New owners to expand Comodo CA presence in enterprise and IoT digital certificate space

Comodo had an extensive hoster and MSP channel before being acquired, and the new leadership team brought in by Francisco Partners will be expanding the channel, especially among enterprise resellers with vertical focus, and into the Internet of Things.

Bill Conner, Comodo CA’s new Chairman of the Board

Private equity firm Francisco Partners has acquired a majority stake in Comodo CA, Comodo’s certificate authority business, which they see as poised for accelerated growth. Terms of the deal were not announced. The new management team has a distinct Entrust flavour. The new CEO, Bill Holtz, was COO of Entrust. The new Chairman of the Board is Bill Conner, who is also CEO of SonicWall – another Francisco Partners company. Conner was also previously the CEO of Entrust. Melih Abdulhayoglu, the CEO of Comodo Group, and also a founding member of the CA [Certificate Authority] /Browser Forum, will retain an ownership stake in the new organization, and remain a Board Observer of Comodo, which was the original company within the Comodo Group, and which will remain a separate company.

The Comodo CA announcement comes on the same day that two other competitive businesses in the same space made news, with the finalization of DigiCert’s acquisition of Symantec’s Website Security business. That’s hardly a coincidence. Comodo CA is looking to highlight what they see as enormous opportunities in the space, as well as what they see as their competitive advantages.

“Clearly the space is under siege and going through a lot of volatility with whole Google-Symantec thing,” said Bill Conner, referring to Google claiming Symantec’s lax procedures for issuing digital certificates resulted in 30,000 certificates being improperly awarded by organizations Symantec recognized as Registration Authorities. This lead to Google threatening to stop recognizing Symantec certificates. Ultimately those companies agreed that Symantec would reissue all certificates by December 1, 2017, an obligation which has been assumed by DigiCert.

“When Google took a hard line on that with Symantec, Francisco Partners saw that as an opportunity,” Conner said. “This is a net-new space for them, but not for Bill Holtz and myself. “We believe that the Google-Symantec controversy will cause a lot of churn, because of Symantec’s inability to maintain its trust infrastructure. We see this as an opportunity to take the Comodo CA platform upmarket and give it a stronger enterprise play than it has in the past.”

Conner said that the Google-Symantec controversy has shaken confidence in trust infrastructure, which should help Comodo CA because of the way Symantec handled their issue compared to how Comodo handled a similar problem that resulted from a nation state attack five years ago.

“When Comodo was hit by that nation state, they went back to the browser form, remediated it and cleaned it up,” he said. “Melih was very involved with that. In contrast, Symantec was giving out false certificates and Google had to push them to get their Root CA Certificates cleaned up.”

Comodo CA’s Melih Abdulhayoglu

“Every company has problems – it’s how you deal with them that matters,” said Melih Abdulhayoglu. “The difference here is that we were attacked by the Iranian government, while Symantec’s problems were self-inflicted. We learned from our issue how to improve the CA infrastructure and stop issuing the Registration Authority model to award certificates. Symantec continued to use the RA model. They didn’t listen to us. Google finally lost patience with them. The result is that Symantec’s governance system cannot be trusted.”

DigiCert – which had no trust infrastructure problems of its own – has committed to executing the re-validation of the Symantec certificates, and says it is ahead of schedule. Abdulhayoglu questioned, however, whether they will have the logistical ability to absorb a business that was four times their own, in addition to resolving the problems the acquired business brought them.

“We see this as the big factory – Symantec – shutting down, and the tiny factory – DigiCert – taking it on themselves,” he said. “We don’t think they will be able to give the service that enterprise customers expect.”

Conner and Abdulhayoglu both said that Comodo CA would follow a primarily channel strategy going forward. Before acquisition, Comodo CA worked with a channel of Web hosting companies, MSPs, large service providers, and Web design companies – anyone who services customers. Going forward, while there will be a direct component, particularly in the government market, they will also expand the channels with which they will work.

“If you were to stab me I would bleed channel,” Abdulhayoglu said. “Innovative companies can go after the channel. If you are a me-too company you don’t have much attraction because the channel has choices. We innovated at every level. PKI seems pretty standard but there is a lot of innovation behind it.”

“Melih has done a good job of working with traditional MSPs and carriers, but we see the Internet of Things as generating a large business – and a huge channel – for us going forward,” Conner said. “There are also resellers and partners in certain verticals that do this kind of business for enterprises, and we will be increasing our focus with them. Many of these have been working with Symantec, and they may just want to change now. We will work aggressively to expand our market with them. Bill Holtz and I will take this business to the enterprise through the channel”

“Anything with a computer in it needs a digital certificate, and both enterprise growth and the Internet of Things are causing demand to grow like mad,” Abdulhayoglu said. “The next phase I see is certificate management, and we think that only Comodo CA has the innovative capability to solve that.”