As two leaders in PKI scramble to refocus their businesses in the hopes of a steadier revenue stream, corporate users are again wondering if and when the promise of killer public-key infrastructure applications is ever going to be realized.
Baltimore Technologies Inc. and Entrust Technologies plc. are planning to move much more heavily into the services end of PKI this year. The moves represent a sea change for the two vendors, each of which has historically derived the majority of its revenue from software sales.
And while customers applauded the companies efforts to deliver more value and return on investment in relation to costly PKI deployments, some said other issues still need to be resolved, such as evangelizing the technology.
"Customers just dont have a clue what [PKI] is," said Rick Zach, president of USDataCenters Inc., a Marlboro, Mass., management service provider and Baltimore customer. "Its a difficult story to communicate. Value-added services are important, and were betting our company on it, in a sense, but the sense of what [PKI] is is still the biggest barrier to entry."
Baltimore and Entrust last week each reported disappointing first-quarter results.
But more telling was that the companies revenues from software licenses fell significantly, indicating a lack of demand for the vendors core PKI offerings. Both companies blamed the results on the slowing global economy, but customers and analysts said thats only part of the picture.
"No one is really buying it at this point because theres no real killer [PKI] app to drive adoption," said one CIO, who asked to remain anonymous. "These vendors havent shown us where the value is. How am I going to make more money or save money down the road by deploying this? [The services strategy] is a lame attempt to dig themselves out." But Entrust and Baltimore executives said last week that services are the key to PKIs future.
In an effort to differentiate itself from companies such as VeriSign Inc. and RSA Security Inc., Entrust in the next few months will roll out a set of enhanced PKI services, some of which will be delivered through systems integrators. The services will center on the authentication process and the way online transactions are handled.
"This is the exact right direction for them to take," said Tom Hagan, CIO and chief privacy officer at PersonalPath Systems Inc., an Upper Saddle River, N.J., provider of privacy and security solutions for health care organizations and an Entrust customer. "The trend will be 100 percent commoditization [of the technology] over time, so they have to do something."
Baltimore, which laid off 250 workers last week and reported a 17 percent decrease in revenue from the fourth quarter of last year to the first quarter of this year, now plans to sell its software on a subscription basis, starting with its new UniCert Quick Start offering. Other subscription-based applications will follow.
"This economic climate is resulting in a more conservative approach," said Fran Rooney, CEO of Baltimore, in Dublin, Ireland. "We have to accelerate the deployment of our product through a service model so we can deliver cost efficiencies."
Rooney also said that the company will focus its software sales efforts on its authentication, content security and access control products going forward.
Baltimore and Entrust will face stiff competition in the PKI services market from VeriSign, a fact that has led some vendors to avoid that market altogether.
"Thats a tough market to crack," said Alex Van Someren, CEO of nCipher plc., a Cambridge, England, provider of PKI-based hardware. "VeriSign owns that market. Its going to be difficult [for Baltimore and Entrust] to meet the expectations set out for them." ´