Report: Symantec looking to offload troubled certificate business | CIO Dive
- Symantec Corp. is reportedly contemplating selling its website certification business, according to a Reuters report, citing sources close to the matter.
- The company is in talks with a few potential buyers and private equity firms, according to the report. Symantec declined to comment.
- The move comes after some struggles with its certificate business. Earlier this year, Google said Symantec failed to properly validate at least 30,000 Secure Socket Layer (SSL) /Transport Security Layer (TLS) digital certificates over the last several years and that it planned to gradually remove trust in old Symantec SSL certificates and reduce the accepted validity period of newly issued Symantec certificates.
Being on Google’s naughty list is not good for any company. At the time of Google’s report, engineers stated that they “no longer have confidence in the certificate issuance policies and practices of Symantec.”
Google has worked to increase its policing of certificates used in its browser. Earlier this week, Google said it plans to fully distrust certificates issued by Chinese Certificate Authority WoSign starting with Chrome 61. Google accused WoSign of a number of violations.
For Symantec, Google downgrading trust in the company was a blight on its reputation, so offloading that business could potentially help Symantec move on. But the move could also be indicative of a broader shift for Symantec.
Large established security vendors — including Symantec, Cisco, IBM, Check Point and Intel — have a harder time competing against emerging vendors like Palo Alto Networks, Fortinet, Trend Micro, FireEye and Forcepoint, according to a Technology Business Research (TBR) report released in February. Symantec could therefore be looking to streamline its business and find a new niche where it can compete more effectively.
With two recent acquisitions — Skycure, a company that focuses on mobile threat defense, and browser isolation company Fireglass — in less than a week, Symantec is working to diversify its portfolio.
[I am sure services like Let’s Encrypt, which has provided over 100 million free server side certificates, is also eating away from the commercial market. Starting next year Let’s Encrypt will be providing wildcard certificates. This allows for the use of one certificate for multiple sites (*.site.com covers a.site.com and b.site.com). Certificate management is a lot easier with them. Commercial certificate services charge a lot for them.]