EMC, the world’s largest independent storage firm, paid a 45% premium for RSA Security, a firm with stagnant sales. Its stock promptly tanked, dropping 4%.
Expect more tanking
RSA products are primarily authentication (you are who you say you are) and access management (the authentic you is allowed to see this data). What does this have to do with data storage? Not much. Certainly EMC could have OEM’d security products for a lot less than $2.1 billion. From a financial perspective, EMC just paid $2.1 billion for $42 million in RSA earnings: a 2% return.
Hope Is Not A Plan
EMC is hoping that their strong grip on CIO wallets will enable them to dramatically increase RSA sales. To do so EMC’s crack commission sales force will have to step out of the corporate data centers they know so well into the business units they don’t. I can’t think of one IT firm that has done that successfully, but hey, maybe EMC will be the one to break the code.
Consumers Are The Big Win In Security
As with most markets in America and IT, consumers drive volume. I’ve used hardware security authenticators and know that consumers won’t use them. IT can mandate them for corporate use, but only with business unit buy-in. The jury is still out on which consumer security solution will win, but IMHO it isn’t going to be a set of solutions that have been around in various forms for 10 years.
EMC’s Strategy Is Broken
If ever a company cried out for inspired re-invention, it is EMC. They have tremendous resources, a strong brand, and the ear of every F5000 CIO. The signs of a hard landing in enterprise data storage are growing every day, just as in the mainframe and minicomputer markets of the late ’80s. EMC could re-invent data storage using modern design paradigms. Instead they appear intent on following their Rt. 128 minicomputer brethern into oblivion.
“To do so EMC’s crack commission sales force will have to step out of the corporate data centers they know so well into the business units they don’t.”
Which they’ve done already with Documentum.
Really? Isn’t Documentum a centrally managed resource? Corporate can mandate such things and the BU’s have to go along. I’ve no doubt the Documentum folks had success in BU’s as does the Clariion part of EMC, but EMC’s stated focus is on the corporate data center where they do an impressive job.
Corporate data security might be a good business, yet it appears the real reason EMC bought RSA was that RSA convinced them that someone else would buy RSA (Symantec?) and deny EMC the technology (see the analyst concall transcript). There is no particular synergy today, but they promise loads of synergy tomorrow. I think EMC got rolled by RSA, but I could be wrong.
Eyeballing EMC’s most recent 10Q and 10K reports, it looks to me that they are having much more success jacking up software service revenues than license revenues. The software licenses are highly profitable, services less so. So the question remains: is EMC able to grow the topline of their software business better than these firms would have done on their own? EMC’s sliding stock price suggests I’m not the only sceptic.
Access control, identity management and key management are also centrally managed resources and RSA already have a sales force who know how to sell into those markets.
I highly doubt that EMC was somehow suckered into buying RSA, the more likely story is that someone else in the security business also wanted the company and drove up the price up.
EMC has been talking about security for the past 18 months and has watched as customers deployed Decru and Neoscale boxes in front of arrays for the past year. The message from the risk managers is that they need to centralise control of keying for data in flight and data at rest, regardless of that data is encrypted by the OS, the application, a drop in box, or an array, and if EMC won’t do it they’ll find a vendor who will.
Mark, you are right when you say EMC can sell to the data center. And maybe I’m wrong in thinking that enterprise security management products will require selling to the business units as well as corporate. I do think we agree that security is important to customers. It may even be that encryption and key management systems are going to be the preferred solution for enterprise data going forward, although I suspect we’ll hit some major bumps along the way there as well, since the biggest security issues, IMHO, are human stupidity, cupidity and greed. If we make data security foolproof, the universe will simply invent a better fool.
The question on the minds of many is: did EMC have to lay out $2B in cash to add the benefits of RSA-style security to their product mix? Given EMC’s size, there aren’t many potential purchasers who would have turned away their business. Tucci, et.al. claim there will be all kinds of wonderful synergy as a result of this acquisition. For $2B, there’d better be.
The question on my mind is if EMC was well along the path to OEM’ing/licensing some of their technology only to find some competitor, had stepped in and was about to buy the company and slam the door on them.
I read that transcript you pointed to, Tucci states more than once that if he didn’t buy the company then he wouldn’t have had access to the tech, and why in the world would a standalone RSA not be willing to do some sort of licensing deal with a vendor EMC’s size?
Well it wouldn’t be in their interest to do so if they were a wholly owned division of Symantec.