The future of encryption lies not in improving the algorithms themselves, but in easing implementation and administration.

The future of encryption, say experts, lies in the potential for ultimately transparent, seamless, end-to-end encryption. That would allow CIOs to be as blasé about the process as they are about operating systems today. But the industry is still a number of years away from that model. Says Chris Parkerson, senior product manager at Bedford, Mass.-based RSA Security Inc.: "I think the primary focus of encryption-related products in the future will be on the management of encryption and associated keys, and security policies across the diverse IT systems of large enterprises."

Meanwhile, since encryption technology itself is already a virtual commodity, Parkerson believes that, over time, encryption capabilities will be built into every possible endpoint that touches data, including databases, storage systems, packaged applications, operating systems, laptops and PDAs.

He hopes to see more standards in encryption products so that managers will be able to administer encryption from a centralized console across all of these endpoints. "All of the value will be in simplifying the management of the security infrastructure that enforces security policies and rules across all of the endpoints," Parkerson says.

Cryptography Research's Kocher believes that the holes in encryption—primarily around identity management, access management, authentication and fraud detection, will be patched. "Strong authentication technologies like smart card readers have become very inexpensive," he says. And while he isn't a big fan of biometrics—because of false negatives as well as the fact that some people consider them ­intrusive—he believes they will become more accurate, less expensive, and more widely accepted by end users.

Finally, identity management for logical networks will become increasingly tied into physical security. Says Kocher: "The same smart card you use to unencrypt the database will get you into your parking space and your office."

How close are you to offering us a seamless security product?

How should we be thinking about melding together our data security and our physical security?