Encryption Technology Ready for Its Close-Up
Meantime, the corporate technical community was relatively indifferent to the technology. To some this seemed paradoxical. The risk the average Unix programmer ran by leaving his Quake cheats unencrypted was probably pretty low. Companies, however, routinely sent and stored information of real value on their networks and file servers.
The reason for the difference was that both the corporate and popular communities were focusing on the same feature but with different perspectives: In the early ’90s encryption was primarily an end-to-end technology, run by users from the edge of the network. This appealed to the popular community, since users liked the idea of being responsible for enforcing their rights with their own hands. For CIOs, end-to-end was a bug, not a feature, because such services carry significant training and installation costs. There were other problems: Encryption made it harder for network diagnostic tools to peer into the traffic flow.
The argument between encryption developers and vendors, and the national intelligence and law enforcement agencies looked like a good one to avoid. There were no open standards.
Thus on the corporate side, even though encryption was available in theory (Lotus had built a decent module into Notes) the security products that drew the most enthusiasm were firewalls. Firewalls did not demand as many resources, and they protected against some of the same threats as encryption. Our own coverage mirrored that attitude. When we wrote about security (as we did in our Feb. 15, 1994, issue), we concentrated on firewalls, good practices and smarter management. Encryption seldom merited more than a line or two. "Crypto companies were begging for someone to pay attention to them," remembers Vin McLellan, managing director of the Privacy Guild, a security consultancy in Chelsea, Mass.
$firstKeyword



