Entrust Datacard’s agreement to buy the UK’s nCipher Security from defence and aerospace multinational Thales is part of the company owner’s “generational wealth-building” approach, CEO Todd Wilkinson told Computer Business Review in a call this week.
US-based Entrust itself was bought by the billionaire German Quandt family’s Datacard Group for a reported $500 million (Bloomberg estimate) in 2013.
Backed by the family’s significant firepower – the family is one of Germany’s richest and a major BMW shareholder – the company has made a string of European acquisitions in the past 12 months, with nCipher just the latest British company to prove an attractive target.
Rationale for the Deal
Entrust Datacard CEO Todd Wilkinson said: “We are a leader in SSL certificate offerings, in PKI certificates. when you look at Cindy’s business in nCipher one of the most common uses for HSMs is alongside PKI; we see significant synergies. We have a very similar customer base. The combination of our sales teams and technology teams is going to give us both some scale and capabilities that we didn’t have individually. I’m excited about bringing these business together. “
Cambridge-based nCipher, a hardware security module (HSM) specialist owned by Thales, is being sold as part of a deal with regulators. The European Commission had asked Thales to offload the asset in order to ensure the HSM market remains competitive following Thales’ pending acquisition of Gemalto.
nCipher Security CEO Cindy Provin told Computer Business Review in a call: “We did have a number of bidders, but the entire team is very optimistic about working with Entrust Datacard. From a management perspective they were our preferred option. We’re just working on some final carve-out activities like purging of data, ring-fencing of some assets but in terms of the finishing activities we’re on track to close in the second half of 2019. We see tremendous growth opportunities to cross-sell and up-sell.”
Seven months earlier Entrust also made a strategic investment in the UK’s CensorNet, which provides a cloud access security broker (CASB) offering, multi-factor authentication, and web and email security.
The company also bought Copenhagen-based SMS Passcode, CensorNet’s adaptive multi-factor authentication technology solutions provider, at the same time saying: “At a time when other security players are going through large, complex mergers or acquiring and shelving smaller innovators, Entrust Datacard is building strong partnerships through targeted investments and acquisitions.”
With regard to the nCipher acquisition, Entrust CEO Todd Wilkinson told Computer Business Review: “This is a definite agreement… we are still working to complete some regulatory clearances. Bit one of the reasons that we were chosen was our ability to overcome those regulatory steps. It’s two businesses coming together support growth in all regions.”
Asked how the deal was financed – and declining to offer any details on what the company was paying for nCipher – he said: “We have a unique ability to raise equity funding; our owners take a long-term generational wealth-building approach and because of that we can make the investments that make strategic sense.”
Asked if he would be looking to bring nCipher’s team under one roof with an Entrust Datacard team he said: “As we sit today I have a pretty sizable development team in Minneapolis, in Ottawa, in Denver… this will bring in a sizable development team in Cambridge which is another great location with great talent.”
Entrust Datacard: Portfolio Includes PKI Managed Service
Among Entrust Datacard’s offerings are a Microsoft Public Key Infrastructure (PKI)
While its possible to put your public key infrastructure in the cloud, businesses need to maintain sole control of their cryptographic keys. Certificate authority (CA) keys need to be managed properly under policies and auditable processes, as well as stored in hardware security modules (HSMs) like those provided by nCipher Security.
Entrust Datacard achieves this by hosting the offline root CA and HSMs in its certified data centers and by giving a dedicated customer access to root CA keys, without requiring admin rights to the customer’s Active Directory; control over the PKI and its associated business processes remains with the customers.
Further down the line, the challenge of PKI management is one that Microsoft is hoping to circumvent via the development of homomorphic encryption, which lets users compute on data while it is encrypted.
This means users will, as the technology matures, be able to process encrypted data in the cloud, without having to download it for decryption on-premises, or provide a decryption key to a third party provider.