In a deal that marries one of the IT industry's biggest data storage vendors and one of its best-known security companies, EMC Thursday unveiled plans to acquire RSA Security.
Under the deal, EMC will pay US$28 a share, or almost US$2.1 billion, for RSA, according to the companies. The acquisition is expected to be completed late in the third quarter or early in the fourth quarter of this year.
"The mandate is clear from our customers: We need to be able to ensure that the information is secure and encrypted" with identity management and other protections, said Joe Tucci, EMC's chairman, president and CEO. "These are the things that RSA brings to EMC."
The technology company that integrates security with information management "will be a huge winner in the technology marketplace, and that company is EMC," he said during a conference call late this afternoon.
"EMC is where information lives, and with RSA, it's where it will live securely," Tucci said.
Earlier, in a statement, Tucci said the deal "signals a fundamental change in the landscape of the security market."
"RSA is able to offer EMC customers [assurance] that only authorized users have access to information," said Art Coviello, CEO and president of RSA. "It's time security becomes an integral part of the information [storage] infrastructure."
Upon completion of the acquisition, RSA will operate as EMC's information security division, with headquarters in Bedford. Art Coviello will become an executive vice president of EMC and president of the division.
Phil Shacter, an analyst at Midvale, Utah-based Burton Group, said it's hard to see the immediate driver for EMC's move. But over the longer term, RSA's technologies will allow the storage vendor to offer strong access control and auditing capabilities on top of its storage management products.
"EMC has this major role as custodian of important corporate data," Shacter said. Giving customers a better way to protect that data makes sense for EMC, he said.
RSA itself had been well positioned to grow, especially as a provider of strong authentication technologies, Shacter said. The whole notion of strong identity management and the interest in multifactor authentication -- in particular in the financial and health care communities -- had given RSA a "whole lot of traction" recently, he said. "There was a lot of upside in their end of the business. That helped give them a revenue stream that was healthy and probably improved their evaluation."
Jonathan Penn, an analyst at Forrester Research, said RSA's encryption and key management technologies are likely to be of immediate interest to EMC. In the short term, EMC's enterprise customers are going to see less of a need for add-on security products to protect stored data, he said. Over the long haul, they can expect to see more identity-driven access control capabilities built into EMC storage management products, he said.
"There's enormous potential in this deal," Penn said.
The RSA acquisition follows EMC's February acquisition of Authentica, a vendor of digital rights management software. At that time, EMC officials said that Authentica's technologies represented the kind of security-related products it intends to develop.
The deal echoes a similar union last year, when security firm Symantec bought storage vender Veritas Software in a deal initially valued at US$13.5 billion. That deal closed last July.
Tucci said that not acquiring RSA and thus not bringing in that company's technologies "would have put us at a severe disadvantage" to competitors making similar moves. "[If] we do this properly, which is what our challenge is ... it's going to be a phenomenal story."
Gartner Inc. analyst John Pescatore was skeptical.
"EMC is trying to make it look like all of the RSA piece makes sense," said Pescatore. In fact, only a small portion of RSA's portfolio is likely to be of immediate use in bolstering EMC's existing storage management capabilities. RSA's SecurID product, one of its biggest sellers, is used purely to help companies enable remote access to corporate networks and is unlikely to be of much use to EMC's storage customers, he said.
Like Symantec's purchase of Veritas, RSA's acquisition by EMC faces a lot of challenges, Pescatore said. "Seventy percent of big acquisitions don't work. I don't think anyone will say the Symantec and Veritas deal has been a screaming success so far. At this point, there's nothing about this one either that jumps out and says it will be a screaming success."
Brian Babineau, an analyst at Enterprise Strategy Group disagreed, saying EMC is buying RSA because its users are becoming increasingly concerned about data security. RSA's tools could help EMC meet the requirements of security and privacy legislation proposed in Congress in the wake of recent data breaches.
Babineau dismissed any comparison to the Symantec-Veritas deal. "It can't compare to Symantec/Veritas," he said. "There you had a consumer business and an enterprise business coming together. Here, you have two enterprise businesses that sell to different organizations, with one of those companies looking to expand their horizons and the other looking for an exit strategy."
Sharon Fisher and Jaikumar Vijayan contributed to this report.