Analysts are generally approving of Symantec's $1.28 billion acquisition of VeriSign's authentication business, but difficulties may lie ahead.
plans to buy VeriSign's
identity and authentication unit have been greeted
with largely positive reactions from industry analysts, but analysts still
see some challenges ahead.
After a day of rumors, Symantec confirmed the $1.28 billion deal and
outlined where VeriSign's technology fits in its strategy. However, while the
company touted the buy as bolstering its identity and authentication story,
Gartner analyst John Pescatore questioned whether there is enough synergy.
"The people who buy the SSL [Secure
Sockets Layer] certificates are very often not the ones that would buy
higher-priced server security like Symantec CSP [Critical System Protection],
just like the people who buy copier paper are very often not the ones who make
the copier decisions," Pescatore told eWEEK. "The authentication part
is tiny and trying to sell strong authentication to consumers has been a losing
proposition for years. So Symantec gets a revenue bump, but from a
commoditizing market that they will have to divert resources to in order to
keep margins and revenue from dropping-[it] distracts from main Symantec
security areas, [it] does not augment."
However, there is more to this deal than SSL
certificates, noted Scott Crawford, an analyst with Enterprise Management
"Strong authentication and identity-linked encryption complement assets
such as DLP
and symmetric encryption,
" Crawford said. "For example, DLP can
automate the enforcement of data security policy, by engaging tools such as
identity-based encryption. Hosted PKI [public-key infrastructure] offerings
will help make identity-based encryption more manageable, and will further
bolster Symantec's hosted services and cloud initiatives, as will the
certificate validation service. VeriSign's VIP service complements Symantec's
Norton Identity Safe business in the consumer space, but will have more
applicability in the enterprise."
Symantec has said it plans to combine VeriSign's SSL
Certificate Services with Symantec CSP or Protection Suite for Servers to help
protect Web servers, as well as use VeriSign VIP
to complement the Identity Safe technology in Norton products.
"My one worry here is that as you start to divorce SSL
(which is going to Symantec) from Domain Name Services (which is staying with
VeriSign), Symantec will have the challenge of keeping that SSL
business going and growing," Forrester Research analyst Jonathan Penn
said. "The other businesses-managed PKI,
VIP strong and risk-based authentication,
and the trustmarks [or] seals-are areas where VeriSign has frankly been
underperforming and Symantec can spark growth."
The seal and trustmark business will be an area where Symantec can now go
head-to-head with McAfee, Penn added.
"The big picture here is that Symantec has concluded that its future
(along with all of our futures) is in cloud-based
and that demands some identity architecture that doesn't stop at
the network perimeter," said Paul Roberts, an analyst with The 451 Group.
"Peeling off VeriSign's authentication business from the root server
business allows them to step into the center of that ... from Symantec's
standpoint, they are making a bet that they can grow the SSL
business and that there's substance to their 'value add' argument-that enterprises
will pay more for a cert from a serious security vendor that's bundled with
other like services ... rather than running to the lowest-cost provider,"