But what about business?
Although Gatekeeper was established just over three years ago, there's only be moves to begin certifying CAs for government PKI in the last twelve months. Nevertheless, the government is making moves to ensure that PKI will lead to increased efficiency and better cost savings within government departments and agencies.
But where is business in all this? Surely this is something that no organisation wishing to conduct business online should be without?
IDC's Giang states that there has been a major adoption of PKI in Australia by the financial sector and, to some extent, the manufacturing sector. However, overall, the take up has been slow, with only a third of large enterprises opting to implement these technologies. Considering that the overall rate of PKI adoption in Australia is 21 percent, this means that a rather large proportion of small-to-medium enterprises have not implemented a solution.
Mike Jeffries, PKI product marketing manager for Baltimore Technologies' Asia-Pacific operations, believes that, although other industries have been slow to adopt PKI, the Australian banking industry's keen interest could help to fuel cross-border authentication initiatives.
"The Australian banks have been among the fastest adopters in the world of the global PKI initiative called 'Identrus', which has been established to solve the cross-border authentication issue for international e-commerce," explains Jeffries. "Three of the largest banks have already stated publicly their Indentrus membership--ANZ (who are using Baltimore), NAB and Westpac (who have yet to announce any technology decisions)."
Jeffries says that Indentrus has established a single, global Root CA and is encouraging the world's biggest banks to set up "level 1" CAs underneath the Root CA. The result is that each bank will be able to issue certificates to its corporate customers according to common set of policies "pushed down the hierarchy by Identrus.
"This means that an Australian 'Indentrus-certified' company can confidently do business with any other 'Indentrus-certified' company, wherever they are in the world, because they are all part of one, common PKI," states Jeffries. "There are other ways of addressing the cross-border authentication issue, such as cross-certification, cross-recognition, and bridging between PKIs, but these become very complex and are at best partial solutions."
Neverthelees, despite the pioneering stance taken by some banks, adoption in other industries has been slow to take off.
In Australia during 2000, the spread of PKI as a security solution was particularly slow, according to IDC senior analyst Natasha David. "According to a recent... study done by IDC, certificate authorities such as server certificates and client certificates were among the least widely deployed security technologies by 2000," says David. "However... IT managers, primarily those from telecom, utilities and distribution sectors, say these are two key technologies they will be seriously evaluating for their enterprise in the next one to two years."
Unfortunately, David explains that the main reason enterprises are thinking of adopting these types of technologies is to secure their organisation after it's already been breached. "IT managers affirm that a security breach within their company comes as the greatest incentive to implement proper security measures," says David. "In addition... IT managers indicate that the increased use of the Internet and strategic e-commerce initiatives are two other fundamental drivers [for] their decision to deploy security measures such as PKI and certificate authorities."
