Despite being in what is supposed to be an early stage of development, the data security industry has produced enough companies with competing "complete solutions" to make bankers' and other prospective customers' heads spin.
There has been such an explosion that a totally thorough assessment of all products could slow the march toward Internet commerce that data encryption and digital authentication packages are supposed to accelerate.
This flowering of security tools and techniques for applying them- perhaps a characteristic of an immature industry that is bound for a shakeout-was in full view at the annual conference sponsored by the company whose encryption technology is at the heart of it all, RSA Data Security Inc. of San Mateo, Calif.
RSA and its parent, Security Dynamics Technologies Inc., are right at the front of the parade with an all-in-one "product family" called Keon.
But to say Keon is not alone would be an understatement. Some of the most recent products and pitches are summarized in the accompanying box.
International Business Machines Corp. and Equifax Inc., both on their own and through a strategic alliance, are among those putting together all the pieces of PKI-the public key infrastructure, digital certificate issuing and management capabilities, firewalls and other network security systems, various types of hardware and software components, and consulting help-to ease acceptance and installation in corporate enterprises.
The three top vendors of digital certificate systems-Entrust Technologies Inc., GTE Cybertrust Solutions, and Verisign Inc., which began as an RSA spinoff-also put their own spins on "ease of implementation." GTE's new Accelerator program is one example of the emphasis being placed on professional services, the consulting support that is seen as increasingly critical for PKI technology to spread.
The field is international and crowded, with entries from France (the computer company Bull, parent of BullSoft), Ireland (Baltimore Technologies), Sweden (Celo Communications), and South Africa (Thawte Certification).
Hewlett-Packard Co. is likely to play a key role through its Praesidium framework, which includes the Virtual Vault that is widely deployed in Internet banking. Also in the mix are the major computer service companies, consulting firms, and accounting firms that are influential system integrators.
"People are looking for more than a base technology," said Chuck Stuckey, chairman, president, and chief executive officer of Security Dynamics, which is based in Bedford, Mass. "They are looking for practical ways to apply the technology."
Keon, he said, is the culmination of two and a half years' work since the acquisition of RSA. Scott Schnell, his senior vice president of marketing, added, "Until now, people have concentrated on the technical underpinnings of PKI, when it is the application of security that is equally, if not more, important."
A "solid foundation" for security is essential to seize e-commerce opportunities, said Jeffrey Jaffe, general manager of IBM's SecureWay business unit. "Many companies lack the skill sets or tools to protect their proprietary assets. They hold off. They need help."
"They are looking for a comprehensive solution," Mr. Jaffe said in a constant refrain heard at the RSA gathering last week in San Jose, Calif.
Vendor company executives said they were pleased to see the methods advancing. "None of us are going to differentiate ourselves just on the technology," said GTE Cybertrust vice president Tom Carty. He was quick to point out that Security Dynamics and others "haven't delivered yet" on all the big visions.
"We welcome Security Dynamics into the fray," said Entrust CEO John Ryan. "But they have a lot of work to do to catch up to the completeness of our offer."
Industry analysts have been skeptical of total-solution claims, now often heard from companies that have made acquisitions to extend their competencies. "The market doesn't believe one supplier can do it all," Jim Hurley, managing director of Aberdeen Group, told the RSA meeting.
Forrester Research, in a report titled "Solution Suites: Dead on Arrival," said the components in many packages have been of inconsistent quality. "The security field is too broad and technology is changing too rapidly for one vendor to be best-of-breed across all product classes," said Forrester's Ted Julian.
Mr. Jaffe agreed and said IBM's is "not a suite. Our products really work together."
Jerome Svigals, a Redwood City, Calif.-based consultant and data security veteran, said one-stop offers are a "worthwhile objective" but can easily be oversold.
"If you look at what each of these vendors calls an 'end-to-end solution,' it does exactly what they want it to do," said Peter Freund, chairman of Certco Inc., the New York-based public key infrastructure supplier. "The real question is, Is it what the market wants?"
