Our client's security problems are all about resource protection. Too many organizations simply are not able to effectively plan security into their culture. As a result, NetFrameworks CTO Eric Greenberg recently published a book, "Mission Critical Security Planner: When Hackers Won't Take No For an Answer", which is designed as a planning guide to help organizations embed security planning into the mindset of an organization. Security planners want to make sure that they have done everything reasonable to keep themselves and their clients shielded from security mistakes. Ultimately it comes down to keeping intellectual, electronic, physical, relationship and human resources intact and secure while having the business touch a larger and larger paying customer base. NetFrameworks developed and deployed the PKI software and systems used for one of the largest online trading networks in the world. What are some of the difficulties you encountered?

The struggle with PKI to this day is about ease of use. Our deployment of this trading network was not only a struggle of technology but also one of human interface. When you deploy a system of this size and scope, success is not measured by technological ingenuity but by actual usage. The system was only a success if it is was secure and trading happened between all of the systems users. In the end we discovered that clever programming is no substitute for training, support and simplification. In the end, having several thousand traders understand how to obtain, authenticate, authorize and terminate certificates was the hallmark of the system's success.

In your opinion, how important is identity management?


I believe that identity management will play an increasingly important role in society as time goes on. Identity is becoming more than just who you are, but is what defines you in an increasingly anonymous world. When we started moving money between individuals electronically (credit cards, bank cards, etc), identity went through an ideological shift. Identify was no longer defined as a local community's knowledge of an individual, but the vouchsafe given a trusted third party. Because of this, suddenly we could interact at a commercial level with someone half way around the world, but in doing so we reduced our identity from middle-aged father of three to a number and expiration date. As a result we are left with the challenge of protecting our investment in those third parties. And as a result increasingly our management of our identity becomes ever more important.

What developments does NetFrameworks envisage in 2003?