By Toby Weir-Jones, Vice President of Product Development, Managed Security Solutions Group, BT Global Services

.

How could this happen?  VeriSign used to have more brand equity in Internet infrastructure security than anybody.  They built public certificate authorities and secured widespread adoption of their root certificates starting in 1995 – and along with Thawte, they were the first root CA to have certificates installed in Netscape Navigator.  They became inextricably linked with the Padlock Icon revolution of browsers.  VeriSign purchased Thawte Technologies from Mark Shuttleworth for $575 Million in stock in 1999 – more than $850 million in today’s money – and owned the two largest Certificate Authorities online.  They took a commanding role in the Managed Security Services space, buying Guardent in 2003.  Along the way, they built significant businesses in secure mail, payment processing and professional services.

VeriSign also acquired Network Solutions in 2000 and started building out an enhanced Naming & Directory Services group, which controls .com, .net, .cc, and .tv.  They used to operate .org as well but had to give it up in 2003.  VeriSign claims it operated comfortably in excess of 30 billion DNS inquiries every day, and the company operates the internet’s two root name servers. 

Yet in the past several months – culminating in the most recent announcement of Symantec’s acquisition of the “authentication services” business for $1.28B – VeriSign has pared itself down to have little to do with enabling security at all.  The company sold its MSS business in mid-2009, and messaging, reselling, and various other units have all moved on or disappeared.  VeriSign’s press release of May 19 even says, “Following the close of this transaction, VeriSign’s remaining business will consist of its Naming Services business, which contributed approximately $162 million or 61 percent of the company’s revenues in the quarter ended March 31, 2010.”

VeriSign was originally a spinoff from RSA, intended to commercialize the cryptography technologies required to create X.509 certificates and build a services business around them.  They did so, very successfully, and as a result invited a lot of competition.  Ultimately, many of these businesses saw tremendous increases in price pressure, and a tendency towards commoditization, and its profitability waned.  You can make up some of the difference if you can increase sales volume, but only to a point; eventually, your overhead and organization becomes the limiting factor, and you can’t afford to support the business any further. 

Yet security has only increased in prominence in the past 10 years.  Why does VeriSign believe they should no longer make a business of it?  It’s hard to say.  Despite VeriSign being a public company, mandatory financial reporting didn’t include a detailed breakdown of P&L by business unit, and historically those numbers have been deliberately opaque.  A simple example:  when SecureWorks acquired the VeriSign MSS business, the press release claimed that the combined revenues were “greater than $100M,” yet the industry scuttlebutt on each company’s individual run rates would have led us to expect a figure closer to $200 million at the time. 

The market has changed.  At its peak, VeriSign’s stock traded at more than $258 (in February 2000) and now hovers around $27.  Its market cap today is $5 billion, compared to an on-paper peak of almost $50 billion at the height of the dot-com boom. 

Profits don’t come easily, and opportunities to innovate require a lot more insight and discipline than they used to.  That’s the same trend any market will experience – it’s standard business school 101 stuff.  Yet rather than stay and fight, VeriSign has decided to abandon its roots and focus purely on a market in which it holds something close to a monopoly interest. 

There is no doubt that internet directory and naming services will continue to grow and be essential, but what happens when the other TLD registrars prepare for their next phase of growth?  VeriSign needs to bring its significant intellectual capital and resources to bear on increasing its scope of services and opportunity for its customers, rather than entrenching itself around the chosen core.