Symantec Moves To ID With Verisign Buy

For once, the Wall Street rumour mill got it right: Symantec made it official today that it is buying VeriSign’s SSL business unit for $1.28 billion (£890m). The deal brings VeriSign’s lucrative digital certificate business – which generates more than $400 million (£278m) a year in revenue – under the Big Yellow umbrella.

What the speculators and financial analysts (myself included) missed in the rumors preceding the announcement is the other technologies and services Symantec is picking up in the deal and the significance VeriSign will have on the rest of the Symantec security portfolio. To put it succinctly, Symantec is transforming its security position to one that’s identity-based.

Identity-based security

In a call with financial analysts and press, Symantec CEO Enrique Salem said the following:

“IT is faced with the challenge of giving people appropriate access while ensuring that corporate data is never at risk. We believe the solution to this dilemma lies in the universal adoption of identity-based security. Identity-based security provides the assurance that as information moves in and out of the cloud, across any device and between the network, it is always protected. The user’s identity drives what information they can access and how it can be used and shared, independent of the device or application.”

What Symantec looks to do with PKI and SSL assets acquired through VeriSign is become the centre of the “Trusted Web,” where users will have certificates to access sensitive personal and corporate information. This type of identity management is projected to be a $1.6 billion (£1.1bn) market by 2013, according to IDC.

But the business opportunity goes beyond simply user authentication and broad public PKI services. Symantec believes the value of the VeriSign deal will come by cross-selling Symantec endpoint security and compliance products to consumers, midmarket businesses and enterprises. The authentication services and mechanism will give Symantec critical security elements for both on-premises and cloud application security.

Compatibility of VeriSign and Symantec

In an interview with Francis deSouza, senior vice president of Symantec’s enterprise security and compliance group, he said the synergies between VeriSign’s SSL certificates and Symantec’s existing security products are tremendous. The potential market opportunity for ensuring data security and easily deployable PKI services is enhanced with the capabilities brought to the table with the pending acquisition of PGP.

“We found that the same person that buys the SSL certificates was often the same person buying Symantec’s critical protection products, so we have an opportunity to bring these two together,” he said.

The VeriSign team coming on board to Symantec, represented by Fran Rosch, senior vice president of Business Authentication, believes Symantec’s deep enterprise sales team and broad channels will help the SSL business reach new customers and market segments that VeriSign couldn’t reach on its own. Today, the SSL and authentication business generates more than $400 million in sales, of which 60 percent are through VeriSign’s online store and telemarketing sales.

The acquisition isn’t expected to close until September, following regulatory reviews and government approval. Symantec isn’t waiting for the close to start leveraging the branding of VeriSign’s Trust Seal and SSL Certified seals, which denote the security of more than 90,000 websites and are seen by more than 200 million web users worldwide. Salem said Symantec would incorporate VeriSign’s “check mark” into its branding as a reflection of becoming a source of trust for web security.

How much will all this affect Symantec’s 40,000 and VeriSign’s 10,000 reseller partners? For the time being, not much. Neither Symantec nor VeriSign knows the overlap between the two channels, but suspect it’s not insignificant. deSouza said Symantec will convert as many nonpartners to the channel programme as possible. While the plan is for the respective companies’ sales teams and channels to cross-sell products, initial indications are that the two sales organisations will remain segregated.

In an email to partners, Executive Vice President of Worldwide Sales Bill Robbins said, “Following the close of the acquisition, VeriSign products will not initially be available for sale through Symantec’s channel partners. As we broaden our go-to-market approach over time, we will assess how VeriSign products will be incorporated into Symantec’s wider channel strategy. We look forward to sharing the channel strategy, along with the updates to our brand and the value it represents to our mutual customers, as more information becomes available. Until then, please continue operating business as usual.”