When PKIs hit the streets a few years ago, a media frenzy ensued -- remember 1999, the year of the public-key infrastructure? Now it's the morning after, and we've gotten a dose of reality when it comes to the cost and complexity of rolling out a PKI.. . .
When PKIs hit the streets a few years ago, a media frenzy ensued -- remember 1999, the year of the public-key infrastructure? Now it's the morning after, and we've gotten a dose of reality when it comes to the cost and complexity of rolling out a PKI. But one thing remains constant: Positive authentication is vital for doing business regardless of whether you're express-mailing paper contracts and purchase orders or sending those documents electronically. A PKI offers a way to transmit data securely over insecure networks, extending user credentials across an enterprise or to extranet partners.

Sounds good, but a PKI implementation shouldn't be undertaken lightly. The preparation involved is daunting, no matter which vendor or technology you choose. Success or failure will hinge on whether you've done your homework -- make sure you know what services you want from your PKI, what applications you must support, what policies and procedures will be defined for the care and feeding of the PKI, and how the PKI will be integrated into your security and operational plans. Only after these and other policy issues have been resolved are you ready (see "PKIs Are Still Tough To Deploy").

The link for this article located at Network Computing is no longer available.