Symantec and VeriSign; a new online trust powerhouse or some techno-Frankenstein built from mis-matched parts.

This little, nerdy, techie nichy type of article would normally go right over my head, but given my background in security (Computer Associates and Comodo), the recent news about Symantec acquiring VeriSign got me thinking. The deal, in a nutshell, means that Symantec, known for its security suite is looking to expand into the authentication business by buying VeriSign, a certification authority, whose core product, SSL certificates, is BTW shrinking.

Here’s the official Symantec spin:

The combination of VeriSign’s security products, services and recognition as the most trusted brand online and Symantec’s leading security solutions and widespread distribution will enable Symantec to deliver on its vision of a world where people have simple and secure access to their information from anywhere.”

Symantec and VeriSign actually have a lot in common. They both grew by acquiring technology (as an aside I think Symantec is good at integrating new companies into its line-up). Both are in a commodity business with real challenges in managing partners and pricing:

“With this acquisition, we extend our strategy to create the most trusted brand…The VeriSign check mark is the most recognized symbol of trust online… Symantec’s security solutions and the company’s Norton-branded suites protect more than one billion systems and users around the world. By bringing these security assets together, Symantec will become the leading source of trust online.”

But one is left scratching their head when you continue to read the Symantec explanation of why they are acquiring VeriSign. Here is clincher:

“Symantec plans to incorporate the VeriSign check mark into a new logo to convey that it is safe to communicate, transact commerce and exchange information online.”

You read right. While the clearly appreciate the power of the VeriSign icon – they intend to ditch it. Something does not compute.

What do I think is going on here? For my money, both companies needed each other as a defensive stance rather than as growth measure. Let’s start with VeriSign. Their product line has come under significant pressure from a wide variety of sources given the wide net of their largely unsuccessful acquisition efforts. Worse, in their core SSL business, there was no way to maintain a premium pricing structure given the success of value based alternatives such as GlobalSign or Comodo.

As for Symantec, they are frantically acquiring companies and the VeriSign deal was the third encryption-related purchase for Symantec in three weeks! Their land grab in the authentication space is necessary because; a) there little home grown technology to build from and b) as security solutions become utterly commoditized, the higher margin opportunities are left in authentication services.

I can only speculate on the net gain or loss for the shareholders of both companies, but Symantec’s sudden fondness for becoming “…the leading source of trust online” seems rather “Johnny come lately” especially given their current “confidence in a connected world” focus.

Becoming a “leading source of online trust” is not something you wake up to one morning and decide to do. It is has to be the central “why” to a company. It has to drive how you innovate, what you acquire and how you build your offerings. Have I ever seen that kind of intense commitment to online trust from Symantec? Nope. Can you say that the VeriSign is a brand that means some notion of online trust? Yup. Are either company known as a technology innovator? No and not in this lifetime.

That’s why when you add this acquisition to the other companies Symantec acquired, you start getting this vague techno-Frankenstein quality to its brand as though some “mad board of techno-scientists” tried to create a viable company from the parts other companies. Paying $1.3B for a company with about $400MM in sales seems a lot to pay so possibly some “trust” dust will cling to the Symantec brand. IMHO though – the math doesn’t add up.

But hey – don’t trust my opinion – I’m just a curious bystander.

Judy Shapiro


12 Responses

  1. It’s interesting that you mention the logo. 15 years ago, I always looked for the logo. Today, what logo? I rarely pay any attention to it at all. As for the acquisition itself, diversification is always a good thing. This is just another notch on Symantec’s expanding enterprise belt. Is Symantec following the Cisco approach, which is to gobble up everything it can, like a big giant ever growing slime monster? When a company’s goal is to become the number one brand in certain market segments, consumption is the way to go. I wonder who else Symantec is planning to put on its power lunch menu?

    • Well said Mister Reiner!

      I have no issue with Symantec’s lofty goals — but the question here is do they have the depth to pull it off? For Symantec to all of a sudden go after the “online trust” business is way too little way too late.

      Comodo already has a long head start — in fact their tagline of 10 years is “creating trust online” (Author’s disclaimer – I used to work for Comodo though I have no current “official” ties with the company. I’m just a fanboy — or should I say fangirl. Well you get the point 🙂

      Your description of Symantec as the “big giant ever growing slime monster” is ever more graphic than my Frankenstein visual metaphor. You win the monster wars 🙂


  2. Hi Judy — good post. This reminds me when AT&T was trying to save its premium long distance pricing. It couldn’t do it in light of the competitors like Sprint and MCI.

    VeriSign is similarly challenged. It didn’t end well for ATT — so I tend to agree with you. It does not look like a win. LN

  3. Hah hah – the Frankenstein metaphor is apt. And I agree with you about Comodo (don’t know GlobalSign). They have been on my radar for about 5 years — continue to be surprised by them (in a good way). I use them for our corporate certs and they beat VeriSign hands down.

    We’ll see how this shakes out but so far it looks rather “ugly”.


  4. PS — I just saw this link for how the CEO of Comodo, Melih Abdulhayoglu explains this acquisition.;msg398632#msg398632

    My favorite part though is when he says:

    “I hope they will give all their consumers security products to consumers for free! We do! Because we care for our users and we care about the security of internet!”

    Giving away free security products is something Comodo decided to do and then built a business model to support that goal. They have been working at this for years. It’s hard for me to see how Symantec can really walk the walk of being a leading online trust provider just because they bought VeriSign.

    I guess time will tell.

  5. VeriSign had to sell — the future is not just about selling stuff to companies but about having security at both ends of the funnel. Consumers have to able to secure themselves at the same time.

    Symantec got no bargain here — but they also had to expand beyond security since there is no way to maintain margins in the security space.

    But I am not sure I would characterize this as either a growing slime monster or a Frankenstein. To me it is more like a a blended family — kinda of awkward at first but rich in possible new bonds. I want to be optimistic.

  6. Funny image — “Frankenstein” –

    I agree – it seems like 2 weakened companies clinging to each other to get stronger. That does not work when rescuing someone from drowning and it won’t help here either.

  7. My favorite line in this post;

    “Paying $1.3B for a company with about $400MM in sales seems a lot to pay so possibly some “trust” dust will cling to the Symantec brand.”


  8. Is “trust dust” like “pixie dust” for technology companies?

  9. The VeriSign seal has not meant much for years. In fact, the lock is still barely understood by most.

    Current ways to protect users online is utterly flawed. It requires too much of users who can not possibly know how to interpret the information. I, for one, hope that with VeriSign gone (or likely to be so very soon) maybe a better model can emerge.


  10. This article points to a problem the industry faces. The bad guys are better at launching attacks faster than any amount of security on a site can protect end users. I don’t really use VeriSign anymore to assure me that a site is safe.

    But the industry is full of sleazy people trying to trade on other people’s ignorance. Today, Comodo “found” a vulnerability in verisign’s ssl products. The timing is suspiciously close to this announcement. Feels like a PR stunt to me so they lost my trust too.

    In the online world — buyer beware and it seems like you have to become a security expert yourself. Stan

  11. Hi Stan —

    Here is how the CEO of Comodo, Melih Abdulhayoglu, explained the vulnerability in VeriSign’s SSL in the Comodo Forum.;msg408642#msg408642

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: