with London-based Datamonitor.
As organisations have begun to adopt PKI, problems have been quick to emerge, said Mr Scott Smith, European Internet strategies director with the Yankee Group. The various PKI software manufacturers have failed to standardise their programs, which means they often won't work together or recognise each other's certificates.
In addition, the technologies remain difficult to use and come primarily from manufacturers with little household name recognition; companies lack the resources to implement PKI systems and companies remain unsure of who they can trust as a CA, he said.
Nonetheless, companies are under pressure to go ahead with online transactions and the electronic commerce market "is moving along ahead of the technology", said Mr Smith. He expects problems to be resolved as the PKI market develops.
In the Republic, organisations like the Dublin Chamber of Commerce and An Post already have prepared to become some of the State's first CAs. The Government strongly supports PKI and has a draft policy - expected to become legislation in the next few months - that would give legal recognition to and provide regulations for CAs, digital certificates, electronic signatures, and other elements of PKI.
More than 600 delegates attended the three-day conference hosted by Baltimore Technologies, a Dublin company that supplies PKI-based e-commerce and business security software and consulting services. Baltimore, which recently merged with British security company Zergo, employs more than 400 people worldwide. The company went public with a listing on the Nasdaq on October 28th.