With the rise in identity theft and online security breaches, RSA Security seems poised to take off. But how far it goes depends on how well the company is able to expand its authentication technology to new markets and devices.

With its SecurID tokens, "RSA is the undisputed market leader in two-factor authentication for the enterprise," says Ranjini Chandirakanthan, an analyst at ThinkEquity Partners. According to IDC, RSA held 73% of the worldwide market for traditional authentication tokens in 2004. Its closest competitor, Vasco Data Security International, had less than 10%.

RSA, which had $310 million in revenue in fiscal year 2005, has been successful in the enterprise market because it has such a robust back-end server that manages the authentication process, Chandirakanthan says. But with the market becoming somewhat saturated, it must look elsewhere if it wants to achieve high growth, she adds.

The company sees plenty of opportunity to leverage its technology in other areas.For example, more U.S. commercial institutions are becoming aware of the need to protect consumers against identity theft. That means RSA has an opportunity to help enterprises extend SecurID to their customers. The Federal Financial Institutions Examination Council, made up of five U.S. financial services regulators, issued guidance in October 2005 that encourages all financial institutions to implement strong authentication in their Internet-banking applications. "It doesn't mandate a technology, but it makes it clear that this is a best practice that needs to be adopted, so it has created a flurry of activity and a great opportunity for us," says Art Coviello, RSA's CEO.

Also see: RSA CEO Art Coviello on his business plans

Extended security

Since last summer, RSA has made several moves to extend its technology; all are designed to make passwords more effective and to help enterprises create security infrastructures around them, Coviello says. For one, it enhanced its single sign-on software, Sign-On Manager. In addition, RSA will offer multiple authentication technologies that work with passwords. Some of the technologies come from the company's $145 million acquisition of Cyota in December 2005, which brought RSA a way to offer corporations risk-based, layered authentication for their online consumers. Depending on the level of risk, cost and convenience required by a given application, a company can choose from a variety of authentication techniques, an offering Coviello calls adaptive security. "It's all about balancing three things: risk, convenience and cost," he says, adding that RSA hopes to make security "as inexpensive and as convenient as possible while minimizing risk."