Symantec’s Identity CrisisBy Mike Rothman
After a year at the helm of Symantec, it seems Enrique Salem is taking a big page out of his predecessor’s playbook, basically buying everything that isn’t chained to the wall. The latest is a $1.28 billion deal to acquire VeriSign’s security business, which consists of the SSL and authentication arms.
The price seems fair, at about 4x revenue, so at least the Big Yellow is not overpaying, but so close on the heels of the encryption deals we really have to wonder about the timing. It’s hard to believe the VRSN security businesses were a hot commodity, requiring immediate action.
Before we dig into the issues let’s think about the strategy. Seems like Big Yellow is having a bit of an identity crisis. On the surface, like the PGP and GuardianEdge deals, the VeriSign authentication technologies fill a rather noticeable gap in SYMC’s product line. There are potential bundling opportunities for SSL with many of the suites already being sold, especially into the mid-market. And VeriSign never had the focus to broaden the product line, in order to really become an identity player. Symantec has the resources to continue building on this base and become an identity player. But making all this stuff work together would be a tall order for anyone.
As Rich pointed out in email, Symantec seems to be playing a lot of defense nowadays. The encryption deals were all about fending off McAfee, and now the VeriSign deal is about going after EMC. It’s hard to regain market leadership by fighting wars on multiple fronts. Part of averting the identity crisis is to more clearly communicate Symantec’s ultimate vision. That’s been shelved since the Veritas fiasco.
Now let’s take a look at the risks:
- Integration risk: As we’ve mentioned before, Symantec’s forte has been doing deals, not doing deals well. And trying to integrate the encryption companies at the same time threatens to stretch an already thin management team way too thin.
- Bundling risk: It’s not like anyone has really tried to bundle SSL certs or tokens with anything else. It’s always been a standalone business. And without some distribution leverage, they can’t make this deal pay.
- Incumbent risk: VeriSign was the big dog in SSL, but in enterprise authentication they’ve largely struggled. Which makes this an unusual deal for Symantec, which tends to overpay for market leadership. The question is whether Symantec’s channel is willing to replace RSA, which may not be a stretch given EMC’s general channel unfriendliness.
- Whole product risk: Symantec shouldn’t stop at authentication, but should use this as a platform for building a full identity offering. So that means looking at provisioning (Courion) and Federation (Ping Identity), or perhaps even another bold move to take Novell’s identity business.
Symantec has a history of chasing shiny objects, and this deal runs the risk of absorbing yet another company that then erodes without focus and execution. And given the accelerating commoditization of VeriSign’s core business, integration problems may very well kill the patient under the Big Yellow umbrella. Clearly identity is a key part of the enterprise security stack, but the worry is that Symantec is so distracted trying to gain territory from MFE and EMC/RSA that they go back to crappy execution on the cash cows.