EMC, of Hopkinton, Mass., is the worlds sixth-largest software company and owns the largest share -- about 29 percent -- of the overall data storage market. It has acquired three other firms—Interlink Group, of Redmond, Wash., nLayers, of San Jose, Calif., and ProActivity, of Newton, Mass., in the last two months.
RSA, a $375 million software security company based in Bedford, Mass., fills EMCs greatest need—a complete set of enterprise security solutions to complement the companys storage, virtualization, content management and business intelligence offerings.
RSA also brings with it an array of identity and access management, encryption, and key management software to add to EMCs overall portfolio.
"In all our sales now, our chief security officer is getting involved," EMC Chairman, President and CEO Joe Tucci said at the news conference at which the announcement was made.
"In just about every survey of IT, security and storage dominate the top of the lists, and far as needs go. This acquisition frankly fills a big need for EMC," Tucci said. "Weve had a small amount of revenue in the security area, but now we think this will be a $500 million business for us within a year—and that it will become eventually a $1 billion business."
According to recent surveys conducted by industry and financial analyst firms, information security is the No. 1 priority among CIOs. RSA Security itself reported recently that about 75 percent of U.S. companies suffer data loss each year.
"If you look at EMCs overall strategy, the only play that they have yet to make aggressively is on the security side," said Mounil Patel, an analyst with Boston-based Aberdeen Group. "Theyve been giving a lot of lip service to security, but they know its more important than that and they want to move on it."
Patel pointed out that EMCs aggressive acquisitions strategy, which has seen the firm purchase a wide range of technology providers over the last several years, has worked out up to this point, but he said he believes that customers are likely to be increasingly asking the firm what it is doing to improve security in its products.
EMC already uses RSAs authentication tokens in-house, which could be another reason to push for the deal, Patel said.
"RSA would add a lot of credibility to EMCs authentication and encryption capabilities, and Im willing to bet that almost every portion of their business could be of interest to EMC in regards to expanding ILM [information lifecycle management]," he said.
"Security is becoming a bigger part of most applications and people likely asking EMC about the security piece of the puzzle because theyre worried about losing customer data; encryption is a big part of that and EMC hasnt had much of an answer to that end," Patel added.
As Alan Krans, a senior analyst with Technology Business Research, in Hampton, N.H., put it, "If EMC is where information lives, the acquisition of RSA will allow EMC to lock the door."
Security may not be as "sexy" as applications, Krans said, but Sarbanes-Oxley Act, HIPAA (Health Insurance Portability and Accountability Act) and other compliance requirements make data security a big business.
"Although the price is slightly higher than originally speculated ($2.1 billion), TBR believes EMC chose the right company, in the right area, at the right time," Krans wrote.
With RSAs annual revenue of $310 million in 2005, a purchase price of $2.1 billion isnt a steal, Krans said, but the price does reflect RSAs stagnant revenue growth (less than 1 percent from 2004 to 2005), and recent probes by the SEC.
Krans said he believes this deal also will be positive for RSA, presenting greater revenue growth possibilities by leveraging the cross-sell and up-sell opportunities within the EMC product set.
Brian Babineau, a storage industry analyst with Enterprise Strategy Group in Palo Alto, Calif., told eWEEK that this is a "good move for EMC if they can spend another $200 million to $400 million on additional security solutions that can leverage the RSAS brand, channel and customer base.
"If they just run with the existing RSAS organization, then they overpaid and could quickly find themselves explaining to the Street that they were not ready to venture out in the competitive information security market," Babineau added.
Upon completion of the acquisition, RSA will operate as EMCs Information Security Division, headquartered in Bedford, Mass. RSA CEO Art Coviello will become an executive vice president of EMC and president of the division.
The acquisition is expected to be completed late in the third quarter or early in the fourth quarter of 2006, subject to customary closing conditions and regulatory approvals.
Editors Note: This story was updated to include information and comments from the news conference and analysts.