Storage giant EMC claims that it is planning to hold onto all of RSA Securitys operations once its $2.1 billion deal for the software maker closes, at least for now.
Some industry watchers have speculated that after polishing off the proposed merger, first announced on June 29, EMC would pick-and-choose among RSAs operations and potentially sell off some pieces of the business that do not closely relate to its data storage product lineup. However, RSA officials said the company has no specific plans at this point to slice-and-dice its newest acquisition.
Prevailing consensus among some analysts and experts is that EMC was most interested in adding RSAs burgeoning encryption software portfolio, leaving questions about whether or not the storage market leader would retain RSAs authentication and digital certificate businesses, along with its well-known security industry conference. Analysts have questioned whether EMC would have an interest in retaining RSAs flagship SecureID authentication software product line, a large element of which is aimed at consumers, but company officials said the firm has no plans to sell off that business at this point.
“RSAs play of late has been moving into consumer authentication, thats certainly not EMCs traditional space, so you have to wonder how does that fit into their larger plans,” said Andrew Braunberg, analyst with Washington-based Current Analysis. “RSA spent a lot of money on that and they bought Cyota (for $145 million); how that would fit into enterprise customers and EMCs overall business remains unclear.”
EMC has invested in authentication technologies via previous acquisitions. In March 2006, the company purchased privately held Authentica, a far smaller company than RSA that specializes in enterprise DRM (digital rights management), for an undisclosed amount of money.
Despite claims that all of RSAs business has strategic value to EMC, executives focused squarely on the firms encryption assets when detailing benefits of the merger. As EMC builds out its vision of ILM (information lifecycle management)—which proposes to help companies better automate nearly every aspect of data storage, access and management—authentication and encryption are key pieces of that strategy, company officials said.
“All of what RSA does will augment and improve what EMC has, and we will be able to use their authentication, identity management and encryption products all through our product line,” said Rob Sadowski, director of marketing for EMC Security. “Specifically, RSAs encryption key management systems and encryption libraries in the software are extremely valuable for us; the fact that this high-quality encryption hasnt been available for entry-level customers has really been holding back advancement in the enterprise security space.”
The executive said that the encryption technology is one area that customers are demanding EMC to bolster if they are going to continue to buy into ILM, as data security has become a hot-button issue driven by federal data regulations and high-profile corporate information losses.
“Using RSAs expertise, we will now be able to supply a common encryption key infrastructure throughout our products, and that is a valuable thing for our customers—who have been demanding more security for a long time,” said Sadowski. “The credibility that RSA has built up over the years is going to be a very attractive thing for our customers as they look at upgrading their infrastructures and security solutions.”
Next Page: Growing market for data security.
2
Market watchers observed that while EMC may have little interest in marketing RSAs SecureID product line independently, especially its consumer applications, the firm should find use for enough of the intellectual property it has gained to offset any related loss of those product sales.
“As with any acquisition, particularly of this size, theres not going to be a 100 percent perfect fit, but some of these pieces will be kept even if they are not within EMCs sweet spot,” said Paul Stamp, an analyst with Forrester Research, in Cambridge, Mass. “SecureID is a highly profitable business, but there are technologies coming along in other companies that may replace it; in the wider concept of data authentication, RSAs technologies fit very well with EMCs current strategy.”
If companies pursuing ILM are trying to get a better handle on which of their employees are granted access to data encryption tools, there may be no better fit than RSA, the analyst said. However, if EMC does look to sell off SecureID, it would likely find many interested buyers, including Symantec and Microsoft, according to Stamp.
“Theres a growing market for data security that hasnt been addressed sufficiently; users are asking for it and large IT vendors need to respond to that,” he said. “I could easily see a Symantec or Microsoft going out to acquire that technology, and that reflects a change in customer demands across the IT industry.”
Stamp said that the EMC-RSA deal points to the trend of stand-alone security technologies becoming integrated pieces of IT providers core products. Managing customer policies for data access and protecting information with encryption fit squarely into EMCs overall strategy, the analyst said.
Other experts agreed that the RSA deal was a key move for EMC, but questioned whether the storage company will retain all the technologies it acquired via the merger.
“EMC was clearly desperate for some sort of security play and needed to get storage encryption, and they get a lot of technical expertise to that end through RSA,” said Peter Firstbrook, an analyst with Stamford, Conn.-based Gartner. “What will happen with the rest of the business seems less clear; I wouldnt be surprised to see some of the pieces sold off to one of the larger access management providers, such as a CA, Microsoft, Novell or Sun.”
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.