Magic Quadrant for a Fading PKI Market, 2003



Similar documents
CIO Update: Gartner's Extranet Access Management Magic Quadrant for 2H02

2003 Desktop Software Distribution Magic Quadrant

SSL VPN 1H03 Magic Quadrant

EMEA CRM Analytics Suite Magic Quadrant Criteria 3Q02

CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader

SSL VPN 1H03 Magic Quadrant Evaluation Criteria

The Magic Quadrant Framework

Magic Quadrants for EBIS/Reporting and BI Platforms, 2H03

SAN Management Software Magic Quadrant

Magic Quadrant for Application Platform Suites, 2Q03

Magic Quadrant for Data Center Outsourcing, 4Q03

Vendor Classification

Defining the PLM Magic Quadrant by Criteria and Use. We provide the methodology used in developing our product life cycle management Magic Quadrant.

Management Update: Gartner s Updated Help Desk Outsourcing Magic Quadrant

Don't Pay to Support CRM 'Shelfware'

Patch management point solution. Platform. Patch Management Point Solution

Magic Quadrant for Storage Services, 2Q05 25 May 2005 Adam W. Couture Robert E. Passmore

2003 Enterprise Backup/Restore Magic Quadrant

Magic Quadrant for Corporate Telephony in EMEA, 2003

Job Scheduling Magic Quadrant Reflects New Challenges

Management Update: The Eight Building Blocks of CRM

Business Applications and Infrastructure Entwined

Server Vendors' High-Availability Services: Magic Quadrant

Partner Relationship Management: 2003 Magic Quadrant

Magic Quadrant for Global Enterprise Desktops and Notebooks

By 2007, 80 percent of enterprise communications purchase decisions will require support for unified communications (0.6 probability).

Management Update: Gartner s Large-Enterprise HRMS Magic Quadrant for 2002

Management Update: Gartner s 2003 Learning Management System Magic Quadrant

Research. Identity and Access Management Defined

Strategic Sourcing Magic Quadrant Criteria: An Explanation

The Business Rule Engine 2003 Magic Quadrant

Business Intelligence: The European Perspective

How Deal Size Matters in IT Infrastructure Outsourcing (Executive Summary) Executive Summary

The Four "A's" of Information Security

EMEA CRM Analytics Suite Magic Quadrant 3Q02

PLM Eclipses CPC as a Software Market

Predicts 2004: Supplier Relationship Management

Outlook for the CRM Software Market: Trends and Forecast (Executive Summary) Executive Summary

TOTAL DATA WAREHOUSING:

Strategic Sourcing Applications Magic Quadrant, 1Q03

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Management Update: How to Implement a Successful ERP II Project

CIO Update: The Gartner Firewall Magic Quadrant for 2H02

National Student Clearinghouse's Web Services Network

The ITO and BPO Offering Continuum

Security and Identity Management Auditing Converge

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Management Update: Gartner s BI Magic Quadrant Update Sailing in Rough Waters

Unlike the general notebook market, in which

The 2H05 Magic Quadrant for managed

Firewall Market Trends

Lead architect. Business architect. Technical architect. Lead Architect

Using Entrust certificates with VPN

Management Update: CRM Suites Magic Quadrant for North American Midsize Businesses

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

RSA Security RSA Keon Certificate Authority PKI Product

Management Update: CRM Success Lies in Strategy and Implementation, Not Software

Magic Quadrant for Integrated Document Management, 2003

Workshop: How an IAM RFP Can Help You Choose the Best Solution for Your Business

X.509 Certificate Management: Avoiding Downtime and Brand Damage

Vertical Data Warehouse Solutions for Financial Services

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Arcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer

Midsize Enterprises Lead in Adoption of Payment Outsourcing

Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing

Business Intelligence Focus Shifts From Tactical to Strategic

Transcription:

