VeriSign Inc. announced Wednesday that it will sell off its authentication services business unit to Symantec Corp. for $1.28 billion, giving Symantec a broad stake in the Secure Sockets Layer (SSL) encryption and managed Public Key Infrastructure (PKI) platform markets.
Under the terms of the agreement, Symantec will purchase the unit from VeriSign, including a majority stake in VeriSign Japan in an all cash deal. VeriSign said Symantec has indicated that it expects to offer positions to most of VeriSign's authentication employees to support the business. VeriSign will provide transitional services to Symantec. The deal is subject to regulatory approvals and is expected to close in 60 to 90 days. VeriSign said it expects to have less than 1,000 employees at the completion of the deal. It currently has about 2,200 employees.
VeriSign has been selling off divisions over the past several years. It recently sold off its managed security services division. Its global security consulting business was acquired by AT&T last year. The Wall Street Journal first reported the deal with SymantecTuesday.
VeriSign's authentication business unit contributed approximately $101.9 million or 39% of its revenues in the last quarter. Jim Bidzos, VeriSign founder and executive chairman said it made sense to shed its authentication division to a large security vendor. The market is moving to multiple security features and services within larger platforms.
"The security industry is consolidating and customers benefit when authentication services are part of a broader offering," Bidzos said. "Symantec has a broad suite of security offerings and good distribution network."
Mark McLaughlin, VeriSign president and CEO said the company would focus on its Internet infrastructure services business. VeriSign is the operator of the .com and .net domain infrastructures and operates an Internet registry naming services business which makes up about 61% of the company's business.
"We'll continue to expand our naming business and pursue new top level domains," McLaughlin said.
Enrique Salem, president and CEO of Symantec said in a statement that the deal will give the security giant the ability to incorporate identity security into new computing models. Symantec can use the technologies to improve the security of cloud-computing platforms, social networks and mobile devices, he said. While people and organizations are worried about the security of their interactions online, corporate IT is faced with giving users appropriate access and ensuring data is not at risk, Salem said.
"We believe the solution to this dilemma lies in the ubiquity of identity-based security," Salem said. "With the combined products and reach from Symantec and VeriSign, we are poised to drive the adoption of identity security as the means to provide simple and secure access to anything from anywhere, to prevent identity fraud and to make online experiences more user-friendly and hassle-free."
The deal creates the "most trusted brand for protecting information and identities online," he said in a conference call.
"It's a very good deal for Symantec. This is technology they've needed for a long time," said Scott Crawford, managing research director at Enterprise Management Associates Inc., a Boulder, Colo.-based IT industry analyst and consulting firm.
Symantec missed its opportunity to invest in identity and access control for Web applications a few years ago, but "that's a very different business from Symantec's core business which is threat defense," he said. However, what Symantec is acquiring from VeriSign is directly relevant to its current focus on securing sensitive information, as reflected in its data loss prevention assets and recent acquisitions of PGP Corp. and GuardianEdge Technologies Inc., he said.
"There's a direct relationship between identity and defense," Crawford said.
The acquisition also is relevant to Symantec's focus on building its hosted services business, he added.
For VeriSign, the deal "largely signals the end of the company's legacy, which was built on PKI and SSL certificates," Crawford said. "For years, the company has struggled with strategic focus…Hopefully, today's deal will better position the company for the future -- but the extent of today's departure from its original business (whose legacy remains in the VeriSign brand itself) cannot be overlooked."
Mark Diodati, senior analyst of identity and security at Burton Group, said VeriSign has done well with its authentication business, and anticipated the move into cloud-based strong authentication long before its competitors. It also boasts strong support for software one-time passwords for mobile devices, he said.