May 17, 2006

CA market consolidates - Verisign to buy Geotrust

The certificate market is moving back towards one large player - Verisign is buying Geotrust for $125 million (PDF only so far.)

VeriSign Inc, the leading provider of intelligent infrastructure services for the Internet and telecommunications networks today announced it has entered into a definative agreement to purchase Needham, MA-based GeoTrust, Inc., a leading supplier of SSL and other solutions to secure e-business transactions, approximately $125 million in cash. The acquisition is subject to regulatory approvals and other conditions and is expected to close in the second half of this year.

The acquisition of GeoTrust extends VeriSign's mission to enable and protect all forms of networked interactions, and addresses the needs of an evolving SSL market. GeoTrust's well developed channel of more than 9.000 direct resellers in more than 140 countries will complement VeriSign's direct-sales SSL business, currently serving more than 3,000 enterprises worldwide.

I had predicted that Verisign would get out of the market for certs - I guess this says I'm wrong in the prediction, but the consolidation bears out the fundamentals. What we are looking at is a market that doesn't sell enough to make sense, so it is either "get out" or "monopolise it."

Over on SecuritySpace's CA survey, this takes the combined group of GeoTrust, Thawte, Verisign to a total of 110k servers, or 164k on their new market share report. Maybe more if they own some more CAs we don't know about... (Also, Verisign comments in their annual report something like 400k 462k sales per annum.)

If you take those numbers and multiply them out, you have a problem. If it is a vibrant, dog eat dog market in the $20-$40 area, we are looking at numbers under 10 million total revenues. That won't do. The only way to get the market up into the hundreds of dollars area that Verisign would like is to eliminate the low priced competition.

GeoTrust made a market in the last couple of years by aggressively expanding. Scuttlebut had it that they were the driving force behind much stuff like the High Assurance programme, and they had already taken the number one slot in raw numbers.

So maybe the structure of the market is shifting to one of "startup, get into browsers, issue like mad, cash out in the sale to Verisign." Nothing wrong with that, for the owners, but as always it has little to do with the risks faced by the average user.

Posted by iang at May 17, 2006 02:51 PM | TrackBack

In their latest SEC filings, verisign states they have a current installed base of 462,000 SSL certificates.

Posted by: nifty at May 17, 2006 03:48 PM

Being one of those 9000 resellers and one who (until recently) did a decent volume, we now cannot even sell Geotrust certs to most of our clients, because this year, mid contract, Geotrust changed their business model.

We sold certs to protect snooping and such and now those same certs have been converted to identity verification certificates. Everything is screened against government registrations now.

So we no longer really sell GT certs, but have moved to a $20 provider who does not care so much about ID, which in my mind is not what a SSL cert is in the first place.

Posted by: Anon at May 18, 2006 03:45 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.