We have a team of analysts that will be publishing our formal recommendations to clients shortly. In the interim, here my observations:
From a technology perspective, the deal makes sense. The acquisition of both encryption vendors fills a gaping hole in Symantec’s strategy. After Symantec’s recent Vision conference, I posted this:
Symantec did nothing to close its encryption gap. Sophos, Check Point and McAfee made their moves long ago. Symantec still needs its own technology that would span its security, messaging and storage offerings.
This set of acquisitions (both are strong providers of encryption services as discussed in this research note for clients) will close this gap.
From a business perspective, Symantec was losing deals to Sophos, McAfee, Check Point and others that were bundling in encryption into endpoint protection deals. While Symantec had an OEM deal with GuardianEdge, it was still constrained in how low pricing could go in this highly competitive space. The already-existing integration that GuardianEdge had with Symantec will speed its full integration into the Symantec Endpoint Client and Protection Center management console. On the downside, there is some overlap between PGP and GuardianEdge technologies that will need to be rationalized.
These acquisitions are not just an on-premises play for endpoint encryption. PGP will fill the need for encryption and key management of Symantec’s hosted email and email protection services as well as storage and backup services. Encryption and effective key management will be a key foundation for secure Cloud computing.
Finally, the acquisition puts tremendous pressure on Trend Micro to do something in this space. It is the last major Endpoint Protection Platform vendor that doesn’t offer its own encryption technology (or from an OEM partner). Its 2008 acquisition of Identum (cool technology that will benefit its cloud-based offerings) isn’t enough to fill the need for full drive and removable device encryption policies locally.