RSA Security Inc. President and CEO Art Coviello cruises the company cafeteria on his scooter on a late December morning, looking like a kid on the hunt for a good game of marbles.
The scooter is a light-hearted touch for Coviello, who has earned a reputation as a tough competitor with a sharp intellect and a polished persona in his decade at the helm of RSA, and as a spokesman for TechNet, the technology industry lobbying group.
But on this day, its a relaxed and happy Coviello in khakis and a sweater, pushing himself around the cafeteria.
“Im getting older, and this place is huge,” Coviello says. “This helps me get around.”
Like its CEO, RSA is changing. In Coviellos decade at the helm, the Bedford, Mass., company has grown from a $25 million maker of PKI (Public Key Infrastructure) products to a $300 million company with a range of products that include secure authentication tokens and identity and access management software.
As of January 2006, the company plans to add “consumer anti-fraud protection” to its list of technologies, with the planned $145 million acquisition of privately held Cyota Inc., which RSA agreed to acquire in December.
The ride has not always been easy for Coviello or the company.
RSA said in December that it was closing development operations in New York, California and British Columbia to consolidate its engineering operations in facilities in Bedford, as well as Australia, India and Israel.
The company also provoked the ire of Wall Street for lackluster fiscal performance in recent quarters, and for what many analysts felt was a too-rich offer for Cyota.
Speaking with eWEEK, Coviello defended RSAs performance, its acquisition of Cyota, and the companys plans for the future, which he described as common sense moves to address a fast changing authentication market.
“These days, were worrying less about competition than about the fragmentation of the authentication market,” Coviello said.
Fragmentation
RSA marquee customer E-Trade Financial Corp. is a perfect example of that fragmentation.
The online brokerage offers SecurID tokens to more than one million customers under the terms of a deal announced in March 2005. Customers with over $50,000 in assets get tokens for free.
However, RSA has only shipped around 30,000 tokens to E-Trade customers so far.
RSA hopes to sell more SecurID tokens into the E-Trade customer base, but the Cyota technology gives the company a way to extend basic authentication protections to the masses of users of E-Trade and other financial institutions like it, Coviello said.
“It is becoming increasingly clear to us that no one authentication technology will prevail in the marketplace,” Coviello said.
Wall Street analysts who question the companys investment in Cyota are looking only at the numbers, Coviello said.
Cyota is only expected to bring in around $20 million to $25 million in 2006, double what it made in 2005. But those numbers overlook the strategic benefit to RSA.
“Were the only one in a position to create a layered application that can keep the [authentication] market from fragmenting,” Coviello said.
The antifraud and transaction data that Cyota gathers from ISPs and its customers in the online payments industry is strategic information that RSA can use for any number of service-based offerings, Coviello said.
In the future, RSA will be increasing its investment in Internet-based services.
For example, the company is looking into offering a proxy service for companies that want to deploy one-time password technology for user authentication, he said.
RSA will also look for ways to package the Cyota technology to run on the customer premises, such as a network appliance or server that could download intelligence from the Cyota eFraudNetwork and other data repositories for use protecting corporate LANs, he said.
“Were looking for a complete services and premises model,” Coviello said.
RSA will have to tread carefully as it works to integrate the Cyota technology with its own product portfolio, said Avivah Litan, an analyst with Gartner Inc., based in Stamford, Conn.
“Id have to say the initial reaction [to the Cyota purchase] has been pretty negative,” she said.
Fraud detection is a hot area of investment, and there are clear affinities between Cyotas network fraud detection service and RSAs authentication technology.
Still, RSA had to outbid at least one other company, credit rating agency Experian Inc., to obtain Cyota, and ended up acquiring technology, such as Cyotas SecureSuite payment security platform, that doesnt mesh well with the companys other products, she said.
“Half of Cyotas revenue comes from [SecureSuite], and theres no natural synergy there,” Litan said.
Companies like VeriSign Inc. and Vasco Data Security International Inc. are also putting pressure on Coviello, competing for a share of the companys secure token business, driving down prices, even as the adoption rate for tokens increases, she said.
“[Tokens] are becoming commoditized, like telephone service. The margins are thin,” Litan said.
For his part, Coviello says the hand-wringing about declining token prices is “way misunderstood.”
RSA has seen prices enterprises pay for SecurID tokens decrease by only 3 percent to 5 percent in recent years. And token prices are being driven down by pressure from customers, not competitors, Coviello says.
Coviello is predicting that the next 12 months will be kinder to RSA, which saw revenues remain flat through much of 2005.
While other CEOs and industry leaders are probably a better audience to understand the Cyota deal than Wall Street analysts, success is the only way to finally prove your critics wrong, Coviello said.
“RSA took a big bet by acquiring Cyota. But in high tech, if you dont take risks and innovate, you die.”