EMC Buys RSA: Customers Upbeat, For Now

If its $2.1 billion bid for RSA Security goes through, EMC officially can’t be called a “data storage” vendor anymore. The Hopkinton, Mass., company adds RSA as part of steadily rounding out its offerings, staking out a broad area of information management and security infrastructure.

The companies, which announced the deal late on Thursday afternoon, expect the acquisition to be completed late in the third quarter or early in the fourth quarter of 2006.

EMC has been best known for its massive storage systems. With RSA, which posted $310 million in revenue for 2005, the company acquires a line of encryption and authentication products, including SecurID, hardware devices that provide a second factor in proving the identity of someone logging in to a network remotely.

One RSA customer believes the EMC acquisition can only benefit the smaller company.

“I think it is a good strategic move for RSA,” says Victor Leung, director of Web development for Man Financial, a futures and options brokerage based in London. “I am glad RSA is now part of part of a bigger company, and I hope RSA would have access to more resource to focus on what they do best—security.”

What about the possibility EMC will divert RSA from a singular focus on security? Leung doesn’t believe that will happen, and that any future integration between RSA and EMC products will be a good thing.

“I can’t see why the I.T. managers would complain if EMC tells them their products are 100% compatible with the RSA infrastructure that is already in place,” he says.

Dave Miller, chief information security officer of Covisint, a Detroit-based provider of data integration services and a division of software provider Compuware, is another RSA customer. He doesn’t expect any immediate changes resulting from the deal, but is hopeful that the EMC-RSA tie-up will result in products that closely couple data and security.

“One of the biggest security issues around is, how do you protect storage directly? What happens when a backup tape is stolen?” he says. A major drawback of encrypting data in storage has been the complexity of doing so, as well as the additional processing demands to encrypt and decrypt data. Miller imagines a hardware-based encryption product that protects data but still provides high-performance access to it: “Then I could feasibly have an encrypted database,” he says.

EMC may have felt compelled to push into the security field in large part because its chief software infrastructure rival, Veritas Software, has been consumed by Symantec, the predominantly security-focused software company that now counts information management as a key pillar in its portfolio.

EMC president and CEO Joe Tucci, in announcing the deal, said the company is “100% committed to applying the resources required to continue to expand RSA’s leading market share while also tightly integrating their technology with EMC’s products to bring customers the best information-centric security portfolio available.”

EMC says it expects to let RSA operate semiautonomously, following the approach it has taken in the past with sizable acquisitions like backup-software vendor Legato Software and document-management software company Documentum (although those two units have since been consolidated into a single business). For now, anyway, RSA will remain based in Bedford, Mass., and will be renamed EMC’s Information Security Division. Art Coviello, RSA’s president and CEO, will run the division as its president.