(The following is part of the Standard's First To Market special feature) In the early days of e-commerce, one of the major barriers to online shopping was consumers' reluctance to hand over their personal information to an unknown and untrusted website. The nascent industry clearly needed a system that could reassure shoppers that their transactions would be protected. One company, VeriSign, saw an opportunity to establish itself as an authority for secure online transactions.
Andrew Jaquith, security program manager at Yankee Group, explains in an email interview with The Industry Standard how the security certificate provider got started in the 1990s, thanks in large part to innovations in the then-dominant Netscape browser.
"VeriSign was one of the first companies to understand the commercial significance of the Web browser," Jaquith says. "You have to remember that when the Web browser was first introduced, the first websites were almost all academic and institutional. Browsers were also 'stateless', meaning servers had no way of tracking what a user might be doing on the site, such as whether she was browsing the site, purchasing goods, or checking out. Only after Netscape introduced what it called 'magic cookies' in 1994 were servers able to track user state. Netscape also introduced Secure Sockets Layer in 1994, and these two inventions made online commerce possible."
Jaquith says that VeriSign emerged as a spinoff of RSA Security in 1995 and focused, at least initially, on securing SSL transactions by operating certificate authorities.
While VeriSign was one of the first certificate authorities, it wasn't the only game in town. Many others then saw the opportunity to introduce their own technologies and services to grab a share of the market.
Tim Callan, vice president of SSL product marketing for VeriSign, describes some of the company's early competitors and acquisitions. "Many public certificate authorities sprouted up shortly after VeriSign, and most of them are not in the business anymore," he says in an email. "Some of them have changed their business strategy (e.g. Cybertrust 'white labels' its roots to other companies that want to be in the SSL business); some have been acquired (e.g. VeriSign acquired early competitor Thawte); some have sold themselves to other companies who wanted to get into the business." One example is domain reseller GoDaddy.com, which bought technology from Starfield to create its own SSL brand.
VeriSign has issued 3,000,000 certificates since its inception. The company had $1.5 billion in revenue in 2007 and 4,250 employees. It is clearly the leader in this field. What are the secrets of its success? According to Jaquith, branding and a wide product portfolio helped. "VeriSign knew that in order for corporations to adopt SSL certificates, they would need to understand the value of 'trusting' the VeriSign brand, and in particular the certificates they issued," he explains. "VeriSign spent a lot of time and money evangelizing about the importance of SSL, and of their qualifications to be the best provider (e.g., secure data centers, patent portfolio)."
Jaquith says that from a business strategy standpoint, VeriSign did several things well. "First, they understood the value of tiered services: Class one, two, or three certificates all have different levels of assurance and therefore pricing. Now they have 'EV-SSL' [Extended Validation SSL] certificates, an even more pricey version for high-volume e-commerce sites. Second, they identified their core asset early -- secure data center and certificate issuance software -- and flogged it for all it was worth by developing related products that all exploited that asset. So, SSL certificates begat developer certificates, 'private label' certificate authorities, e-mail certificates, EV-SSL, [and so forth]. Third, they acquired some bargain-priced certificate authorities (Thawte and GeoTrust) to prevent their flagship brand (VeriSign) from being priced into the floor. This is a classic defensive strategy. By offering Thawte, VeriSign can compete with GoDaddy's $30 certificates without diluting the flagship VeriSign brand.
Despite its current lead, VeriSign still faces
Post new comment