SearchSecurity’s Robert Westervelt writes that today Allen sees the technology in a different light. No matter if its whole disk encryption, e-mail encryption, or transaction encryption, security vendors are integrating the technology as a feature in larger security suites. So when Symantec announced its intention to acquire PGP and GuardianEdge, arguably the most widely recognized encryption vendors in the market (see “Symantec to acquire VeriSign unit for $1.28 billion,” 21 May 2010 HSNW), Allen says he did not bat an eye.

 

“The biggest advantage with any commoditization of security products is going to be cost and then hopefully more unified management,” Allen says. “[The acquisition] is an acknowledgement of where security is headed and the value of encryption as something that if you don’t have it in your portfolio, you’re going to be behind.”

Westervelt notes that Symantec paid $370 million for the two companies (and, in a subsequent acquisition, $1.28 billion for VeriSign). The deal would integrate both platforms with Symantec’s endpoint protection suite.

GuardianEdge has already long been used in the Symantec suite under an OEM relationship and the PGP encryption technology is already part of Symantec’s Data Loss Prevention products.

Baylor is a Symantec customer, putting the university even more strategically aligned with the security giant, Allen says. Security components that can be centrally managed could be a key benefit by the new relationship, he says.

“Any time you have a company that falls outside of the big five or so security companies out there you know there’s potential for this,” Allen says. “I would hope that we would be able to see them leverage the best part of PGP in conjunction with the Symantec platform.”

Michael Osterman, principal of Osterman Research Inc., says encryption has been a growth market, fostered by increasingly stringent regulations from data breach notification laws, now in more than forty states, and tougher Health Insurance Portability and Accountability Act (HIPAA) rules, to the Payment Card Industry Data Security Standards (PCIDSS).

“When people think of endpoint security of any kind they’re going to be looking at encryption as a key component,” Osterman says.

Integrated encryption features in DLP products could enable content inspection at the endpoint to include some form of manual or automated encryption if sensitive data is discovered leaving the company network, Osterman says. The technology is being similarly used in email gateways. Even more compelling, however, are cloud-based encryption platforms, he says. Zix Corp. and Approver offer email encryption services and there’s no reason why the technology couldn’t be extended to other areas, he says.

“Further down the road we’ll see encryption out of the hands of end users and part of a policy management system that allows the IT administrators or senior business mangers to say what should and shouldn’t be encrypted,” Osterman says.

Encryption has been making its way into larger endpoint security suites for several years, says Mike Rothman, analyst and president of Phoenix-based Securosis LLC.

Westervelt writes that Symantec rival, McAfee Inc. has been on a similar track with encryption. It acquired SafeBoot in 2007 and uses the encryption technology in its endpoint protection suite. Rothman says he expects Symantec to move in a similar direction as McAfee by creating a centralized management console in which all policies can be created and maintained across the product line. With the acquisition, Symantec also has an opportunity to inject encryption into its Veritas line of storage products.

“I don’t treat encryption as a standalone thing,” Rothman says. “There’s database encryption, disk encryption, email encryption and encryption infrastructure and application level encryption all generally built into other specific systems.”