Safety through services

VeriSign's acquisition of SecureIT marks yet another buy in a string of Internet security companies adding a services arm.

2 min read
VeriSign's acquisition today of SecureIT marks another Internet security company adding a services arm to help corporate customers implement security measures on their networks.

VeriSign picks up 40-plus consultants with its $60 million stock-for-stock acquisition--paying more than $1 million each. VeriSign joins enterprise security firm Check Point in beefing up its services offerings, amid similar moves recently by Network Associates and Secure Computing.

"There is certainly plenty of consolidation in the security market--we go from companies buying firewall companies to buying encryption companies and now beefing up services," said Ted Julian, security analyst at Forrester Research.

Analysts say VeriSign's acquisition underscores the complexity of implementing security applications in general but specifically digital certificates, which serve as electronic IDs for use on networks. The system to issue, verify, revoke, and renew digital certificates is called a public key infrastructure or PKI.

"These things tend to be difficult to get installed, up and running, certificates administered," said Marlo Kosanovich, security analyst with Meta Group. "This gives VeriSign a way to help get that done."

The PKI market has been active lately. Entrust Technologies, which sells PKI software, recently filed to go public and made its own services acquisition in Europe.

ValiCert today announced that it has created a module for validating certificates under Intel's security framework, called Common Data Security Architecture or CDSA. Intel, an investor in ValiCert, will incorporate ValiCert's toolkit in its reference implementation of CDSA, which is backed by IBM, RSA Data Security, and Security Dynamics, RSA's parent.

VeriSign positions the SecureIT acquisition as adding general security expertise to its existing consulting force, which has been targeted primarily at implementing PKI or digital certificates in corporate environment. VeriSign's OnSite service lets companies issue digital IDs directly to employees or customers but lets VeriSign handle management of those certificates.

"On the enterprise side, we have enabled over 75 pretty significant companies and government agencies to operate their own PKIs using digital certificates," said Anil Pereira, VeriSign's director of marketing. SecureIT consultants will work with existing VeriSign customers to employ digital certificates, now commonly used for secure email and extranets, in other applications.

"Customers want this expertise," Pereira added, noting that VeriSign also can sell its PKI offerings to SecureIT's 300 existing customers. "At some point, customers want to call up one company and say, 'Can you do this?' We'd like to bring them to the next generation of deployment."

Forrester's Julian agreed: "Having a strong services team as part of the organization helps speed deployment. If the growth of the market is dependent on internal expertise [in managing PKIs], that's going to limit the potential for growth of the market."

Added Sathvik Krishnamurthy, vice president of marketing for ValiCert: "Certificate authorities and PKIs have a relatively high cost of ownership, especially with year 2000 issues, so vendors that can provide complete services including consulting and implementation to help with the overall cost of ownership are getting a lot of mind share."