Meet the Bloggers Twitter BTSecureThinking YouTube Channel Blogroll About BT Looking for more?
BTSecureThinking Resources center

SecureThinking > Tags

Posts tagged - VeriSign

Thursday, January 6, 2011

Consolidation Continues: Dell Acquires SecureWorks

By Toby Weir-Jones, Vice President of Product Development, BT Counterpane    

Last May, we wrote about the changing face of VeriSign, and how it was largely exiting its traditional enterprise security businesses.  Since then, we’ve seen a lot more M&A activity in the enterprise security market.

What’s clear is that HP was the first to diversify its services business, and Dell is rapidly following suit.  They will both compete against IBM and other traditional players in the space, but presumably with a higher-tech positioning, rather than safe, process-driven conservative infrastructure. 

Now, after returning from the holidays, one of the first announcements I saw was that Dell is acquiring SecureWorks, which is already comprised of a number of other components, from Lurhq to VeriSign and others.  Privately held SecureWorks doesn’t have to reveal the price, though presumably we’ll find out via Dell’s SEC filings.  The press releases all say FY2010 revenues would end up around $120M, but there is no indication of the split between managed services and PS-style consulting.

This is not the first interaction between Dell and SecureWorks – the two companies announced a relationship last July in which Dell would resell certain parts of the SecureWorks portfolio. 

We see this move positively, since it validates a strategy BT employed more than four years ago when it bought Counterpane.  Managed security services (MSS) are essential for almost every corporate client with any kind of sophistication on their network, but it’s also essential that those services be closely coupled with other IT-type activities.  For example, if you operate a hosted application server farm, providing your customers a checkbox option to purchase your compliance monitoring and reporting package is a blindingly obvious thing to do.  The end customer doesn’t need visibility into all the technology decisions that enable the MSS to work – they are interested in app hosting, after all – and the hosting provider knows that if the customer still fails their audits, no renewal will be forthcoming.  So the pressure is still on to ensure that all the magic supporting that single checkbox is state-of-the-art.

Some customers will always want independent security providers, to avoid perceptions of conflict, and to have more direct access to the R&D functions when they have special requirements.  Most, however, recognize that adding yet another vendor, with yet another contract, account team, and procurement exercise, is not worth the purported benefits that such direct access would provide.  This is because the deliverables from managed security services are becoming increasingly aligned with audit and compliance, rather than bleeding-edge technology.  The audit process, by its very nature, defines its objectives around established best practices and doesn’t reward dramatic technological risk-taking. 

Customers should reasonably ask whether Dell will be able to step into the frenzied world of managed security services without any missteps.  Its experience as a SecureWorks reseller for the past six months will have given them some idea of the commercial potential of the business, but not necessarily the operational features, variable costs of R&D and planning aspects of how to grow the MSP infrastructure rapidly.

Posted at 2:50 PM in SecureStrategies | 1 Comment »
Tags: , , , , , , ,

Bookmark and Share

Wednesday, May 26, 2010

Wither VeriSign? Further Consolidation in the Security Marketplace

By Toby Weir-Jones, Vice President of Product Development, Managed Security Solutions Group, BT Global Services

.

How could this happen?  VeriSign used to have more brand equity in Internet infrastructure security than anybody.  They built public certificate authorities and secured widespread adoption of their root certificates starting in 1995 – and along with Thawte, they were the first root CA to have certificates installed in Netscape Navigator.  They became inextricably linked with the Padlock Icon revolution of browsers.  VeriSign purchased Thawte Technologies from Mark Shuttleworth for $575 Million in stock in 1999 – more than $850 million in today’s money – and owned the two largest Certificate Authorities online.  They took a commanding role in the Managed Security Services space, buying Guardent in 2003.  Along the way, they built significant businesses in secure mail, payment processing and professional services.

VeriSign also acquired Network Solutions in 2000 and started building out an enhanced Naming & Directory Services group, which controls .com, .net, .cc, and .tv.  They used to operate .org as well but had to give it up in 2003.  VeriSign claims it operated comfortably in excess of 30 billion DNS inquiries every day, and the company operates the internet’s two root name servers. 

Yet in the past several months – culminating in the most recent announcement of Symantec’s acquisition of the “authentication services” business for $1.28B – VeriSign has pared itself down to have little to do with enabling security at all.  The company sold its MSS business in mid-2009, and messaging, reselling, and various other units have all moved on or disappeared.  VeriSign’s press release of May 19 even says, “Following the close of this transaction, VeriSign’s remaining business will consist of its Naming Services business, which contributed approximately $162 million or 61 percent of the company’s revenues in the quarter ended March 31, 2010.”

VeriSign was originally a spinoff from RSA, intended to commercialize the cryptography technologies required to create X.509 certificates and build a services business around them.  They did so, very successfully, and as a result invited a lot of competition.  Ultimately, many of these businesses saw tremendous increases in price pressure, and a tendency towards commoditization, and its profitability waned.  You can make up some of the difference if you can increase sales volume, but only to a point; eventually, your overhead and organization becomes the limiting factor, and you can’t afford to support the business any further. 

Yet security has only increased in prominence in the past 10 years.  Why does VeriSign believe they should no longer make a business of it?  It’s hard to say.  Despite VeriSign being a public company, mandatory financial reporting didn’t include a detailed breakdown of P&L by business unit, and historically those numbers have been deliberately opaque.  A simple example:  when SecureWorks acquired the VeriSign MSS business, the press release claimed that the combined revenues were “greater than $100M,” yet the industry scuttlebutt on each company’s individual run rates would have led us to expect a figure closer to $200 million at the time. 

The market has changed.  At its peak, VeriSign’s stock traded at more than $258 (in February 2000) and now hovers around $27.  Its market cap today is $5 billion, compared to an on-paper peak of almost $50 billion at the height of the dot-com boom. 

Profits don’t come easily, and opportunities to innovate require a lot more insight and discipline than they used to.  That’s the same trend any market will experience – it’s standard business school 101 stuff.  Yet rather than stay and fight, VeriSign has decided to abandon its roots and focus purely on a market in which it holds something close to a monopoly interest. 

There is no doubt that internet directory and naming services will continue to grow and be essential, but what happens when the other TLD registrars prepare for their next phase of growth?  VeriSign needs to bring its significant intellectual capital and resources to bear on increasing its scope of services and opportunity for its customers, rather than entrenching itself around the chosen core.

Posted at 4:34 PM in SecureAlert | 2 Comments »
Tags: , , , , , , , , , , , ,

Bookmark and Share