Art (Coviello) by the Numbers

RSA CEO bets on authentication, anti-fraud technology.

RSA Security Inc. president and CEO Art Coviello is cruising the company cafeteria on his scooter on a late December morning, looking like a kid on the hunt for a good game of marbles.

The scooter is a lighthearted touch for Coviello, who has earned a reputation as a tough competitor with a sharp intellect and polished persona in his decade at the helm of RSA and as a spokesperson for TechNet, the technology industry lobbying group.

But on this day, its a relaxed and happy Coviello, in khakis and a sweater, pushing himself around the cafeteria. "Im getting older, and this place is huge," Coviello explains. "This helps me get around."

Like its CEO, RSA is changing. The Bedford, Mass., company has grown from a $25 million maker of PKI (public-key infrastructure) products to a $300 million company with a range of products that include secure authentication tokens and identity and access management software. As of this month, the company plans to add consumer anti-fraud protection to its list of technologies, with the $145 million acquisition of privately held Cyota, which RSA agreed to purchase in December.

The ride has not always been easy for Coviello or his company. RSA in December announced it was closing development operations in New York, California and British Columbia to consolidate its engineering operations in facilities in Bedford, as well as in Australia, India and Israel. The company also provoked Wall Streets ire with lackluster fiscal performance in recent quarters and with what many analysts felt was a too-rich offer for Cyota.

Speaking with eWEEK, Coviello defended RSAs performance, its acquisition of Cyota and the company plans for the future, which he described as common-sense moves to address a fast-changing authentication market.

"These days, were worrying less about competition than about the fragmentation of the authentication market," Coviello said.

RSA marquee customer eTrade Financial Corp. is a perfect example of that fragmentation. The New York-based online brokerage offers SecurID tokens to more than 1 million customers under the terms of a deal announced in March. Customers with more than $50,000 in assets receive tokens for free; however, RSA has shipped only about 30,000 tokens to eTrade customers so far.

RSA hopes to sell more SecurID tokens into the eTrade customer base, but the Cyota technology gives the company a way to extend basic authentication protections to the masses of users of eTrade and other financial institutions like it, Coviello said.

"It is becoming increasingly clear to us that no one authentication technology will prevail in the marketplace," Coviello said.

Wall Street analysts who question the companys investment in Cyota are looking only at the numbers, according to Coviello. Cyota is expected to bring in about $20 million to $25 million this year, double what it made in 2005. But those numbers dont reveal the strategic benefit to RSA.

"Were the only one in a position to create a layered application that can keep the [authentication] market from fragmenting," Coviello said.

Naftali Bennett, CEO of Cyota, points to Washington Mutual Inc., which last month signed on to Cyotas risk-based two-factor authentication technology, as an example of the kinds of customers that are being drawn to Cyotas technology.

"If youre a bank and you want to protect your online banking site, you might have 5 million customers," Bennett said. "Maybe you have a subset of customers, VIPs or corporate customers with $50,000 or $100,000 in their accounts where youll deploy tokens. ... You want that flexibility." Despite grand plans for integrating the Cyota technology, RSA plans to consolidate its consumer business in New York under the guidance of Bennett, with Cyota keeping its existing sales and marketing force, Bennett told eWEEK.

The anti-fraud and transaction data that Cyota gathers from ISPs and its customers in the online-payments industry is strategic information that RSA can use for any number of service-based offerings, Coviello said.

In the future, RSA will be increasing its investment in Internet-based services. For example, the company is looking into offering a proxy service for companies that want to deploy one-time password technology for user authentication, Coviello said.

RSA will have to tread carefully as it works to integrate the Cyota technology with its own product portfolio, said Avivah Litan, an analyst with Gartner Inc., in Stamford, Conn. "Id have to say the initial reaction [to the Cyota purchase] has been pretty negative," Litan said.

Fraud detection is a hot area for investment, and there are clear affinities between Cyotas network fraud-detection service and RSAs authentication technology. Still, RSA had to outbid at least one other company, credit rating agency Experian, to obtain Cyota and ended up acquiring technology—such as Cyotas SecureSuite payment-security platform—that doesnt mesh well with the companys other products, Litan said.

For his part, Coviello says the hand-wringing about declining token prices is "way misunderstood." RSA has seen prices that enterprises pay for SecurID tokens decrease by only 3 to 5 percent in recent years. And token prices are being driven down by pressure from customers, not competitors, Coviello argues.

Coviello predicts that the next 12 months will be kinder to RSA, which saw revenues remain flat through much of last year.

While other CEOs and industry leaders probably better understand the Cyota deal than Wall Street analysts, success is the only way to prove critics wrong, Coviello said. "RSA took a big bet by acquiring Cyota. But in high-tech, if you dont take risks and innovate, you die," he said.