Symantec's Identity Management Plans Tied To RSA's Deal For Symplified

Symantec tried to acquire Symplified months before its sale to RSA, The Security Division of EMC, in June, according to former Symantec CEO Steve Bennett.

In an interview with CRN in March prior to being ousted by Symantec's board of directors, Bennett said the company had been in negotiations to acquire Symplified, but the identity-as-a-service vendor was asking an "astronomical" price for its technology. Bennett, who was in the midst of downsizing the company, had called the platform a "diminishing priority."

As an early entrant to the market, Symplified had struck a licensing deal with Symantec, putting its technology at the core of Symantec's O3, which has been available in an on-premise virtual appliance or as a hosted or hybrid deployment option. Industry observers say the failure between Symplified and Symantec to strike a deal may have distracted Symplified and caused Symantec to rethink its O3 cloud identity gateway for access management and single sign-on. O3 has struggled to gain broad adoption against a growing number of identity-as-a-service vendors.

[Related: RSA Acquires Symplified Technology Assets In Fire Sale]

Michael Brown, Symantec's interim CEO, told financial investors in May that the Mountain View, Calif.-based vendor is assessing its product portfolio and would step away from technology areas where it would not be competitive. Identity and access management, however, remains a priority, according to a Symantec spokesperson in a statement issued to CRN late Wednesday.

"We have developed a proprietary single sign-on solution (SSO) and are working with existing O3 customers to transition to the future Symantec SSO solution. We will support existing O3 customers through the length of their contracts," the spokesperson said.

Symantec is in a market dominated by best-of-breed identity-as-a-service platform makers, including Okta, Ping Identity and Covisint, which are established market leaders that offer access management, SSO, and logging and reporting capabilities, according to research firm Gartner. Symplified, which entered the market in 2008, had lost momentum and brand recognition relative to its competitors, said Gregg Kreizman, a Gartner research vice president and author of the 2014 Magic Quadrant Report.

RSA said it took advantage of "an unexpected opportunity" when it acquired the Boulder, Colo.-based identity platform maker's technology assets in a deal that closed June 4. A spokesperson told CRN that RSA, Bedford, Mass., is retaining a limited number of engineers who will remain in Colorado and that RSA technology "will not have an immediate operational capability." The company will add the technology to its 2013 acquisition of Aveksa, a vendor of an on-premise identity management platform and a licensed SaaS-based single sign-on service.

Symantec was not nimble enough to invest and stay the course with disruptive technologies that wouldn't generate enough revenue, former Symantec CEO Enrique Salem said in an interview with CRN earlier this year. Salem, who joined Bain Capital Ventures, also serves on the board of cloud analytics and policy vendor Netskope. At the time, he said a successful new unit at Symantec would need to make $350 million to $700 million in revenue on an incremental business. Cloud security and analytics initially would generate about $10 million from early adopters, he said.

NEXT: Cloud Identity And Access Management Disruption

Symplified may be a victim of not being able to keep pace with how quickly identity and access management vendors are moving to address cloud identity issues, said Tyson Kopczynski, a security solution principal at Slalom Consulting in San Francisco. All the vendors in the space are marching toward a common convergence road map, Kopczynski said, adding that there could be further disruption as purchasing increases.

"For larger organizations, given that complex [identity and access management] projects can take a large amount of effort and time, they will be looking for vendors that have strong legs," Kopczynski said. "But, at the same time, they are willing to hedge some bets if the vendor brings innovation to the table that removes some of the complexities typically found with [these] solutions."

Symplified was undifferentiated and lacked the install base of its competitors, said Tim Hopkins, certified technical architect at Portland, Ore.-based cloud consulting firm and services provider NTT Centerstance, who evaluated the vendor as a potential technology partner. Centerstance currently partners with Ping Identity, Hopkins said, adding that he sees further market consolidation ahead.

"There's a very real market for these kind of platforms where they offer differentiated capabilities to the enterprise and go beyond the basic [identity and access management] capabilities that most organizations already have," Hopkins said. "SSO technologies, while important at the foundational level, don't reach the higher-level orchestration, interoperability and governance functionality that enterprises typically need."

Tom Kemp, CEO of Santa Clara, Calif.-based identity and access management vendor Centrify, said Symplified's platform didn't have the ability to scale. Newer competitors, including Centrify, addressed issues that limited scalability, he said.

"Symplified is a great example of a vendor who was a first generation in a new market [and] subsequent vendors [then] built better architectures and, in effect, learned from first-generation vendors' mistakes," Kemp said in an email. "In the case of Symplified, they built an on-premise appliance and, when they moved to the cloud, they ported their appliance to the cloud and in effect offered a single tenanted architecture."

Symantec partners, who have endured a complete overhaul of Symantec's internal sales and support organization over the past year, told CRN that the company's focus on the product portfolio is long overdue. Clients and potential clients are aware that the company is going through a transition and see the leadership changes, but there's also awareness that Symantec needs to remain relevant with market-leading products, said Paul Deur, a principal at New York City-based Eden Technologies, a Symantec Platinum partner.

"Recognizing their heft and weighted solution stack across number of different areas, it makes sense for us that they would pare down certain areas," Deur said. "Growing pains often result from modifications to the changing landscape, and Symantec working through and around those changes is a positive sign to us."

PUBLISHED JULY 17, 2014