May 20, 2010

blasts from the past - Verisign sells its CA division?

Nelson spotted it, too late for yesterday's post of old predictions come true:

Symantec Corp. is paying $1.28 billion in cash to buy a division of VeriSign Inc. that sells security technology to websites.

The deal, announced Wednesday, represents VeriSign's most aggressive move yet to slim down and concentrate on its core business: managing traffic to websites with addresses ending in ".com" and ".net," and collecting fees for registering those domain names.

VeriSign has been purging divisions for the past three years, after realizing it was spread too thin following a buying binge designed to insulate it from the kinds of problems it had after the dot-com collapse a decade ago.

Prior to Wednesday's deal with Symantec, VeriSign had sold more than a dozen businesses since 2007 for a total of nearly $1 billion. What Symantec gets out of the deal is one of the Web's best-known brand names for security.

Back in 2005 (!) I predicted this would happen, because of complexity and the fear of litigation arising out of the phishing threat. The too-many-business-lines aspect is there in the above article. As it happened, the litigation has not emerged as yet, although if the Australian Bank Fees case pans out positively (for the fee payers not the payees), there might be more enthusiasm.

Where does this leave the market for CAs? Well, Symantec probably has a very different outlook and approach. But it's also a complex company in its own right, so the problem of complexity will need to be fixed there as well. And, it has another very close buyout of recent times: PGP Inc.

Yes, the company famous for its version of OpenPGP, which is perhaps the bright shining light opposing the CA business, has been sold to Symantec for some $300bn. Leading light Jon Callas then left the company and went to Apple, which is an interesting move in a buyout phase.

Meanwhile, I saw a recent comment that PGP Inc also has PKI and CA business, which makes me wonder. Is this true? If so, Symantec will have even more work to do rationalising of lines. Others muse on these issues too:

One strength of PGP is its server-side encryption and security offerings, which compete with products from vendors such as nuBridges, Voltage, Vormetrics and RSA with its BSafe toolkit. Demand is growing for server-side encryption because of the Payment Card Industry data security requirements, Pescatore says. Symantec says PGP counts 100,000 enterprise customers with more than 1,000 employees, and 1 million small-to-midsized customers with fewer than 1,000 employees.

For its part, Symantec says it sees PGP and its public-key encryption technology as its ticket to innovations making use of key management. Symantec is a market leader in the data loss prevention (DLP) product arena, and "for complete use of DLP, encryption is an important part," Symantec CEO Enrique Salem told financial-industry analysts earlier this morning on a conference call to announce the acquisitions.

The PGP platform for key-management will contribute to Symantec's focus on creating a "policy-based approach" in security, Salem said. In addition, a start-up acquired by PGP, called ChosenSecurity, offers another path into identity management related to establishing trust among users and sites, he noted. "We will standardize on the PGP key-management platform," says Francis deSouza, senior vice president, Enterprise Strategy group, Symantec.

(For what it is worth, I am strongly related to CAcert these days, which is an open community supplier of x.509 signatures and OpenPGP signatures, you should think about conflicts of interest in the above post.)

Posted by iang at May 20, 2010 08:36 PM | TrackBack
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.