Digital SSL Market Heats Up with Comodo, DigiCert-Symantec M&A

The SSL vendor market is heating up as IoT devices will require authentication and traffic flowing between devices will need to be encrypted.

Lynn Haber

October 31, 2017

6 Min Read
Cybersecurity Shield


Lynn Haber

**Editor’s Note: Please click here for a recap of the biggest channel-impacting merger and acquisition news from August.**

Two digital SSL vendors on Tuesday dropped significant M&A news — private equity firm Francisco Partners acquiring a majority stake in Comodo CA, and DigiCert closing its acquisition of Symantec’s Website Security and related PKI solutions.

Back in August, private equity firm Thoma Bravo first announced the $950 million acquisition agreement and plans to merge the Symantec business with DigiCert, which it owns. By shedding their respective digital SSL businesses, both Comodo and Symantec can focus more on their endpoint-security and other security-products business.


Comodo’s Melih Abdulhayoglu

“Comodo has long been a valued, trusted and innovative leader in the digital-certificate space,” said Francisco Partners founding partner and CEO Dipanjan Deb. “This is demonstrated by 15 years of consecutive growth that was only made possible by leadership and product teams that keenly understand the market and their customers.”

Melih Abdulhayoglu founded Comodo Group in 1998 and Comodo CA was the first business of the Comodo brand, which eventually expanded into other areas of security.

“Today starts an exciting era for the current customers and partners of both Symantec and DigiCert,” said DigiCert CEO John Merrill. “For Symantec customers, they can feel assured that they will have continuity in their website security, and that we will provide a smooth transition. Our customers and partners will benefit from our accelerated investment in products and solutions for SSL, PKI and IoT. DigiCert will also lead to shape PKI security standards through our participation in industry-standards bodies to ensure our customers stay at the forefront of security practices.”

Abdulhayoglu gave a couple of reasons for selling Comodo CA. First, it shores up the company’s position in the changing security certificate marketplace, particularly in light of DigiCert’s Symantec buy. Second, it gives the company’s CEO more time to invest in the other Comodo businesses. Abdulhayoglu also is the founder of industry-standards organization CA/Browser Forum.

In the short time since Francisco Partners and Comodo have been in talks, Abdulhayoglu said that it has already made a huge difference for positioning the company for IoT and enterprise.

“We did not have the full enterprise capability in terms of our sales and marketing. With Francisco Partners, and the breadth of management available, they were able to bring in enterprise-class sales, marketing and product management to take the innovation that we have already and turn it into enterprise as well as an IoT business,” he told us.

By contrast, a combined DigiCert-Symantec has customer breadth across the board. In fact, according to Garrett Bekker, principal security analyst at 451 Research, Symantec was the clear market leader in terms of revenue positioning the company three to four times bigger than its closest competitor. The DigiCert acquisition makes the company the de facto leader in this market in terms of revenue. Symantec, DigiCert and Comodo were among the top three players in the market. Other vendors in the space include Entrust Datacard and GlobalSign.

DigiCert’s Symantec grab was partly a market consolidation move, given that Symantec was the top revenue producer. At the same time, Symantec had racked up debt to the tune of $7.5 billion in recent acquisitions and its website-security and related PKI solutions business wasn’t strategic to its future objectives. At the same time, with the sale of its digital-certificate business to DigiCert, Symantec passes along a controversy over what Google claims were improprieties having to do with …

… questionable website-authentication certificates issued by Symantec’s PKI business. As a result, a Google Chrome team and the PKI community came up with a plan to reduce, and ultimately remove, trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web, according to this Google blog.


DigiCert’s Flavio Martins

Flavio Martins, executive vice president, support and validation, at DigiCert, didn’t shy away from the Google controversy.

“In terms of the Google relationship, we’ve been transparent with Google’s team in terms of what our approach is to address their requirements. We not only agreed to meet the deadlines that they set, but we’re actually ahead of schedule in terms of the implementation of that. We see that as a positive step forward in making sure that as we look to transition Symantec customers to DigiCert’s certificate platform, there’s no interruption and very little that they’d have to do. The process will be seamless from the customer standpoint,” he explained.

There hasn’t been a mass exit from the company as the Google debacle has unfolded, according to Martins.

“We’ve been in close contact with customers throughout this process,” he said.

Digital certificates are a steady and profitable business that’s been around for years, while maybe not a high-growth business compared to other areas of security. That said, there’s a lot going on that Bekker says makes digital certificate business notable.

“[That’s] thanks to concerns of the NSA and government of the past few years, and a lot more website traffic being encrypted – about 50 percent of all website traffic – and that’s likely to increase over the next year, driving up the demand for digital certificates,” he said. Looking a bit further ahead, IoT is expected to be a big driver and emerging market for digital certificates.

Regarding IoT, “You’re going to need some way to authenticate IoT devices, which are going to be in the billions if not trillions, and the traffic flowing between devices will need to be encrypted,” Bekker said.

The channel – VARs, MSPs, IT solution providers, IT integrators, Web hosting companies, for example – is a big part of the digital-certificate market, selling a lot of SSL certificates to their customers. Bill Connor, chairman of the board of directors, and president and CEO of SonicWall, said that the channel is strategic to Francisco Partners.

“We’re also seeing more interest from new channels, that quite frankly, feel that they have been let down because of what’s happening on the West Coast [referring to the Google-Symantec issue].”

Martins agreed that partners are strategic to the company’s go-to-market strategy.

“Partners oftentimes leverage their unique customer relationship because they understand the exact needs of niche markets in terms of their end customers. Partners also understand the technology that we develop in our platform and marry those two into addressing the needs of the customer,” he said.

Symantec has focused on the enterprise partners; DigiCert worked more with SMB-size partners, he noted.

Read more about:


About the Author(s)

Lynn Haber

Content Director Lynn Haber follows channel news from partners, vendors, distributors and industry watchers. If I miss some coverage, don’t hesitate to email me and pass it along. Always up for chatting with partners. Say hi if you see me at a conference!

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like