We have a team of analysts that will be publishing our formal recommendations to clients shortly. In the interim, here my observations:
From a technology perspective, the deal makes sense. The acquisition of both encryption vendors fills a gaping hole in Symantec’s strategy. After Symantec’s recent Vision conference, I posted this:
Symantec did nothing to close its encryption gap. Sophos, Check Point and McAfee made their moves long ago. Symantec still needs its own technology that would span its security, messaging and storage offerings.
This set of acquisitions (both are strong providers of encryption services as discussed in this research note for clients) will close this gap.
From a business perspective, Symantec was losing deals to Sophos, McAfee, Check Point and others that were bundling in encryption into endpoint protection deals. While Symantec had an OEM deal with GuardianEdge, it was still constrained in how low pricing could go in this highly competitive space. The already-existing integration that GuardianEdge had with Symantec will speed its full integration into the Symantec Endpoint Client and Protection Center management console. On the downside, there is some overlap between PGP and GuardianEdge technologies that will need to be rationalized.
These acquisitions are not just an on-premises play for endpoint encryption. PGP will fill the need for encryption and key management of Symantec’s hosted email and email protection services as well as storage and backup services. Encryption and effective key management will be a key foundation for secure Cloud computing.
Finally, the acquisition puts tremendous pressure on Trend Micro to do something in this space. It is the last major Endpoint Protection Platform vendor that doesn’t offer its own encryption technology (or from an OEM partner). Its 2008 acquisition of Identum (cool technology that will benefit its cloud-based offerings) isn’t enough to fill the need for full drive and removable device encryption policies locally.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.