Contact: Brenon Daly
When we look back at VeriSign’s two-year period of jettisoning unwanted businesses, we can only marvel at how it saved the best for last. The divestiture of its identity and authentication division to Symantec for $1.28bn caps a massive process of unwinding the previously misguided acquisitions of former CEO Stratton Sclavos. The longtime chief executive had used the money that gushed from VeriSign’s core registry business to buy his way into markets that were pretty far afield, such as mobile messaging and telecom billing.
Indeed, the scale of VeriSign’s divestitures is unprecedented among technology vendors, with the company dumping seven businesses in 2009 alone. (It’s interesting to note that while Morgan Stanley handled at least three of the divestitures last year, JP Morgan Securities banked VeriSign on the big sale of its security unit.) The company had seemingly wrapped up the grueling process last fall, telegraphing to Wall Street that it liked its two remaining businesses: registry and security. For that reason, the sale of the security division came as a bit of a surprise, the rumors of the divestiture earlier this week notwithstanding.
The sale also came at a substantial premium to virtually all of the other divestitures that VeriSign has closed. While the other divisions were lucky if they went for 1 times sales, the security business is going to Big Yellow for 3.5x sales. (More representative of the divestiture process is the 1x sales that VeriSign received when it sold its managed security services business to SecureWorks a year ago.) On a cash-flow basis, we understand that Symantec is paying about 10x EBITDA, which is roughly twice the valuation of most corporate castoffs.
As we see it, there are two basic reasons for the security division to fetch such a premium. For starters, it hummed along at a mid-20% operating margin. (Granted, that’s lower than VeriSign’s core registry business, but it’s still a level that most companies would envy.) But more importantly, we understand that Symantec actively sought out the VeriSign business, and indicated that it was a serious suitor right from the outset. Certainly, the pairing makes sense. As my colleague Paul Roberts points out, Symantec significantly bolstered its offering around cloud identity, broadening the reach of its policies around data protection, threat monitoring and compliance with enhanced authentication.