-added contribution from Dr. Mitul Mehta

Finally, acknowledging long pending customers’ requests, Symantec Corp. is entering the encryption market with the twin acquisition of PGP Corp. and GuardianEdge Technologies Inc. Both strongly established vendors. Currently the worldwide encryption market is estimated to be roughly around a billion dollars and growing at 18 percent pa. The twin acquisition not only signifies Symantec’s entry into the encryption market but ensures it leadership position in terms of market share. Below we will outline our early initial guidance for end-user clients as to the significance of the deal, the need to acquire both companies, the likely roadmap ahead and our advice on what you should consider.

The Deal

On 29^th April 2010, Symantec signed a definitive agreement to acquire PGP Corporation and GuardianEdge Technologies Inc. for an aggregate sum of $ 370 Million. Symantec agreed to pay $70 million for San Mateo, Calif-based GuardianEdge and $300 million for Menlo Park, Calif.-based PGP. The agreements are subject to regulatory approvals and are expected to close during the June quarter. After the closure of these deals Symantec plans to integrate the two vendors’ platforms into its very own centralized management platform - Symantec Protection Center (SPC).

Significance of the deal

PGP and GuardianEdge are substantial vendors in the encryption space having a combined revenue of $ 93 million for LTM ending March 31, 2010. In addition, both the acquired entities currently have an OEM relationship with Symantec Corp. GuardianEdge Hard Disk Encryption and Removable Media, complements Symantec’s Endpoint Protection Suite as well as the Altiris Total Management Suite. PGP’s encryption technology, meanwhile, resides in the Symantec Data Loss Prevention offerings, which are based on the former Vontu solution. After the deal closure the integration issues for Symantec are expected to be minimal. The twin acquisitions largely expand Symantec’s addressable market. It also provides greater cross-selling opportunities for Symantec’s global sales team and it’s extensive partner network. PGP Corp has a strong customer base of around 110,000 corporate clients and more than 1 million individual clients. Whereas, GuardianEdge has significant penetration in the government and healthcare verticals. The most important aspect of these acquisitions is the augmentation of Symantec’s existing security portfolio with comprehensive and proven data protection technologies which will help them fuel growth and market share.

Why the need of acquiring two competitive vendors?

Currently the Encryption market is very fragmented with lots of sub segments (basically functionalities) and niche vendors. Even though PGP and GuardianEdge have some product overlap they are pretty good in their respective product functionalities. PGP has a comprehensive protection suite for Full Disk encryption, file/folder encryption, email encryption, mobile protection as well as strong policy-based key management. Whereas, GuardianEdge is good at providing removable media protection, device control and device control audit. Combining these two portfolios will provide a strong end-to-end data protection suite for Symantec. It is clearly visible from Symantec’s past couple of acquisitions that the company aims to address the end-to-end concept and should eventually end up leveraging its market leadership position. The perfect examples are Symantec’s acquisition of Vontu in Data Loss Prevention (DLP) space and MessageLabs acquisition in the hosted messaging security space.

Symantec’s likely integration roadmap

As pointed earlier, although the two acquired entities have some product overlap it doesn’t pose much of a product harmonization issue for Symantec. TekPlus believes that Symantec will go for best of breed or look at minimal disruption caused to the existing install base while selecting products or more appropriate functionalities from the two entities. Before going into the integration roadmap let’s just look at what these two vendors bring to the table.

Table 1: Product Mix of PGP Corp. and GuardianEdge Technologies Inc.              Source: TekPlus

Integration Roadmap

Phase 1: Integration of both vendor’s product suites and harmonization of product portfolio.

Phase 2: Integration of harmonized product suite with PGP’s Policy Management and Key Management Console.

Phase 3: Subsume Policy Management and Key Management Console into a broader Symantec Protection Center (SPC).

Phase 4: Bundling/Integration of end-to-end Encryption suite with Symantec’s existing offerings - Endpoint protection suite, Data Loss Prevention, Gateway Security, Hosted Messaging Security, Cloud services, Backup & Recovery etc.

Tek-Advice

As part of Symantec’s information centric approach to security, integrating encryption technologies and PGP’s key management platform into the Symantec portfolio will help the vendor to better address customer’s information protection concerns. If Symantec successfully demonstrates that it can continue to improve in integrating its acquisitions, as it did with DLP vendor Vontu it can be a huge growth opportunity for Symantec. Customers can get a consistent key management experience to more efficiently manage their information security and that too at reduced TCO.

Existing customers of PGP and GuardianEdge should continue doing business with each respective company as per usual. However existing customers of GuardianEdge Full Disk Encryption and Mobiledevice encryption need to carefully assess their renewal plans as Symantec might replace these technologies with those from PGP.

Perspective customers looking for encryption suites should consider putting their project on hold until the deal goes through and a clear integration roadmap with timelines is presented by Symantec.

Expect a lot of bundled offerings from Symantec to existing as well as new clients - Endpoint protection Suite + Encryption suite, DLP + Encryption and so on.

Ask for a clear direction plan from your channel partner after the deal has closed and provide particular attention to the upgrade/renewal timeline. If not cost effective leverage the competitive plays of other vendors to bargain a smarter deal.

TekPlus believes Symantec will play smart and effectively price to hang on to the install base of GuardianEdge and PGP.

The Infrastructure landscape is changing to the next-generation and is increasingly impacting business processes and it’s critical component -’Information’ and how we configure, mesh, leverage and access it. This will only lead to more complexity and demand for a more holistic approach which we believe Symantec is positioned for. The above deal only enhances it further.

[From our Advisories]