• United States



Contributing Writer

Symantec + Verisign = Cloud Security

May 20, 20102 mins
Cisco SystemsData and Information Security

With PGP and now Verisign, Symantec has all of the piece parts

When Symantec bought Veritas, a lot of people didn’t get it. After all, what did server backup have to do with PC antivirus software? In fact storage and security work hand-in-hand in something the feds call Information Assurance. Symantec saw this synergy before most of the market.Fast forward to yesterday’s news of Symantec acquiring Verisign’s security business. Yes, SSL certificate sales drove Verisign security revenue but Symantec gets a heck of a lot more with this acquisition. Add Verisign to PGP and Symantec, and you get:1. End-to-end trust. Symantec can now create an infrastructure where any user or node can set up a trust relationship with any other. The SSL and PKI part is not new but when Symantec bundles a digital certificate in every Norton desktop, you have the potential to bring PKI to the masses. 2. PKI as a service. In a related way, Symantec has the scale and reach to marry the security power of PKI with a global SaaS service. In my opinion, this is a home run as it capitalizes on the PKI trust model while eschewing onerous PKI deployment and management. Furthermore, Verisign can now act as a CA for PGP keys as well. Authentication? Digital signatures? Non-repudiation? Symantec has the opportunity to take these geeky terms and apply their goodness to the masses. We’ve been talking about the “year of PKI” for 15 years. Symantec now has the opportunity to make it happen. 3. Key management SaaS. While PKI is used for authenticating users and signing documents, PGP can act as the backend data encryption/decryption for large files. PGP’s onsite key server can also leverage Verisign in the cloud. Afraid to manage keys? Need a key escrow service? Call Symantec.Finally, it is fashionable to talk about cloud computing and how cloud security is the long straw. If you boil down cloud security however, some of the key components are identity management, data security, and compliance management. Verisign covers the identity piece, PGP handles data security, and Symantec already has a leading IT GRC platform. Symantec can now sell you the pieces or provide the whole enchilada as a SaaS cloud service. If this isn’t an exciting security business model, nothing is.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author