Superconductor

I've known several people who aspired to one day own a Corvette. Curiously, everyone that I've known to have actually bought one ended up rarely driving it. I'm not sure why they do this. Maybe they can't stand to see their Corvette dirty. Maybe they don't want to take the chances of them getting damaged in an accident. Maybe they just want to save money on insurance by rarely driving them.

On the other hand, it could be the case that the people that I've known aren’t representative of Corvette owners. I've only known a few people who dreamed of one day owning a Corvette and then managed to actually buy one one day, and such a small sample probably won't give you enough information to find any significant trends.

On the other hand, industry analysts estimate that most of PKI software ends up much like those undriven Corvettes. Apparently roughly half of PKI software ends as "shelfware," software that's purchased but never deployed. And just like the owners who don't drive their Corvettes must have a good reason to do so, I'm sure that the people who bought PKI software and didn't deploy it also have good reason for doing so.

I can almost understand why someone would buy a Corvette and not drive it much. After all, many people could probably pass many enjoyable hours admiring a Corvette as it sat in their garage. On the other hand, I don't understand at all why someone would buy PKI software and not use it. People almost certainly take their Corvette for a test drive before buying it. Don't people try a demo copy of PKI software first and make sure that it works in their environment and is at least somewhat useful before buying it? If that's the case, it's hard to understand why they end up not using it.

Back in the dot-com era, the PKI projects that I worked on cost anywhere from the equivalent of 2 to about 60 Corvettes. This wasn’t all the PKI software itself. For a big implementation, you'd have roughly 20 Corvettes worth of software, another 20 worth of hardware, and another 20 or so of professional services. For smaller implementations, it was weighted much more towards the cost of the software.

In the bigger implementations, the PKI was just one part that made a larger e-commerce project work, so it was as if customers were buying an entire lot of cars and wouldn't even notice those 60 Corvettes. These larger implementations also had a definite need for the PKI, but many customers didn't even know that they were getting one because it was just one more component of a big project. And they didn't really care. They weren't really interested in the PKI piece of their project, but they were interested in the overall benefit that they would get from the larger project. These definitely didn't end up a shelfware.

In the case of the smaller implementations, there was often not a clearly-defined need for PKI software, but customers thought that it might one day help them. These probably account for the dusty, unopened boxes of PKI software that apparently still clutter shelves of IT departments. I saw several of these projects for each of the larger projects, so the smaller projects probably account for most of the PKI software purchases. Because there was really no need for them when they were purchased, it's actually surprising that only half of these ended up unused. Maybe that's the lesson to be learned from the rise and fall of the market for PKI software – don't buy software unless you have a good reason to do so, although that's also an odd lesson for people to actually need.