Markets, V. Wheatman, R. Wagner Research Note 17 June 2003 Magic Quadrant for a Fading PKI Market, 2003 Pure-play public-key infrastructure vendors are disappearing due to failure or acquisition, or by redefining their mission. Our final PKI Magic Quadrant for North America positions survivors for other market opportunities. Core Topic Security and Privacy: Security Tools, Technologies and Tactics Key Issue Which vendors will emerge as leaders in the information security domain? Strategic Planning Assumption By year-end 2003, pure-play PKI vendors will disappear due to failure or acquisition, and remaining market participants will be defined by various other terms, such as identity management or application-oriented descriptors (0.8 probability). Gartner has said that public-key infrastructure (PKI) will succeed when it "disappears" into applications. We believe that this absorption is occurring. Although stand-alone PKI attracts some interest when new government regulations first appear, there are less-expensive, simpler alternatives to what PKI can provide. Thus, the only action in the stand-alone PKI market will be in niche applications in generally closed communities. This does not meet Gartner's criteria for a market. Therefore, we are retiring the PKI Magic Quadrant (see Figure 1) because PKI technology is no longer paramount, the market is losing definition, and enterprise buyers are recognizing that PKI often is overkill for the relatively simple IT security problems that they want to solve. Gartner Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

Figure 1 Magic Quadrant for a Fading PKI Market, 2003 Challengers Microsoft Leaders RSA Security Entrust Ability to Execute GeoTrust Computer Associates VeriSign Baltimore Technologies Digital Signature Trust PGP As of June 2003 Niche Players Visionaries Source: Gartner Research (June 2003) Completeness of Vision Our withdrawal of the PKI Magic Quadrant should not suggest that cryptographic key management should no longer be considered for securing applications. However, caution is required because there are alternatives. Leaders Since its 2001 financial tailspin, Baltimore Technologies has worked to restructure and recover. Several units were sold to raise cash as the vendor cut expenses to reduce its burn rate. Newly announced PKI projects in Singapore, Saudi Arabia and the Netherlands, in addition to other deals through partners (including Hewlett-Packard), have helped cash flow. However, we questioned Baltimore's viability given the ongoing soft economy and our belief that its cash balances, as reported in March 2003 for fiscal 2002, would not sustain continuing losses. Indeed, while continuing to announce new deals, primarily in the Asia/Pacific region and Europe, Baltimore also announced a "controlled sale" of the vendor. It has engaged J.P. Morgan Chase to manage the process of seeking binding offers by 30 June 2003. Although no longer a pure-play PKI vendor, Entrust remains a strong force in the market. The May 2003 commercial availability of Entrust Authority Security Manager 7.0 provides strong 17 June 2003 2

integration and security management for Microsoft or CAPIbased applications, in addition to its Entelligence Security Provider for managing Microsoft's Encrypting File System keys, "smart card" login and Active Directory support. Microsoft's operating systems integrate several certificate authority functions. Adoption is strong because there is no percertificate cost, and the certificate authority function is "free." However, the user and management interface is less than satisfactory. Thus, other vendors, such as Entrust, have addressed client movement toward Microsoft's certificate authority with closer integration. RSA Security's position in the PKI market leverages its opportunity to build from its time-synchronous, SecurID token installed base, while acknowledging its market message that, in many cases, PKI alternatives may be more appropriate. RSA has introduced a smart-card solution to augment its token business as part of its identity management and access control strategy. Although sales have been disappointing, its Keon PKI software has been selected by the U.S. Department of Defense (DOD) as one of two certification authority products to support possible PKI functions in the DOD's Common Access Card deployment. VeriSign, the earliest and most visible of the certification authority services, did not even mention its PKI business in its most-recent financial analyst briefing in May 2003. Challengers GeoTrust entered the PKI market by first offering SSL certificates intended for encryption, and by differentiating from market leader VeriSign in price and features. Similar to VeriSign, GeoTrust offers managed certificate services, and it recently entered the payments arena. Visionaries We have added the newly reformed PGP to the Magic Quadrant. With its focus on secure e-mail and desktop encryption, grassroots support (including a wide, if not deep, penetration into government, higher education, defense agencies, nonprofit organizations, law firms and healthcare organizations) and a "self-assembling PKI" model, we believe that PGP's approach could indicate PKI's future as "plumbing" in relying applications. Niche Players Computer Associates' (CA's) etrust PKI, updated to version 2.0 in April 2002, has a number of attractive features, including 17 June 2003 3

