Computerworld

Net Security Firms Baltimore, CyberTrust Unite

Baltimore Technologies Inc. last week announced it will purchase competing digital certificate software vendor CyberTrust in a $150 million stock transaction and indicated that CyberTrust's software will eventually be phased out in favor of Balitmore's.

While the CyberTrust software label won't endure, Baltimore executives emphasize the combined company will continue to support CyberTrust customers, such as American Express, Visa and the U.S. Department of Defense.

The companies sell public-key infrastructure (PKI) packages, which contain server software as well as tools for creating, distributing and validating digital certificates used to digitally sign electronic documents and ensure they aren't tampered with as they traverse networks.

Baltimore, a Dublin, Ireland, company with growing success in Europe and Asia, views its planned acquisition of CyberTrust as a way to gain a firmer foothold in the U.S. and enter the certificate-hosting business, in which CyberTrust is an established player. According to research firm International Data Corp., the worldwide market for PKI software and services will grow from almost $200 million last year to an estimated $350 million this year. Baltimore recorded $30 million in revenue last year, while CyberTrust posted roughly half that.

CyberTrust operates secure data facilities in Needham Heights, Mass., and Sapporo, Japan, where corporations can outsource the job of digital certificate issuance, validation and management to CyberTrust, a unit of GTE.

The fact that Baltimore is based overseas is raising questions in the U.S. military about whether it's appropriate for a foreign company to provide digital-certificate security services to the Defense Department.

"It would certainly be an issue for Baltimore to buy CyberTrust," says Petrine Gillman, director of security management infrastructure at the National Security Agency (NSA) at Fort Meade, Md. The NSA manages the Defense Department's PKI deployment, now counted at about 300,000 users of X.509 certificates.

She says the Defense Department, which began using certificates five years ago, makes use of home-grown PKI software, but also has used CyberTrust support services. Baltimore is currently in discussions with the NSA.