IBM, VeriSign Forge E-Commerce Security Strategy

IBM (NYSE: IBM) andVeriSign(Nasdaq: VRSN) are teaming up to boost e-commerce security by developing newproducts and services for their big-business customers.IBM will supply the software and infrastructure, andVeriSign will contribute its expertise in Web identity,authentication and online payment.

“If IBM plans on offering an authentication servicewith VeriSign’s credentials, to me that’s news,” Gartner analystRichard Stiennon told the E-Commerce Times.

“It willoffer a way for customers of the two to be able toauthenticate subscribers to their Web sites or theirown employees,” Stiennon said.

Online Authentication

Among the services the two companies expect to develop aresecurity systems for messaging, extranets, intranetsand e-commerce sites. VeriSign will use its public keyinfrastructure (PKI) technology, which encrypts dataand verifies the identity of online shoppers, and IBMwill offer its high-level security software, TivoliPolicy Director.

The first new service developed by the partnership,scheduled for release in mid-2002, willcombine online identity authentication, Web singlesign-on, digital signatures and online authorization.

Not Going To Happen

While the proposed authentication system will workwell for enterprise customers and intranets, Stiennonsaid he has reservations about whether it will work for consumere-commerce.

“Authentication for e-commerce can be areally hard nut to crack because you have to get everymerchant to integrate with your solutions,” Stiennonsaid. “If anybody had an edge, it would be VeriSign,but it’s just not going to happen for a while, if ever.”

Even offering single sign-on — which allows onlineshoppers to enter a name and password once and then berecognized at every site they visit — would be aformidable task, according to Stiennon. “It works for theenterprise, but for consumer e-commerce it would beclose to impossible to do,” he noted.

Name Recognition

Despite challenges on the e-commerce side, thedeal is an important one for VeriSign, which will gainaccess to IBM’s vast stable of corporate customersthrough the Global Services Group. VeriSign also stands to gainname recognition through its association with a product designed to become the standard for Web security.

“As businesses increasingly use the Internet fore-business, consumers are beginning to look for thedigital ‘signposts’ that ensure trusted commerce andcommunications,” said Stratton Sclavos, president andCEO of VeriSign.

So far, developing a clear brand identity has been a challenge for VeriSign because the company is involved in severaldifferent types of Web ventures, including security,domain names and online payment systems.

Security Focus

This is just the latest deal VeriSign has forged in aneffort to increase its reach in the online securityfield. In September, along with EBay (Nasdaq: EBAY), SunMicrosystems (Nasdaq: SUNW) and AOL Time Warner (NYSE:AOL), Verisign became a charter member of the LibertyAlliance, a group formed to create an openstandard for network identity, including singlesign-on.

For its part, having access to VeriSign’s technologywill enable IBM to expand its security offerings. OnNovember 19th, IBM announced its intention to expandits information security and privacy services andlaunched a partnership with security company Kroll.