Ed Snowden, the former Booz Allen NSA contractor is top of the news, which brings to mind security. Playing association games, my mind goes to software security, computer security, to M&A to RSA to EMC.(1)
Whether or not you believe Mr. Snowden is a traitor or protecting our rights by exposing government over-reach, software security is a huge industry. One of the largest commercial vendors is EMC Corporation (EMC: NYSE). EMC started its life as a humble vendor of solid state memory, in 1979. Back in the day, StorageTek (StorageWho?) was its chief competitor. In fact StorageTek looked at acquiring EMC more than once, but either declined or never came to terms.
Instead, EMC set out on its own acquisition journey, and is a brilliant case study on how to use strategic acquisitions to build a formidable business. Acquisitions, though never easy, are trivial in comparison to the job of integrating the acquired company into the organization. EMC has built Enterprise Content Mangement, IT Management, Virtualization, Buackup Recovery & Archiving, Cloud Computing and Data Warehousing business segments through acquisition, all starting from its core hardware business.
In honor of Mr. Snowden, we are focusing on the security area. In 2006 EMC paid $2.1 billion for RSA. At the time, RSA had a data token business or $310 million in revenues. A token generated numbers every minute or so; in order to gain access to a computer system, your number and the computer system’s number had to match. It was that simple and that complicated.
Since 2006, RSA’s revenue has almost tripled, though it is a small part of EMC, whose total revenues are $22 billion, with net income of $2.73 billion. As only a few percent of sales, why is EMC bothering with an RSA and the security business? In today’s world, security is everything, though never mind that RSA’s products could never have stopped Mr. Snowden.
Security is a fast moving field. In order to remain competitive, EMC has played the acquisition game in spurts. Most acquisitions were made in 2006, 2007 and 2013, with a large breather in between. EMC/RSA is a showcase for the Build-by-Acquisition strategy.:
Silver Tail Systems
Authentica offers software for securing email documents and data on mobile devices.
RSA Security sells tokens securID tokens for two-factor verification
Network Intelligence: Appliances that probe computer networks, providing security and compliance analysis.
Valyd: technology is for encrypting and securing data at the database and file system level will lead to the introduction of two new products from the RSA division,
Verid: Provider of consumer authentication services. Verid’s technology is designed to pose real-time, interactive questions to consumers to verify their identity.
Tablus: Content loss prevention solutions that locate, monitor, and protect sensitive enterprise information across their networks and desktops from loss or misuse.
Archer Technologies: SmartSuite Framework delivers out-of-the-box solutions in categories of policy, risk, compliance, enterprise, incident, vendor, threat, business continuity, and audit management. The solution enables users to tailor solutions to their specific requirements in both on-premises and Archer SaaS models
NetWitness: Network security analysis and visualization software
Silicon Security is a developer of endpoint monitoring technology that helps security teams detect and mitigate unknown and advanced malware
Silver Tail System: Real-time Web session intelligence and behavioral analysis.
It would have been impossible for EMC to build or become a leader in all of these ten security technologies/products/markets. But, it wants to be the one stop shop, and bundle these products with its other systems.
EMC is playing in the enterprise, and security is a pivotal and the enabler. EMC sells security to sell storage to sell content management to sell IT management and Virtualization. It’s all linked. While security is only $1 billion of EMC’s $22 billion in revenue, without it EMC’s revenue would much lower than $21 billion
(1) Ironically, in September 2012, RSA and Booz Allen, Snowden’s former employer, announced a partnership to sell services for cyber attack preparedness and incident response