• United States



by Shane Schick, ComputerWorld Canada

RIM Makes Hostile Takeover Bid for Encryption Firm

Dec 05, 20083 mins
EncryptionMobile Security

TORONTO (12/04/2008) – Research In Motion’s hostile bid for Canadian security firm Certicom Corp. could make the BlackBerry a safer choice for enterprise customers, particularly within the public sector, industry analysts said Thursday.

The Waterloo, Ont.-based BlackBerry maker made its all-cash offer on Wednesday for Mississauga, Ont.-based Certicom after reporting lower-than-expected third-quarter earnings. Certicom’s board rejected the bid and in a statement said that other parties were also looking at acquiring the firm. RIM’s own public statements revealed the company has been trying unsuccessfully to negotiate with Certicom since February of last year.

Certicom is best known for its Elliptic Curve Cryptography (ECC), which is used by Motorola, IBM and a number of other customers to protect information using a complex mathematical approach to IT security.

Ronald Gruia, an analyst with Toronto-based Frost & Sullivan, said Certicom would represent a highly valuable piece of intellectual property for RIM and its BlackBerry product line.

“I think that this takeover news is interesting. (Certicom) has integration with a whole bunch of different handset vendors. I think this will ultimately strengthen the (BlackBerry) portfolio,” he said. “They couldn’t reach an agreement and I think it’s a decent premium. They have been around for quite some time.”

A big part of RIM’s business is focusing on government and meeting the various levels of security required by the public sector, said Ryan Reith, an analyst with IDC based in Boston. In the U.S., for example, the government requires technology vendors to address five different levels of encryption, and so far, RIM has accomplished three of them.

“There’s a constant need for them to seek alternative routes to build their encryption technology team. There’s very sensitive information, whether it’s across government or any firm that’s supposed to sync with your contacts and the back end of things, like file sharing and such. It’s a whole world that scares a lot of people out there.”

If RIM bought Certicom, it might not have to apply ECC at the device level, Reith said. For enterprise customers, a lot of the security sits on the BlackBerry Enterprise Server (BES). There is also the network operations centre in a company, where security software is streamed through to the device.

“With the BlackBerry, usually (data) gets encrypted before it leaves the network operations centre, then gets re-encrypted when it gets to the BES, then a third time when it hits the device,” he said.

There are some technologies already on the market that could overlay on top of a BlackBerry implementation that could meet the RS 232 telecommunications standard, Gruia said. RIM could also avoid the acquisition route altogether by partnering with a security company that could offer customers a similar level of encryption. Earlier this year, EMC’s RSA division launched a two-factor authentication tool for the BlackBerry.

“It’s not only Obama that they want,” he said, referring to U.S. president-elect Barack Obama’s reported loyalty to the BlackBerry within the American public sector. “There’s the power systems industry, health care . . . there are lots of industries where you need to protect this kind of communication.”

RIM is going after Certicom at a time when the company has seen significant changes at the top. In January, for example, Karna Gupta replaced interim president and CEO Bernard Crotty, who remains on the Board.