Secure Socket Layer certifications might be considered a niche market requiring specialized expertise. But in this space Symantec Corp. is playing hardball with a massive launch that aims to expand the market, opening new doors to channel partners that range from entrance into untapped enterprise verticals to new service options that take the solution farther downstream.
Now the Mountain View, Calif,-based security firm is bulking up its prowess in SSL, revamping its existing holdings with new algorithms, code-signing techniques and a spate of new service options.
The launch isn’t outside Symantec’s purview. The security firm has for years held the lions share of the SSL market, garnered largely from its 2010 purchase of SSL certificate authority VeriSign. But why SSL and why now? A lot of reasons.
For one, new federal regulations are paving the way for market expansion. Up until recently, SSL was restricted to RSA 1024-bit certificates. However, new government regulations, recently enacted by the National Institute of Standards of Technology, have required Web sites to migrate from the old RSA-powered certificates to 2048-bit certificates by January 2014. But also, tightening compliance regulations and a spate of notorious, high-profile SSL attacks have also given the market a strong and swift boost, Symantec said.
But in particular, the mandatory RSA 2048 migration is a move that will expand the market and opens up a lot of doors – largely because it bolsters SSL with better security that will likely serve to renew customer interest, and confidence, in the market.
Symantec had a bit of a head start by previously embarking upon the transition last year. But outpacing the mandate enabled it to bulk up its SSL portfolio, and put it a few strides ahead of the industry curve and competitors. That in turn will give partners a big leg up when helping to transition customers to the more powerful certificates.
However, the most significant component of the launch will likely be the introduction of multi-algorithm SSL certificates, which give customers the ability to choose between RSA, Elliptical Curve Cryptology (ECC) and Digital Signature Algorithm (DSA) options. That broad range of choices in turn will give partners the ability to boost their SSL security prowess and uniquely hone offerings for customers looking to add enhanced security and operational efficiency to their Web applications.
“RSA is by no means a bad algorithm, but there are other vectors at play,” Quentin Liu, Symantec senior director of engineering told Channelnomics.
In particular, the former, ECC, comes equipped with more robust security mechanisms, along with improved server performance and server-to-desktop performance and response time, and is touted as 10,000 times more difficult to break into than RSA 2048-bit keys.
It’s also more scalable, with the ability to handle billions of connected endpoints. The enhanced security, efficiency and scalability features in ECC all add up to an attractive offering to large enterprise customers, especially financial services, government agencies and other organizations requiring elevated security in order to protect critical data and adhere to increasingly stringent regulatory compliance mandates.
Symantec finalized its roll-outs with a myriad of new service options. Among them were updates to its Certificate Intelligence Center cloud offering that infused the service with a host of new management and automation capabilities.
The security firm also released a secure app service offering hosted code-signing service for companies and app stores for security third-party or their own applications. And the comprehensive service launch also included its advertising and media service, dubbed AdVantage, enabling monitoring, notification and forensic capabilities that detect, alert users and remediate malvertising attacks.
For the channel, it all boils down to rejuvenated opportunities in a market that had reached a point of saturation, if not commoditization.
The massive launch follows a week after Symantec rolled out a comprehensive set of channel SSL certifications, that enabled partners to reach a broader range of market segments and verticals and propel the industry’s expansion.
Meanwhile, the market had a few strikes against it. Over the last few years, a spate of highly publicized attacks had not only resulted in thwarting SSL as an industry, but prompted users to question the validity of SSL certificates at all. Most notably, a major attack against certificate authority DigiNotar in 2011 left major tech firms such as Google, Microsoft and others scrambling in a massive and expensive effort to revoke a maelstrom of rogue certificates.
However, new SSL options and refreshed government regulations go a long way to putting the market back on its feet. And that spells opportunity for channel partners, who can break into new enterprise verticals or return to existing customers with a new set of options that also come with their own set of reassurances.
Leave a Reply