Symantec announced two new acquisitions--PGP Corporation for approximately $300 million, and GuardianEdge Technologies for around $70 million. Purchasing these two established encryption providers will enable Symantec to take a more comprehensive approach to protecting data.
Symantec's press release announcing the acquisitions states "Encryption technology is an important element of an information-centric security solution, as critical information is increasingly on mobile devices and in the cloud. State and national governments are enacting more stringent and costly compliance mandates, such as the HITECH and UK Data Protection Acts, which are driving the need to encrypt sensitive information and protect an individual's privacy. Also, the increased costs and frequency of data breaches are driving the adoption of encryption as companies strive to mitigate risk and protect their critical information from cybercriminals."
"As information becomes increasingly mobile, it's essential to take an information-centric approach to security. Our market-leading data protection solutions provide the intelligence for customers to better understand what data is important, who owns it and who accesses it,"" said Francis deSouza, senior vice president, Enterprise Security Group, Symantec in the press release. "With these acquisitions we can further protect information by using encryption in an intelligent and policy-driven way to give the right users access to the right information, enabling the trust that individuals and organizations need to operate confidently in an information-driven world. We're now able to offer the industry's most comprehensive solution across encryption and data loss prevention for protecting confidential data on endpoints, networks, storage systems and in the cloud."
With PGP and GuardianEdge, Symantec can expand the scope of the security services it offers--providing customers with critical data encryption. Lost or stolen laptops, or servers are breached by unauthorized access do not also have to lead to compromised information if the data stored on them is encrypted.
Cloud data storage also requires encryption. Not only should the data be encrypted to protect it from unauthorized access, and as an additional layer of defense in the event that the third-party cloud storage provider's network is breached, but encrypting data implies an expectation of privacy and could be crucial in establishing Fourth Amendment protection for your data in the event that the cloud storage provider's assets are seized.
While Massachusetts and Nevada are unique in actually requiring sensitive information to be encrypted, almost every state has some form of data breach disclosure law in place. In many cases, encryption of data is at least implied in the requirements under the data breach disclosure laws, and even where not implied having encrypted data may obviate the need to disclose a data breach occurrence.
"What I really like about these acquisitions is that they go well beyond PC full-disk encryption alone," said Jon Oltsik, Principal Analyst at Enterprise Strategy Group--quoted in the Symantec press release. "With PGP and GuardianEdge, Symantec gets a geographically-dispersed install base, a leading standards-based key management platform, a PKI SaaS offering, a strong government presence, and encryption coverage from mobile devices to mainframes. Yesterday, Symantec was lagging in encryption and key management and today, with PGP and GuardianEdge, it is now able to provide leading solutions worldwide."
Symantec has built its security software and services empire on a foundation of mergers and acquisitions. Acquiring established entities can be a shortcut to providing new technologies for customers, but the integration doesn't always go as smoothly as initially envisioned.
Reinventing the wheel and building an in-house solution from the ground up ensures a more seamless fit with the existing inventory, but it can take a substantial amount of time and money to invest in R&D to develop something similar to what an existing provider is already delivering. There are certainly pros and cons to both in-house R&D, and to mergers and acquisitions.
The Symantec acquisitions have to go through the standard shareholder and regulatory approvals before becoming official. Symantec expects the deals to be finalized during the June quarter.