With PGP and now Verisign, Symantec has all of the piece parts When Symantec bought Veritas, a lot of people didn’t get it. After all, what did server backup have to do with PC antivirus software? In fact storage and security work hand-in-hand in something the feds call Information Assurance. Symantec saw this synergy before most of the market.Fast forward to yesterday’s news of Symantec acquiring Verisign’s security business. Yes, SSL certificate sales drove Verisign security revenue but Symantec gets a heck of a lot more with this acquisition. Add Verisign to PGP and Symantec, and you get:1. End-to-end trust. Symantec can now create an infrastructure where any user or node can set up a trust relationship with any other. The SSL and PKI part is not new but when Symantec bundles a digital certificate in every Norton desktop, you have the potential to bring PKI to the masses. 2. PKI as a service. In a related way, Symantec has the scale and reach to marry the security power of PKI with a global SaaS service. In my opinion, this is a home run as it capitalizes on the PKI trust model while eschewing onerous PKI deployment and management. Furthermore, Verisign can now act as a CA for PGP keys as well. Authentication? Digital signatures? Non-repudiation? Symantec has the opportunity to take these geeky terms and apply their goodness to the masses. We’ve been talking about the “year of PKI” for 15 years. Symantec now has the opportunity to make it happen. 3. Key management SaaS. While PKI is used for authenticating users and signing documents, PGP can act as the backend data encryption/decryption for large files. PGP’s onsite key server can also leverage Verisign in the cloud. Afraid to manage keys? Need a key escrow service? Call Symantec.Finally, it is fashionable to talk about cloud computing and how cloud security is the long straw. If you boil down cloud security however, some of the key components are identity management, data security, and compliance management. Verisign covers the identity piece, PGP handles data security, and Symantec already has a leading IT GRC platform. Symantec can now sell you the pieces or provide the whole enchilada as a SaaS cloud service. If this isn’t an exciting security business model, nothing is. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe