Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mistaken Identity: The Meaning Of The Symantec-VeriSign Deal

Symantec's decision to spend $1.28 billion on acquiring VeriSign's identity and authentication business drew strong praise from technology analysts, but left some business-side thinkers wondering about the long term benefits of the acquisition. The deal will give Symantec VeriSign's Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service. The iDefense unit stays with VeriSign. The move comes just a few weeks after Symantec announced its intent to purchase PGP and GuardianEdge Technologies.

With the VeriSign deal, the hope is that the combination of VeriSign's security products, services and brand will enable Symantec to bring PKI to the masses. More specifically, it positions Symantec to take advantage of the emerging battle over identity. "The company definitely needs this technology in order to solidify its focus on information-centric security, security from and for cloud computing and hosted environments, and identity-linked concerns," says Scott Crawford, managing research director at Enterprise Management Associates.

"Identity is fundamental to recognizing legitimate resources and differentiating who has authorized access to what. If Symantec bypassed the last identity boom, it has not failed to recognize the central importance of identity to the security of information with this deal, which is a much better fit with Symantec's primary emphases today," he says. But Michael A. Davis, CEO of Savid Technologies and an InformationWeek
contributor, asks, does Symantec have other supporting services in standard computing and mobility to succeed at a broader identity play? Not really, he says.

Technology plays aside, the business may find that this acquisition to be more pain than gain. "We're not very positive on this," Gartner senior analyst John Pescatore was quoted as saying. "When Symantec bought PGP, Gartner said they needed to avoid the distraction of going after the commoditized SSL server certificate market. Here they are buying VeriSign, whose revenue on SSL certificates has been dropping because of the SSL market being driven by low prices. The SSL cert business isn't even strongly related to any Symantec business areas -- it will bring some near-term revenue to make Wall Street happy but long-term dilute Symantec resources from its main markets."

Symantec's move comes at time when the company has been struggling in some ways. "They are playing catchup to a degree," says Davis. "They realized their 'Own the IT infrastructure' play with Veritas didn't really work, and while that was going on, McAfee was building a strong and stronger security product portfolio. McAfee already has HackerSafe (VeriSign is a competitor), already has a threat labs (VeriSign is a competitor), but is not in the consumer SSL business. VeriSign was starting to make inroads into the cloud security space and McAfee beat them to the punch with the Cloud Security initiative and offering last month. This is all about catch-up." With VeriSign, the company acquires tools. such as enabling DLP to automate the application of data security policy that can also include identity-linked encryption and strong authentication, notes Crawford.

  • 1