On 7 July 2009, the managed security services provider (MSSP) SecureWorks announced that it has completed its acquisition of VeriSign's managed security services (MSS) business, which VeriSign announced that it planned to divest in December 2007. The acquisition agreement does not include VeriSign's iDefense security intelligence offering, which VeriSign plans to retain, or its security consulting business, which it plans to divest separately. However, the agreement includes a provision for data sharing between the iDefense security intelligence business and SecureWorks.

This announcement represents a largely positive development for current VeriSign MSS clients and for enterprises considering the VeriSign MSS offering. Gartner clients have expressed concern about the future ownership and ongoing viability of this business, despite some VeriSign investments. The SecureWorks deal definitively answers the question "Who will own it?" But another, larger question has yet to be answered: "What will the change in ownership mean?"

Gartner believes this acquisition is likely to prove successful. Both SecureWorks and VeriSign have strong reputations for security expertise and quality MSS delivery. Both providers have experience from prior acquisitions, and both have "pure play" MSS cultures, which should limit the inevitable "brain drain" that occurs after mergers and acquisitions. SecureWorks has security intelligence capabilities that will complement its access to iDefense data and help to ensure continuity and service for existing customers. SecureWorks will move outside the North American market with this acquisition — VeriSign also has some large international enterprise clients — and plans to retain VeriSign's partnerships in Spain/South America and the Middle East and add more in Europe and Australia.

However, this announcement has elements that will need to be watched carefully: Both providers have purpose-built MSS delivery technology for functions including event acquisition, correlation, reporting and workflow. SecureWorks must rationalize both back-end service delivery platforms and service portfolios to minimize service disruptions. Moreover, the two providers have differing service-level agreements (SLAs) with their current clients, and the long time period between VeriSign's announcement of its divestiture plans and the SecureWorks acquisition gave VeriSign clients acquired during that period the opportunity to drive hard bargains — and SecureWorks, which has now inherited those terms, will need to address differing customer commitments for both ongoing service and renewals.

Current VeriSign MSS clients:

• Review SLAs and demand assurances that deployment and upgrade delivery targets will be met.

Current SecureWorks MSS clients:

• Monitor service levels closely and react rapidly to any decline in service quality or timeliness.
• Review opportunities to take advantage of new or upgraded services available as a result of this acquisition.
• Request that SecureWorks deliver and update on technology and service integration plans within 90 days (earlier if entering a renewal planning phase).

Prospective SecureWorks MSS clients:

• Consider a timeline for integration of VeriSign's MSS offering to be a prerequisite for moving ahead on a deal with SecureWorks.

• "Magic Quadrant for MSSPs, North America” — Enterprise MSSP use grew steadily in 2008, and macroeconomic conditions and security threat trends will cause that growth to continue in 2009. By Kelly Kavanagh and John Pescatore
• "The Global Managed Security Services Provider Landscape” — Enterprises considering MSSPs have a wide spectrum of choices, from global players that offer common services worldwide to smaller providers with local expertise. By Carsten Casper and others

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)