Where now for RSA?

Next year's RSA Security conference will be rather different to this year's event in Nice. And the difference is not just because it is moving from the Cote D'Azur to the distinctly less glamorous London Docklands.

In 12 months' time, the outlook for RSA - and its customers - should be a lot clearer. For now, the IT industry remains deeply uncertain about what will happen to the security vendor and its products, following its acquisition by storage giant EMC.

Gartner, in a note published when the US$2.1bn deal was first announced in June, described the tie-up as a "strange fit". And the view of analysts and customers seems to be that RSA has more to offer EMC than EMC will bring to customers of RSA. A year from now, RSA - already subtitled "the security division of EMC" - could have taken on a very different shape.

Just how different will depend, in part, on how EMC opts to deal with the various businesses and products it has acquired, as well as how the security industry shapes up.

The industry has already seen significant consolidation, with IBM buying ISS and most recently, BT buying Counterpane. The difference is that companies such as IBM and BT are, or want to be, broad-scale IT vendors and integrators. Although EMC has broadened its product range significantly and has a strong track record of managing acquisitions, it is a long way from offering end-to-end systems in the manner of IBM.

According to Thomas Raschke, an analyst at Forrester Research, the "quick win" for EMC from buying RSA is the ability to offer storage and encryption as one package.

The bigger picture

Whether RSA customers will benefit from the deal could depend largely on whether they are also customers of EMC. Art Coviello, RSA's president and now also an executive VP of EMC, points out that many customers do fall into both camps, especially in markets such as financial services.

"Fortunately the financial services sector, which is our biggest for our customer facing technology, is also a strong market for EMC," he says. "Once you have made the connection and reassured the financial services customers that we have a charter to continue to develop the security franchise independently of EMC, and they can see the benefit of our technology being embedded in EMC's technology, they are quite positive."

Coviello, though, still appears anxious to reassure CIOs who have invested in RSA technologies and tools that their investment will be protected. EMC seems happy to give RSA a high degree of autonomy, and the company has a track record in letting its acquisitions largely run themselves.

"One reason EMC has been successful [in acquisitions] is that their first objective is that they do no harm to the business," Coviello suggests.

"Joe [Tucci, EMC CEO] wants to make sure we create the EMC effect of getting leverage and potentially increasing our growth rate. But equally important is the technology integration. There is value add on both sides: we are adding value to EMC's products and solutions with our technology, they are adding value to us with their financial strength."

There is no doubt that RSA will benefit from the scale and financial might of EMC. Joining part of a wider group could also help RSA extract the benefits from its own recent acquisitions, such as Cyota and PassMark: Gartner suggests that the deals have proved to be integration challenges for RSA.

But more fundamental question marks remain over the technology and product strategy for RSA as part of EMC.

Where will RSA fit in enterpise security plans

"If a substantial part of our revenue is in our authentication solutions, and that includes the consumer ones, and you want to grow our business, then clearly you are going to enable the division that is having that success to continue to develop and grow," says Coviello. "My mandate from Joe [Tucci] is to continue the vision I have, but also expand the vision I have."

But on the floor of the RSA Conference in Nice, that was a message that was greeted with some scepticism by some RSA customers.

In the medium term, analysts also question whether RSA will continue to invest in technologies that do not directly complement EMC's offerings.

Gartner is advising customers to revisit competitors' products, at the very least at the next technology refresh; Forrester expects some parts of RSA to be spun out.

"In the long term I believe most of the vertically-focused parts of RSA could be spun off," says Raschke. "However, banks are always a lucrative market for security. If EMC can make good money with this they will continue to offer it."