EMC's move to acquire RSA for $2.1 billion certainly caught many off-guard on Friday -- notably investors, who panned the deal, sending EMC's shares down to its 2006 low less than $11 a share. Many questions surround why EMC would want a company best known for its SecureID smart-authentication tokens, and pay a premium for it to boot.
But RSA does offer strong encryption tools and public key infrastructure management technology that is used by many online services, retailers and financial institutions -- not exactly an area that EMC is known for. Then again, neither was document management when the company acquired Documentum back in 2003.
After listening to last night's analyst call hosted by EMC CEO Joe Tucci and RSA president and RSA CEO Art Coviello, VARBusiness further chatted with Rob Sadowski, EMC's senior marketing manager for information security. To get a reality check, we also talked to Burton Group security analyst Phil Schacter. What follows are some key questions and answers about what this merger will mean to EMC and partners of both companies.
Q: What does EMC plan to do with RSA?
A: RSA's Coviello will head EMC's new security division, where EMC is developing a common security platform consisting of a common set of services that ultimately will be integrated across its product line. EMC will implement authentication, authorization, auditing and services like encryption and key management.
Q: Of all of RSA's technologies, what is key to building that platform?
A: RSA's key management technology is critical. Customers are interested in encrypting data in multiple places in their enterprises, but they tell EMC and others they are afraid. What is holding back the whole deployment of encryption is the management infrastructure that sits around that. Customers don't want siloed implementations of encryption. RSA will be a single simplified key manager that will be key (no pun intended) as EMC starts to deploy encryption in its products.
Q: Will EMC continue to sell RSA's products exactly as they do today?
A: EMC says everything will be business as usual. Customers tell EMC the one thing they keep asking for is that security features be part of the infrastructure itself. That integration will be key, but EMC will continue to sell all the products as standalones just as they've done thus far.
Q: Will EMC change RSA's go-to-market approach?
A: RSA will continue to head its own sales force, and will continue to market those products by themselves.
Q: Will these two business models create competitive conflicts?
A: EMC says it does not want to create the perception that partnerships it has with its competitors will go away. But it does not appear the business will not be siloed the way, say, VMWare is.
Q: Will the RSA name continue to exist?
A: RSA's brand and reputation is considered one of the premier brands in security, and EMC has no plans to phase that out. Unlike Symantec, which did away with the Veritas name, EMC has a history of keeping most of the brands it acquires.
Q: What impact will the acquisition have on both EMC's and RSA's partner ecosystems?
A: The two companies already have some common alliance and technology partners, and those relationships will naturally continue. In terms of further expansion, those are things EMC will look at as the deal closes. Certainly it would be unwise to make any changes in the short term.
Q: Will RSA be added to EMC's Velocity partner program?
A: EMC is not commenting on that now, but much of RSA's technology has been sold directly. Regardless, RSA's technology will find its way into EMC products that go through the channel.
Q: Does EMC plan to acquire other security companies, or does RSA cover it all?
A: Most likely, more acquisitions are ahead. RSA has some nice point technology for EMC, but it doesn't cover the full gamut of security. Still, EMC says RSA provides the core strategic technical underpinnings of its goal to bring security throughout its product line and make security a $1 billion business.