Symantec expands SSL market with offerings and services

Stefanie Hoffman suggests SSL may not remain an also-ran for much longer

Secure Socket Layer (SSL) certifications might be considered a niche market requiring specialised expertise, but in this space Symantec is playing hardball with a massive launch that could upen new doors for channel partners.

Opportunities may range from entrance into untapped enterprise verticals to new service options that take the offering further downstream.

Now the California-based security firm is bulking up its SSL prowess, revamping its existing holdings with new algorithms, code-signing techniques and a spate of new service options.

The launch isn't outside Symantec's purview. The security firm has for years held the lion's share of the SSL market, garnered largely from its 2010 purchase of SSL certificate authority VeriSign. But why SSL and why now? A lot of reasons.

For one thing, new federal regulations are paving the way for market expansion. Up until recently, SSL was restricted to RSA 1024-bit certificates. However, new government regulations enacted by the National Institute of Standards of Technology have required web sites to migrate from the old RSA-powered certificates to 2048-bit certificates by January 2014.

Also, tightening compliance regulations and a spate of notorious, high-profile SSL attacks have given the market a strong and swift boost, Symantec said.

The mandatory RSA 2048 migration will expand the market and open a lot of doors -- largely because it bolsters SSL with better security that may renew customer interest and confidence in the market.

Symantec got a bit of a head start by embarking on this transition last year. Outpacing the mandate enabled it to bulk up its SSL portfolio, ahead of the industry curve and competitors. That will give partners a leg-up when helping customers to move to the latest certificates.

However, the most significant component of the launch may be the introduction of multi-algorithm SSL certificates, which give customers the ability to choose between RSA, Elliptical Curve Cryptology (ECC) and Digital Signature Algorithm (DSA) options.

That range of choices will give partners the ability to boost their SSL security prowess and hone offerings for customers looking to add enhanced security and operational efficiency to their web applications.

Quentin Liu, senior director of engineering at Symantec, told Channelnomics: "RSA is by no means a bad algorithm, but there are other vectors at play."

ECC comes equipped with more robust security mechanisms, improved server performance, server-to-desktop performance, and response time, and has been touted as 10,000 times more difficult to break into than RSA 2048-bit keys.

It's also more scalable, and can handle billions of connected endpoints. ECC's enhanced security, efficiency and scalability add up to an attractive offering for large enterprise customers, especially financial services, government agencies and other organisations requiring higher security to protect critical data and comply with increasingly stringent regulatory mandates.

Symantec finalised its roll-outs with myriad new service options. Among them were a host of new management and automation capabilities for its Certificate Intelligence Center cloud offering.

The firm also released a secure app service offering a hosted code-signing service for companies and app stores for security third-party or their own applications. An advertising and media service, dubbed AdVantage, enables monitoring, notification and forensic capabilities that detect or alert users and remediate "malvertising" (the use of online advertising to spread malware - Ed) attacks.

For the channel, it all boils down to rejuvenated opportunities in a market that had reached a point of saturation, if not commoditisation.

This massive launch came a week after Symantec rolled out a comprehensive set of channel SSL certifications that enable partners to reach a broader range of market segments and verticals to propel expansion.

The market had a few strikes against it. Over the last few years, a spate of highly publicised attacks not only resulted in thwarting SSL as an industry, but prompted users to question the value of SSL certificates at all.

An attack against certificate authority DigiNotar in 2011 left major tech firms such as Google, Microsoft and others scrambling in a massive and expensive effort to revoke a maelstrom of rogue certificates.

However, new SSL options and refreshed government regulations will go a long way to putting the market back on its feet. That spells opportunity for channel partners, who can break into new enterprise verticals or return to existing customers with a new set of options that incorporate their own set of reassurances.

Stefanie Hoffman is West Coast editor and senior associate at Channelnomics

As part of our special editorial partnership, CRN is publishing this recent article from Channelnomics.