an integrated OCSP responder for validating certificates. CA's approach fits the trend of "invisible PKI" because it integrates to support CA's applications as part of the etrust Identity Management product line. Digital Signature Trust has essentially merged into the Identrus banking initiative. As a result, Digital Signature Trust's owner, Zions Bancorp, became a major owner (in addition to the American Bankers Association) of Identrus. Digital Signature Trust remains active in government accounts, claiming 75 percent of the contracts awarded under the U.S. Government's Access Certificates for Electronic Services (ACES) program, and in several states. However, many programs are in the early stages, have completed pilots without significant application use or have been ended after the pilot. Not Included on the Magic Quadrant Several PKI vendors have changed their strategies, some have gone out of business, and others are too small to place on the Magic Quadrant or have reduced their focus on PKI: CertCo closed its doors in 2002. Two small Canadian niche players, Certicom and Diversinet, independently provide PKI that is intended for mobile and wireless platforms, primarily in the original equipment manufacturer market. GlobalSign, a European PKI service provider, has been acquired by Belgium-based managed security service provider Ubizen, which intends to enter the North American market. PricewaterhouseCoopers' betrusted was acquired by One Equity Partners, an investment unit of Bank One. Sun ONE Certificate Management System, formerly iplanet Certificate Management System, deploys and manages certificates through support of the Sun ONE Directory Server. Because of its emphasis on identity and access management, Sun Microsystems has decided to exit the PKI market, resulting in the end of life of its product. Support will continue through July 2006. However, at the separation of the Sun/AOL alliance, both companies retained rights to the product, and we have seen it promoted as the Netscape Certificate Management System as recently as RSA Security's conference in April 2003. The product was selected for the DOD's Common Access Card program as one of two certification authority solutions (in addition to RSA Security), as well as for the ACES project, primarily because it was on an approved acquisition schedule for U.S. 17 June 2003 4

agencies. It is supported by AOL Strategic Business Solutions within the DOD. TheU.S. Department of Agriculture's National Finance Center is offering digital certificates that are based on the Entrust platform to government agencies. TheU.S. Postal Service withdrew its plan to provide PKI services to government agencies in partnership with Microsoft. ValiCert merged with the secure messaging provider Tumbleweed Communications. As a class, financial services providers have the potential to be big PKI customers, users and trusted third parties. However, few banks can show successful deployments or return on investment. Our surveys have shown that few banks intend to offer PKI as part of their trust services (see "Digital Signatures and Risk Mitigation: A Market Disconnect"). Financial Stability of PKI Vendors Gartner notes that all of the players in the PKI space that do not derive significant revenue from sources other than PKI have had severe downturns in revenue in the past 24 to 36 months. The market as a whole has declined 32 percent in 2002 compared to 2001, according to Gartner Dataquest. Many vendors are low on cash reserves an indication of some willingness to be acquired. However, this state has been ongoing for several fiscal quarters. With few exceptions involving marginal players, there appears to have been little interest in acquisitions on a large scale. For example, Entrust remains independent, but Baltimore is on the verge of being acquired or failing. One possible explanation for the lack of interest in purchasing PKI vendors is that potential buyers do not want to risk challenging the Microsoft/VeriSign hegemony. As the remaining players in this space use up dwindling reserves battling for increasingly scarce buyers, by year-end 2003, pure-play PKI vendors will disappear due to failure or acquisition, and remaining market participants will be defined by various other terms, such as identity management or application-oriented descriptors (0.8 probability). Acronym Key ACES CA CAPI DOD PKI SSL Access Certificates for Electronic Services Computer Associates Cryptographic Application Programming Interface Department of Defense public-key infrastructure Secure Sockets Layer Bottom Line: The pure-play public-key infrastructure vendor has all but disappeared from the market, validating our forecast that PKI would become embedded in applications as a feature, rather than remaining an end product. IT security directors must focus on the value that applications gain from a PKI that is used to manage cryptographic keys, and evaluate independent PKI suppliers based on the familiar metrics of financial stability and desired functionality. 17 June 2003 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information