Symantec Corp. is entering the encryption market, acquiring encryption giant PGP Corp., and GuardianEdge Technologies Inc., in a $370 million deal that will integrate the two vendors' platforms into Symantec's centralized management platform.
Symantec paid $70 million for San Mateo, Calif-based GuardianEdge and $300 million for Menlo Park, Calif.-based PGP. The agreements are subject to regulatory approvals and are expected to close during the June quarter.
Symantec president and CEO Enrique Salem said both companies' product lines could be integrated across Symantec's product portfolio lines, including its Software as a Service, backup and recovery and security offerings. Symantec currently has an OEM relationship with Guardian Edge and PGP.
GuardianEdge Hard Disk Encryption and Removable Storage, backbone Symantec's Endpoint Encryption Product as well as the Altiris Total Management Suite. PGP's encryption technology, meanwhile, resides in the Symantec Data Loss Prevention offerings, which are based on the former Vontu solution. Symantec acquired Vontu in November 2007.
This is Symantec's first acquisition in the encryption market. One of its principal rivals, McAfee Inc., acquired SafeBoot Corp. in November 2007. SafeBoot was an encryption and user authentication vendor; SafeBoot is now the McAfee Endpoint Encryption product.
Salem said he's seen increased interest and inquiries from customers about investments in DLP, but said customers want encryption
"Encryption is important, but what is more important is that you have policy-driven approach to the management of encryption keys," Salem said. "PGP allows us to offer key management across the breadth of our portfolio."
Symantec's $300 million acquisition of PGP, can enable it to offer its customers a full range of full disk encryption (PGP) and removable media encryption (GuardianEdge); Salem added that since are both OEM partners, he expects any integration issues to be minimal.
"At this point, we see an opportunity to go way beyond removable media and hard disk encryption, and have a policy-based key management infrastructure across the range of products we offer," he said. Earlier this year, PGP acquired ChosenSecurity. The move brought PGP into the identity management space as well; ChosenSecurity's offerings bring security and trust of individuals taking part in SSL transactions, as well as the authentication of mobile applications and the creation of digital signatures. Salem added that Symantec would be able to move trust and encryption onto endpoints, leaving server authentication and trust to leaders such as VeriSign Inc.
"This helps us move further into identity [management] and trust of individual users," Salem said. "Expect us to do more around trust."
Symantec has had a close relationship with GuardianEdge, licensing its technology for its endpoint protection suite. The relationship was so close that Nick Selby, a former industry analyst, said he predicted in 2009 that the two vendors would come together. Selby, currently managing director of Trident Risk Management, a security consultancy, said the acquisition gives Symantec a boost over Sophos Plc. and brings it closer to its rival McAfee. Both vendors added encryption capabilities by making their own acquisitions. (McAfee acquired Safeboot Inc. in 2007, and Sophos acquired Utimaco Safeware AG in 2008.)
Selby said Symantec shouldn't have many integration issues. While there is some overlap, the two vendors mostly complement each other, helping Symantec integrate encryption across data loss prevention, email and file and server protection. Integrating PGP's key management platform into the Symantec Protection Center will help centralize encryption management, he said.
"PGP will give Symantec the ability to provide more integrated and widely deployed key management and better policy controls over key management," Selby said. "GuardianEdge is very good at removable media and mobile device encryption and they're better at rolling encryption out and updatability."
Selby said, Symantec will have to demonstrate that it can continue to improve in integrating its acquisitions, as it did with its acquisition of DLP vendor Vontu in 2007. Integrating encryption and key management into an heterogeneous, enterprise-wide portolio is a non-trivial task. If done successfully it can be a huge growth opportunity for Symantec, he said.
"Up until a year ago, Symantec was a place where good software went to die," Selby said. "Symantec has aggressively turned that around but they're still fighting years and years of badly managed, badly integrated acquisitions."