The "killer app" for security
The information security industry has been in search of its "killer app" for many years, an application that is so compelling that it will be universally adopted. The killer app for information security is probably encrypted e-mail, but it will be a few years until that's widely realized.
People are inherently social creatures, and love to communicate with others of their kind. Because of this, voice calls seem to be the killer app for the telecommunications industry and e-mail seems to be the killer app for the Internet. Because of the lack of glamor with point-to-point communications, however, these two technologies are often overlooked, but they're the ones that people use and use often, and they seem to have roughly the same popularity.
Voice calls may be dull compared to flashier digital multimedia content, but they're still where the money is. The worldwide movie revenues are less than a week or two of the worldwide telephone revenues, for example. And the dull technologies are also wildly popular.
Given the choice between giving up their phone of giving up e-mail, people are about equally divided. When comparing e-mail to other Internet technologies, however, it's no contest. Given the choice between giving up e-mail and giving up browser-based web access, people cheerfully give forgo the web in favor of e-mail. The web may be nice to have, but e-mail is a necessity, and most businesses really can't function without it.
So if e-mail is the killer app for the Internet, it's likely that it will eventually need the protection that encryption can provide. Many people would currently like to encrypt their e-mail, but have found that it's just too difficult to do. Fortunately, this has recently changed, and we probably have the recent data security and privacy laws to thank for it.
Although it has been used by power users for many years, encrypting e-mail has been notoriously difficult for the average user to do. So difficult, that e-mail encryption remained a small and insignificant niche of the information security market. Recently, however, regulators have made it more difficult to justify sending many business e-mail unencrypted. This has created a huge interest in e-mail encryption products, with e-mail encryption now topping the lists of projects that corporate IT departments plan to roll out in the near future..
Motivated by the increased market for their products, e-mail encryption vendors have invested heavily in research and development, the result of which has been a new generation of products that are much easier to use than their predecessors. Messaging analyst firm Ferris Research estimates that one new technology, identity-based encryption (IBE), can reduce the TCO of encrypted e-mail by a factor of at least three to five, with most of the benefits coming from its improved ease of use. Such a reduction can make a big the difference between an ROI that is acceptable and one that is not. It can even create an ROI that is strong enough to stand on its own, even without the need of regulatory compliance to justify an investment in the technology.
So now that encrypting e-mail has become easy enough for widespread use, it's probably only a matter of time until it's widely adopted. But when that happens, it will seem to disappear as it becomes just another part of the communications infrastructure. It will be a dull technology, but one that's wildly popular. And given a choice between that option and being a flashy technology with limited adoption, the dull yet popular route is probably preferable. So although encrypted e-mail may indeed become one of the killer apps for the information security industry, we probably won't even notice when this has happened.
Comments