Verisign Inc., which has been struggling along with its competitors to sell technically complex security techniques for large-scale electronic commerce, has embarked on a simplicity campaign.
The digital certificate leader wants to make it easier for sizable businesses to install and administer its trust-assurance products in the areas of Web site access, virtual private networks, and electronic mail.
This week, Verisign took a step in this direction by announcing OnSite for Microsoft Exchange. The first in a family of implementation aids called Go Secure, the system is designed to remove the technical and practical obstacles that have discouraged widespread deployment of secure, digitally signed e-mail.
The Microsoft e-mail version will be ready for shipping in about a month, to be followed in the third quarter by one for Lotus Notes R5. Together, those two packages account for 70% of the market, said Verisign group marketing manager Steve Crawford.
Verisign, which is based in Mountain View, Calif., is essentially trying to remove the barriers to the e-mail security standard known as S/MIME- Secure Multipurpose Internet Mail Extensions.
Though well established and based on widely available data encryption technology such as that of RSA Data Security Inc., which at one time owned Verisign, S/MIME has been slower to catch on than its promoters had hoped. There are numerous anecdotal tales of organizations' abandoning plans to require S/MIME on all internal and external electronic mail because of the operational difficulties.
Citing a survey by Ferris Research of San Francisco, Verisign said 50% of enterprises expect to adopt S/MIME by 2003. Microsoft Exchange alone is expected to quadruple its user number, to 80 million, by 2001.
Verisign is making the e-mail program part of its OnSite service, which many banks and other corporations have found to be an efficient alternative to managing public key infrastructures, or PKIs, on their own.
OnSite itself was an attempt to simplify data security operations, with Verisign taking care of back-office complexities. Simplification has been a preoccupation of competitors in the field, including Entrust Technologies Inc., which, Mr. Crawford said, appears to be Verisign's closest rival in enterprise services.
These PKI providers are on a long list of vendor and system-integrator companies offering "total solution" approaches to digital certification, and e-mail has been an area of particular frustration.
"A bank can quickly and easily set up a basic PKI service with OnSite," Mr. Crawford said in an interview. "Our focus this year is to make it easier to integrate PKI into mission-critical systems" such as e-mail.
"Verisign OnSite allows enterprise customers to easily integrate Verisign's PKI with the secure messaging infrastructure that Exchange Server 5.5 and Outlook 98 provide," said David Malcolm, Microsoft Corp. group product manager for Exchange Server. "Verisign OnSite makes it easier for companies to deploy mission-critical applications and to be trusted by other organizations over extranets."
Extranets, which are based on Internet technology, give outsiders access to computing systems and data bases to the extent authorized by security rules that S/MIME and other measures can help enforce.
S/MIME is described on the RSA Data Security Web site as "analogous to a secure piece of postal mail traveling between two locations." The protocol is "applicable to any situation in which data must be securely transferred, stored, forwarded, and authenticated," including electronic data interchange, transfers of bank statements or stock trading data, electronic bill payment and presentment, and health-record storage and sharing.
Verisign says it is addressing complaints about S/MIME's being hard to use and support, including the complications of user-directory maintenance and interoperability across computer systems. An optional key recovery service lets secure messages be deciphered in emergencies, such as when a user's private key gets lost.
"All of us in this business are on the same page-that we have to make it simple," said Mark N. Greene, vice president of Security at International Business Machines Corp., which is promoting its own set of PKI programs. "For certificates to be ubiquitous, we need ease of use and transparency."
Mr. Greene pointed out that IBM's Lotus, with 35 million client users, will be the largest standards-based digital certificate infrastructure as the R5 version rolls out this year.
OnSite for Microsoft Exchange comes with a detailed implementation guide for system administrators and a tutorial for individual users. Many commands have been reduced to screen icons, and the enrollment process takes about 30 seconds, a far cry from previous S/MIME implementations in which "you really had to take time to figure it out if you wanted to do it," Mr. Crawford said.
