Verizon, Cybertrust, and the death of the MSSP

Came in this morning to learn that the telcom giant Verizon Business is swallowing up Cybertrust, the global information security company, for an undisclosed amount. (Press announcement here.) While Verizon says it is still working on its integration strategy and doesn’t know whether the name “Cybertrust” will disappear after the acquisition, expected to close in 60 to 90 days, it seems that it’s time to say goodbye to one of the last big standalone information security companies.

Last month, I spoke with Frost & Sullivan about the largest MSSPs in North America. At the time, there were eight: AT&T, Cybertrust, Getronics, IBM, Sprint, Symantec, VeriSign and Verizon. And now there are seven. What’s more, depending on whether one still chooses to classify Symantec as a “security” company, none of the remaining companies are really security companies. (More on this trend coming in our July issue.) Perusing the acquisitions these seven companies have made in the last couple years is sort of like taking a walk through the infosec graveyard. Ubizen. RedSiren. Internet Security Systems. @Stake. Riptech. Guardent. The list goes on.

Kinda makes you think about Bruce Schneier’s recent comments about why we really need a security industry. At this rate, we may just not have one for long.

The good news is, larger, IT- or network-centric companies may be in a better power position, technically speaking, to improve information security. The bad news is, you can bet they’ll start their sales spiel with the CIO, not the CSO. Which means it may get harder, rather than easier, for companies to have in place appropriate segregation of duties, as they to struggle both keep the network running, and to keep the network safe.

-Sarah D. Scalet