Enterprise Strategy Group | Getting to the bigger truth.TM

Symantec + Verisign = Cloud Security
Jon Oltsik   |   Thursday May 20, 2010  |  0 comments | Filed under: Uncategorized

When Symantec bought Veritas, a lot of people didn’t get it. After all, what did server backup have to do with PC antivirus software? In fact, storage and security work hand-in-hand in something the feds call Information Assurance. Symantec saw this synergy before most of the market.

Fast forward to yesterday’s news about Symantec acquiring Verisign’s security business. Yes, SSL certificate sales drove Verisign security revenue, but Symantec gets a heck of a lot more with this acquisition. Add Verisign to PGP and Symantec, and you get:

  1. End-to-end trust. Symantec can now create an infrastructure where any user or node can set up a trust relationship with any other user or node. The SSL and PKI parts are not new, but when Symantec bundles a digital certificate in every Norton desktop, you have the potential to bring PKI to the masses.
  2. PKI as a service. In a related way, Symantec has the scale and reach to marry the security power of PKI with a global SaaS service. In my opinion, this is a home run as it capitalizes on PKI’s trust model while eschewing its onerous deployment and management. Furthermore, Verisign can now act as a CA for PGP keys as well. Authentication? Digital signatures? Non-repudiation? Symantec has the opportunity to take these geeky terms and apply their goodness. We’ve been talking about the “year of PKI” for 15 years; Symantec now has the opportunity to make it happen.
  3. Key management SaaS. While PKI is used for authenticating users and signing documents, PGP can act as the backend data encryption/decryption for large files. PGP’s onsite key server can also leverage Verisign in the cloud. Afraid to manage keys? Need a key escrow service? Call Symantec.

Finally, it is fashionable to talk about cloud computing and how cloud security is the long straw. If you it boil down cloud security, however, some of the key components are identity management, data security, and compliance management. Verisign covers the identity piece, PGP handles data security, and Symantec already has a leading IT GRC platform. Symantec can now sell you the pieces or provide the whole enchilada as a SaaS cloud service.

If this isn’t an exciting security business model, nothing is.

Related posts:

  1. Symantec/Verisign: The Latest Chapter Of the Colossal Demise of Verisign
  2. Symantec Moving to Define an Encryption Architecture
  3. Amazon EC2 and Symantec: What Does it Mean?
  4. PGP’s “Under the Radar” Acquisition
  5. Symantec Bolsters Public Sector Offering with Acquisition of Gideon Technologies

Tags: cloud, , , , Veritas

All views and opinions expressed in ESG blog posts are intended to be those of the post's author and do not necessarily reflect the views of Enterprise Strategy Group, Inc., or its clients. ESG bloggers do not and will not engage in any form of paid-for blogging. Click to see our complete Disclosure Policy.

Add a comment

Search
About ESG | Register | Contact Us | Disclosure Policy | Terms of Use | Privacy Policy
© 2010 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site