EMC + RSA = New force in data security
- 18 July, 2006 10:40
It's always interesting to see the public response to a game-changing acquisition, namely EMC buying RSA Security. This deal changes the security landscape, so I need to come up with a new name for EMC. How about EMCecurity (pronounced E-M-See-curity)? I kind of like that.
Candidly, this deal caught me off-guard. I heard the rumors, but I did not expect a huge security deal such as this to happen this year. EMC is making a decisive move. Looks like my Magic 8-Ball let me down again.
I'm heartened by the backlash this deal has received from those in the know. I enjoy being a contrarian and start to question myself when I agree with everyone out there. You remember the old adage by President Lyndon B. Johnson: "If two men agree on everything, you may be sure that one of them is doing the thinking." And it's not just two men who think EMC buying RSA is a bad idea, but lots of folks who usually have a clue.
But they are wrong, and here is why:
-- The data center is a world unto itself -- Many are still scarred by the difficulty that Symantec is having with Veritas, so therefore no security or storage deal can work. Symantec sells to the security manager, however, (not the CIO, as it would lead you to believe). Veritas sells to the data center manager. No leverage and no way to bridge the gap. Worse, none of Symantec's security stuff really fits well into the data center.
EMCecurity will sell to the data center manager, who is about to get more security than ever imagined. As information/data security becomes more important, EMC will be well positioned to sell encryption and identity management to those folks.
-- RSA is about more than SecurID -- One of the common refrains is that RSA only sells tokens. Though SecurID is a strong and powerful brand, it was getting long in the tooth. They've always had a strong (though not exciting) encryption business. And their identity management products (more on the single sign-on and federation side than Web access management) are also well regarded.
It's true the buyer for tokens is different, but EMC has proved that it doesn't mess with its acquired properties. Both Documentum and VMware continue to push their own wares under their own brands in the markets that don't overlap with EMC.
-- "Consumer" is a red herring -- What about this consumer security business, Cyota and PassMark? How does that help EMC? For one, you don't sell Cyota to the consumer. You sell it to the corporate banker. And phishing and privacy are CIO-level issues. The addition of Cyota has changed the conversation RSA has about tokens. CIOs now perceive RSA as being strategic and renew the tokens. If anything, Cyota and Passmark are the jewels of this deal.
-- Identity is the link -- Identity is the link between the infrastructure (tokens) and the information/data (encryption). It's what Symantec doesn't have and what makes the EMCecurity combination pretty compelling.
-- Price doesn't matter -- The big issue, especially on Wall Street, is the price, which was big. Good for RSA's shareholders. If I'm wrong, however, and the synergies don't materialize, if EMC paid US$10 it would have overpaid. And if they do materialize, the $2.1 billion will be a drop in the bucket compared with the leverage EMC will achieve by controlling, storing and protecting information.
It's too bad it will take years for this scene to play out, so I won't be able to gloat for a while. But that's OK, I have a long memory. When I'm right, that is. . .
Rothman is president and principal analyst of Security Incite, an analyst firm focusing on information security. Read his blog at http://feeds.feedburner.com/secu rityinciterants or send e-mail to email@example.com.