Avast, a cybersecurity and privacy company, announced on December 9th 2021 their intent to acquire Evernym.

Founded in 1988 in Prague, Czech Republic, Avast focuses both on meeting both consumer and enterprise use cases. On the enterprise side it offers endpoint protection such as patch management, internet/email/web gateway, and content filtering. For consumers, Avast provides a range of security protections and privacy measures for individual devices.

Evernym was founded in 2013 in Salt Lake City, UT, USA. It provides blockchain-based decentralized identity solutions that enable organizations to issue and request Verifiable Credentials, and individuals to establish identity wallets and personal control over identity information.

Avast CEO’s statements have centered primarily on the consumer aspect: “Consumer trust in the online world has been critically compromised...Our vision for a digital freedom is to enable people to manage and retain control over their personal data so that they can interact and transact safely, privately and with confidence. Decentralized digital identities are a key component of that vision.” This seems to indicate a focus on the individual with future products based on the Evernym technology, perhaps to further interrupt digital tracking, online surveillance, and identity fraud. Indeed, a stated goal at this time is to enable a secure, portable, reusable identity that are universally and globally available.

The acquisition is projected to close in mid-December with products based on Evernym technology to be available in 2022.

A Promising Pairing

There is a natural pairing between the goals of a consumer cybersecurity company and a decentralized identity company: they both work to empower the individual to take control of and protect their online presence.

Avast’s product suite ranges from VPNs, antivirus, anti-tracking, monitoring of personal information potentially affected by data breaches, and so on. Evernym enables user-centric identity, where the individual user holds, controls, and shares their identity data in a privacy-preserving way.

Adding a decentralized identity function to Avast’s arsenal of personal privacy tools is a natural step to empower individuals to keep their information from being stockpiled in the many siloes of the many service providers they interact with.

The Pathway to Mass Adoption?

Decentralized identity has been striving for adoption beyond flashy Proof of Concepts for a few years now. Acquisitions like Avast of Evernym could be the way to product maturity and mass adoption. Since the inception of decentralized identity, its biggest selling points have been the capacity to protect the privacy of individuals and put control into their hands (literally, by storing their identity information in the secure element of their mobile devices and with proofs stored in the blockchain instead of in enterprise identity siloes). Combining the privacy aspect with user-centricity, a company like Avast who serves individual consumers could equip their customers with exactly that.

But there is the other perspective to consider. Individuals, equipped with identity wallets and Verifiable Credentials will need service providers who accept this type of credential; in addition to individual buy in, enterprises need to participate as well. Decentralized identity has been thus far unsuccessful in gathering a large, consolidated following of individual users to create the draw that enterprises need to build support for decentralized identities into their systems. A continuing challenge of decentralized identity is that although individuals can create a secure, validated, and reusable identity, there are very limited places to use this identity – the enterprise side has not yet provided the opportunities to issue, use, transact, verify, authenticate, exchange these identities on the sites and with the service providers that users interact with most. That is to say, decentralized identity will need a place to be used before it becomes useful to individuals. It is possible that Avast’s ability to create a cohesive decentralized identity user base may bring enough attention and attractiveness for other service providers to integrate such capabilities.       

This acquisition has piqued the curiosity of KuppingerCole Analysts, and we will certainly be watching how Avast’s decentralized identity products evolve in the coming months. Closer integration with their anti-tracking and monitoring of exposure in data breaches may be vehicle enough for end users to find utility in their decentralized identity solutions, without relying on enterprises to adjust their onboarding procedures to accept decentralized identity credentials. In any case, it is a promising time in the evolution of decentralized identity.

See also