PGP Corporation - Library

Buying into a Culture of Security
30 June, 2006

The merger wave of 2006 hit the IT security sector yesterday with the announcement that EMC would acquire RSA Security for $2.1 billion. Although it was a notable deal in terms of the price paid, it's even more important for what it says about the way the IT industry is evolving. As Joe Tucci, EMC's CEO stated when he announced the acquisition; this is a space that is "incredibly hot. There were other companies that noticed this." Tucci also noted that it was, "a very competitive situation."

EMC is to be commended for recognizing that protecting and defending its storage franchise requires that it have access to world-class security technology and talent. The press reaction to the deal has been consistently positive. As Lawrence Walsh of VARBusiness stated in his blog, "Storage and security are increasingly inseparable, since data is more vulnerable when it's at rest than at any point in its lifecycle."

Wall Street's reaction has been mixed in that some investors seem to believe EMC may be overpaying a bit, but as the company indicated, it was a competitive deal. Regardless of what the trade press and Wall Street think, it is EMC's customers that will get the last word on this merger. As in any merger of this size, we won't know if this merger actually benefits customers for a couple of years, but if I had to guess, I'd say it will be a huge win.

The reason I think the EMC-RSA combination is good for customers has less to do with EMC's ability to leverage the technology and talent it's acquired than the cultural impact RSA will have on EMC. Having worked in many different technology companies in my career and having run PGP (twice), I can state that security companies are fundamentally different beasts than other types of software companies. Designing and implementing secure software is to general software development what building tanks is to manufacturing passenger cars. Building world-class security systems requires you build a team of designers, coders, testers, support engineers, marketers, and even sales people that eat, sleep, and think security 24x7. I have no doubt that RSA will infuse EMC with the cultural values that have made it a success. I predict EMC will benefit greatly from this fresh perspective and, over time, so will its customers.

The acquisition of RSA by the leading data storage company is also conclusive proof of the premise under which we restarted PGP Corporation 4 years ago. In order for enterprises to operate in the Internet age, all confidential information must be secured at all times--in motion and at rest. Although there are numerous products available from us and other vendors that secure information in email, file transfers, and on user's systems, the options to secure the gigabytes of corporate data now found in server farms is somewhat limited.

It's no longer enough for enterprises to simply store and transport information quickly and reliably. Both private and public sector enterprises must now consider the security implications of all their systems. In an era in which all information is digital and identity theft one of the world's fastest-growing industries, enterprises must be able to prove to customers, partners, and regulatory authorities that they are using all reasonable care in handling confidential information. The EMC acquisition of RSA Security is only the latest event in the IT industry highlighting this new requirement.

- Phil

Related Links
Forbes EMC

		/ Home / Newsroom / CEO Blog / Buying into a Culture of Security

Newsroom Media Releases In The News Awards & Reviews Events Article Reprints CEO Blog Current Archives CTO Corner Executive Briefs Government Regulations Webcasts Newsletter		Subscribe to CEO Blog via RSS. Buying into a Culture of Security 30 June, 2006 The merger wave of 2006 hit the IT security sector yesterday with the announcement that EMC would acquire RSA Security for $2.1 billion. Although it was a notable deal in terms of the price paid, it's even more important for what it says about the way the IT industry is evolving. As Joe Tucci, EMC's CEO stated when he announced the acquisition; this is a space that is "incredibly hot. There were other companies that noticed this." Tucci also noted that it was, "a very competitive situation." EMC is to be commended for recognizing that protecting and defending its storage franchise requires that it have access to world-class security technology and talent. The press reaction to the deal has been consistently positive. As Lawrence Walsh of VARBusiness stated in his blog, "Storage and security are increasingly inseparable, since data is more vulnerable when it's at rest than at any point in its lifecycle." Wall Street's reaction has been mixed in that some investors seem to believe EMC may be overpaying a bit, but as the company indicated, it was a competitive deal. Regardless of what the trade press and Wall Street think, it is EMC's customers that will get the last word on this merger. As in any merger of this size, we won't know if this merger actually benefits customers for a couple of years, but if I had to guess, I'd say it will be a huge win. The reason I think the EMC-RSA combination is good for customers has less to do with EMC's ability to leverage the technology and talent it's acquired than the cultural impact RSA will have on EMC. Having worked in many different technology companies in my career and having run PGP (twice), I can state that security companies are fundamentally different beasts than other types of software companies. Designing and implementing secure software is to general software development what building tanks is to manufacturing passenger cars. Building world-class security systems requires you build a team of designers, coders, testers, support engineers, marketers, and even sales people that eat, sleep, and think security 24x7. I have no doubt that RSA will infuse EMC with the cultural values that have made it a success. I predict EMC will benefit greatly from this fresh perspective and, over time, so will its customers. The acquisition of RSA by the leading data storage company is also conclusive proof of the premise under which we restarted PGP Corporation 4 years ago. In order for enterprises to operate in the Internet age, all confidential information must be secured at all times--in motion and at rest. Although there are numerous products available from us and other vendors that secure information in email, file transfers, and on user's systems, the options to secure the gigabytes of corporate data now found in server farms is somewhat limited. It's no longer enough for enterprises to simply store and transport information quickly and reliably. Both private and public sector enterprises must now consider the security implications of all their systems. In an era in which all information is digital and identity theft one of the world's fastest-growing industries, enterprises must be able to prove to customers, partners, and regulatory authorities that they are using all reasonable care in handling confidential information. The EMC acquisition of RSA Security is only the latest event in the IT industry highlighting this new requirement. - Phil Related Links Forbes EMC