Symantec Corp. is entering the encryption market, acquiring encryption giant PGP Corp., and GuardianEdge Technologies Inc., in a $370 million deal that will integrate the two vendors' platforms into Symantec's centralized management platform.
"PGP will give Symantec the ability to provide more integrated and widely deployed key management and better policy controls over key management."
- Nick Selby, Managing Director Trident Risk Management
Symantec paid $70 million for San Mateo, Calif-based GuardianEdge and $300 million for PGP. The agreements are subject to regulatory approvals and are expected to close during the June quarter.
Symantec president and CEO Enrique Salem said both companies' product lines could be integrated across Symantec's product portfolio lines, including its software as a service, backup and recovery and security offerings. Symantec currently has an OEM relationship with Guardian Edge and PGP.
GuardianEdge Hard Disk Encryption and GuardianEdge Removable Storage backbone Symantec's Endpoint Encryption Product as well as the Altiris Total Management Suite. PGP's encryption technology, meanwhile, resides in the Symantec Data Loss Prevention offerings, which are based on the former Vontu solution. Symantec acquired Vontu in Novmeber 2007.
This is Symantec's first acquisition in the encryption market. One of its principal rivals, McAfee,
Encryption market changes:
acquires SafeBoot for endpoint encryption: McAfee is acquiring endpoint encryption vendor
SafeBoot Corp. in a $350 million deal to bolster the antivirus vendor's mobile device security
McAfee merges encryption, DLP with new suite: The antivirus vendor repackaged SafeBoot's endpoint encryption and encrypted USB tokens with its existing data loss prevention products.
Sophos to acquire mobile data protection company Utimaco: The independent mobile data protection market continues to shrink with Sophos' endpoint encryption acquisition.
PODCAST: Sophos CEO on Symantec, McAfee after Utimaco acquisition: Sophos CEO Steve Munford talks about the company's integration of encryption vendor Utimaco and its strategy in North America and Europe.
Salem said he's seen increased interest and inquiries from customers about investments in DLP, but said customers want encryption capabilities as a first line of defense. He singled out PGP's encryption key management as a driving factor in his company's pursuit of its longtime partner.
"Encryption is important, but what is more important is that you have policy-driven approach to the management of encryption keys," Salem said. "PGP allows us to offer key management across the breadth of our portfolio."
Symantec's $300 million acquisition of PGP, can enable it to offer its customers a full range of full disk encryption (PGP) and removable media encryption (GuardianEdge); Salem added that since are both OEM partners, he expects any integration issues to be minimal.
"At this point, we see an opportunity to go way beyond removable media and hard disk encryption, and have a policy-based key management infrastructure across the range of products we offer," he said. PGP, earlier this year, acquired ChosenSecurity. The move brought PGP into the identity management space as well; ChosenSecurity's offerings bring security and trust of individuals taking part in SSL transactions, as well as the authentication of mobile applications and the creation of digital signatures. Salem added that Symantec would be able to move trust and encryption onto endpoints, leaving server authentication and trust to leaders such as VeriSign.
"This helps us move further into identity [management] and trust of individual users," Salem said. "Expect us to do more around trust."
Symantec has had a close relationship with GuardianEdge, licensing its technology for its endpoint protection suite. The relationship was so close that Nick Selby, a former industry analyst, said he predicted the two would come together in 2009. Selby, currently managing director of Trident Risk Management, a security consultancy, said the acquisition gives Symantec a boost over McAfee Inc. and Sophos Plc, which each added encryption capabilities by making their own acquisitions. (McAfee acquired Safeboot Inc. in 2007, and Sophos acquired Utimaco Safeware AG in 2008.)
Selby said Symantec shouldn't have many integration issues. While there is some overlap, the two vendors mostly complement each other, helping Symantec integrate encryption across data loss prevention, email and file and server protection. Integrating PGP's key management platform into the Symantec Protection Center will help centralize encryption management, he said.
"PGP will give Symantec the ability to provide more integrated and widely deployed key management and better policy controls over key management," Selby said. "GuardianEdge is very good at removable media and mobile device encryption and they're better at rolling encryption out and updatability."
Selby said, Symantec will have to continue to demonstrate that it can continue to improve in integrating its acquisitions, as it did with its acquisition of DLP vendor Vontu in 2007. Integrating encryption and key management into an heterogeneous, enterprise-wide portolio is a non-trivial task, he said. If done successfully it can be a huge growth opportunity for Symantec, he said.
"Up until a year ago, Symantec was a place where good software went to die," Selby said. "Symantec has aggressively turned that around but they're still fighting years and years of badly managed, badly integrated acquisitions."