Expect more PKI in 2008
Wasn't 1999 supposed to be "the year of Public Key Infrastructure (PKI)?" Yes, I know, another analyst prediction that didn't come to fruition. It's fair to chastise the analysts for another missed call, but PKI certainly shares some of the blame.
It really is difficult to imagine a "year of PKI" because PKI isn't your typical technology trend. PKI isn't a standalone security widget, it is a complex infrastructure that must be integrated into existing applications and business processes. Once implemented however, PKI can really improve security, protect data integrity, and bolster identity management.
PKI never took off because of demand- and supply-side issues. Customers eschewed PKI because it was expensive, difficult to implement, and lacked support of many applications. Vendor solutions really didn't address these issues very well. PKI products have always been rather clunky or academic. IT people love technology but not science projects.
This situation is finally changing. On the demand side, PKI is riding on the back of regulatory compliance, security, and business-to-business requirements. More companies and government agencies are adopting smart cards for physical and IT security, a perfect complement to PKI. Application support is more ubiquitous and integration is easier than it was in the past. Companies also need to secure data exchange and develop trust relationships with external constituencies. PKI to the rescue!
So what about product complexity? The supply-side gang is dealing with this as well. Microsoft gets it--its Microsoft Identity Lifecycle Manager and Certificate Lifecycle Manager products marry PKI functionality with Windows ease of use. Don't get me wrong, PKI is no "day at the beach," but Microsoft will continue to tame PKI complexity over time. This combined with Windows 2008 server and Vista desktops will pave the road from broad PKI adoption.
Organizations who remain averse to managing a PKI infrastructure have other attractive options. How about PKI in the clouds? PKI services experts like Chosen Security, RSA Security, and Verisign can handle the whole enchilada without fussing with server implementation. One phone call and PKI becomes an operating expense.
I'm too old to stick out my neck and say that 2008 will be "the year of PKI," but in my view, PKI is inevitable. Heck, if you consider secure Internet traffic using SSL, it already is. In this era of data breaches and identity theft, PKI is rapidly becoming a requirement. Shrewd vendors like Chosen Security and Microsoft are meeting this demand with robust simplified product offerings. Supply and demand lines are likely to cross soon.
Jon Oltsik is a senior analyst at the Enterprise Strategy Group. He is not an employee of CNET. 
In most cases, the initial investment in a PKI cannot be broken down into manageable cash flows, where tangible results could be sensed as a reflection to the amounts of money invested.
It is just like building a power plant or a mobile phone operator; where you can never provide service to customers before the project is completely finished and results are accredited.
This has negatively impacted the appetite to similar projects, and makes the decision to go forward much harder when it comes to the business case, project initiation, and drafting the budget.
I think organizations, especially those who operate in emerging markets will continue to spin around and try to find smaller tweaks to close security gaps within their environments rather than conducting a full fledge PKI deployment.
I believe that regulations have to develop more in this arena, and legal enforcements should be supported by the governing parties for such a technology to see the sun.