Today, PGP announced that it plans to acquire TC Trust Center and ChosenSecurity. Never heard of them? You are not alone. Basically, TC TrustCenter and ChosenSecurity provide Software-as-a-Service (SaaS) for Internet-based trust relationships.

Okay, some of you may think that this is simply a way to spin PKI (public key infrastructure) into marketing-speak and you are right to some extent. Why bury the PKI lead? Unfortunately, there is stigma around PKI that has lingered for years. In the past, few applications supported PKI and enterprise PKI servers were simply too difficult to install and manage. Yes, security professionals understand the benefits of PKI, but they were scared to death of it thanks to implementation, customization, and administration horror stories.

TC TrustCenter and ChosenSecurity didn’t change PKI, they simply mastered it and made it virtually transparent to customers. As a result, PKI can be embedded into applications, identities, and systems as a service.

To me, this acquisition has upside potential for PGP far beyond existing business growth because:

1. PKI may be the perfect SaaS offering: It offers tremendous value without the resource commitment in skills, product acquisition, administration, etc.
2. What’s one of the things that is broken on the Internet? The element of trust. If I don’t know if a site is trustworthy, how can I be sure if downloaded software will perform as advertised or turn my system into a zombie? The same holds true for systems, individuals, transactions, etc. PKI, if implemented and managed correctly by a trusted third-party, can help address this problem.
3. In my humble opinion, PKI as a service will be baked into a lot of things in the future (like cloud computing, for example).
4. I don’t know how much business PGP does with the U.S. federal government or other national governments now, but it just put itself in a position to do a heck of a lot more.
5. Finally, when we encrypt most of our data in the future, someone will have to manage millions of net new encryption keys. PGP is now in a position to act as a key management or key escrow service.

I could go on and on, but I won’t. I’ve always been one of few fans of PKI, so PKI as a service brings out the excitable geek in me. Obviously, some of the folks at PGP share this enthusiasm.

Related posts:

1. Symantec Bolsters Public Sector Offering with Acquisition of Gideon Technologies
2. Symantec Moving to Define an Encryption Architecture
3. Making Sense of Intel and McAfee: What this Acquisition is and is not.
4. Feedback on The National Strategy for Trusted Identities in Cyberspace
5. Symantec + Verisign = Cloud Security

Tags: Cloud Computing, Federal Government, PGP, PKI, SaaS