From: Quark Physics [mailto:meuon@highertech.net] Sent: Sunday, November 26, 2000 6:43 AM
extra trouble to install it. The proof is the market penetration of PGP. Only the geeks tend to use it and SSH is only used by SA geeks. The general market DOESN'T CARE!
The following parallels what our marketing department found out (after launch, unfortunately <sigh>).
We see roughly several levels of clients:
70% - "Huh? We're secure, only I have the root password" (actual quote)
10% - Encryption is hard, how about we ZIP the file we send via FTP? (not bad, it helps...)
These guys, 80% of the market, will not pay for it either. They will not buy software packages and they will not buy services either. They don't see a problem. Can we say "myopic"?
10% - SSL encrypted XML posts.
5% - SCP (SSH) file transfer, known keys on each side + passwords.
This last 15%, are mostly self-serve and actually know that there is a problem. But, they wont puchase, they don't need to, they're self-serve. This is where most of us, on this list, fall.
5% - Hardware encryption, leased line, keys for hardware encryption and passwords delivered in seperate parts by different people after identity verification. No physical connections to gateway systems. (Federal Reserve, Chase Manhatten Bank...)
The unknown tier, many of them are banks where minimum security is a regulatory thing. It's a part of doing business. I'm not sure, that if left to their own devices, that they wouldn't join the majority in in their apathy.
Until real data encryption is built into the Operating Systems and all software... --mike--
As long as we have Federal Export restrictions, on encryption products, this will continue to be an optional add-on (Win2K high-encryption pack ain't that bad. But, it is an add-on, one has to use the update service to install it).