While last week’s Dell/EMC merger was certainly a blockbuster, nothing specific was mentioned about future plans for RSA Security. Michael Dell did say that there were a “number of discussions about security” during the negotiations but apparently, no concrete plans. Infosec reporters have lobbed phone calls into Round Rock Texas as well as Bedford and Hopkinton, MA looking for more details but Dell and EMC officials haven’t responded.
Based upon a week of vague retorts, it’s safe to assume that there is no master plan for RSA at this time. While we in the cybersecurity world have a nostalgic bond with RSA, it really is small potatoes as part of this mega-deal in the IT space. Nevertheless, RSA is a marquis $1b+ brand named company in the red hot cybersecurity space so there is certainly value to be had.
So what will become of RSA? I can see three possible scenarios:
1. Dell/EMC create a big cybersecurity division including SecureWorks. According to the Wall Street Journal and other sources, Dell confidentially filed paperwork in early October to take SecureWorks public and the speculation is that SecureWorks could be worth $2 billion. This effort came before EMC so Dell may actually decide to postpone the IPO, fold RSA into the mix, and go for a much bigger valuation in a few years. If this happens, Dell would be saying goodbye to millions in investment banking fees and sacrificing a valuable IPO for the possibility of a future bigger deal fraught with uncertainty. Yes, RSA has name recognition and real value, but the company has been going through a transition recently divesting products, reorganizing its workforce, and doubling down on the identity and access management and security analytics markets. A SecureWorks/RSA combination could be extremely valuable but it would take time, money, and sunk cost to amalgamate the two. I don’t see this happening.
2. Dell/EMC build a cybersecurity products division led by RSA. In this option, Dell proceeds with its SecureWorks IPO and dedicates RSA as its cybersecurity products division as part of Dell/EMC or for another future IPO. As part of this process, the combined companies move the whole product enchilada into one division –RSA products, SonicWALL network security products, Quest IAM tools, and perhaps even AirWatch (from VMware). This seems logical on paper but all of these products look like an incongruent mix to me: IAM, security analytics, GRC, network security, MDM, etc., more of a cybersecurity conglomerate (think Textron) than a strategic enterprise security vendor. If Dell/EMC does pursue this path, it must also rationalize the portfolio and may need a few more pieces to complete the picture. SonicWALL is strong in the SMB space but enterprise network security is dominated by others like Cisco, Check Point, Fortinet, and Palo Alto Networks so SonicWALL may not help. And while RSA has an endpoint play with ECAT, a combined Dell/EMC division may want to go bigger by acquiring a current Dell partner like Bit9+CarbonBlack or Invincea to fill out its endpoint security offerings. Once again, it's about time and money.
3. Silver Lake goes for a cybersecurity financial bazaar. While Dell and EMC are technology industry vendors, Silver Lake Partners is in this deal for ROI alone. Given the size and complexity of the Dell/EMC deal, Silver Lake may not have the appetite to make cybersecurity yet another long-term play, opting for a more expeditious plan. SecureWorks is poised for a lucrative IPO already so Silver Lake may want to follow this by selling off a number of RSA assets for quick dough. First up – RSA’s cash cow authentication business and the highly-visible RSA Security Conference.
Many financial analysts look at the Dell/RSA cybersecurity assets and immediately point to IBM as a comparison. Yes, there are some similarities but it’s important to note that it took years for IBM to put this division together. IBM purchased ISS in 2006 and Guardium in 2009, but didn’t create a security division until after the Q1 Labs acquisition in 2011. Until that time, IBM still had a mixed bag of products and services spread across the company.
I’ve worked with RSA Security for years (pre- and post-acquisition) and believe there is real value in its products and services. While RSA President Amit Yoran has a strategic plan in place and is moving the company in the right direction, creating a unified Dell/EMC/RSA cybersecurity division represents a quantum leap in complexity that executives may not want to undertake. In the meantime, Dell, EMC, and Silver Lake have bigger fish to fry so there may not be any new cybersecurity news or returned phone calls from Bedford, Hopkinton, or Round Rock anytime soon.