When storage and security come together

EMC's US$2.1 billion planned purchase of identity management and encryption specialist RSA, adds to growing wave of consolidation between data storage and security.

EMC's purchase of RSA Security is the latest in the wave of data storage companies tying the knot with security vendors, a trend that signals the two technologies are increasingly becoming inseparable.

Last month, EMC announced plans to buy the identity management specialist for US$2.1 billion. This follows the data storage giant's acquisition of e-mail security company Authentica for an undisclosed sum in March.

Just last year, Network Appliance bought security appliance company Decru, while Symantec completed its US$10.5 billion mega-merger with storage management software vendor Veritas in July 2005.

These corporate marriages hint that security is now seen as an integral part of storage management and forms a big part of a storage vendor's game plan.

In an e-mail response to the acquisition, Eric Hoh, Symantec's Asia South vice president, said the union "is the latest in a string of acquisitions in the industry". Hoh added that this trend validates customer demand for integrated solutions which can help address both the security and availability in their IT environment.

"It was this customer demand that Symantec recognized early on, and that drove the merger with Veritas nearly a year ago," he said.

Graham Penn, associate vice president at IDC Asia-Pacific's storage division, noted that the most recent acquisition extends EMC's interest in security, and follows its smaller acquisitions of ProActivity, Captiva, nLayers, Kashya and Internosos.

Penn said: "You may note that EMC missed out on the acquisition of Decru so it now has to license the Decru technology, rather than own it." As a result, EMC had to ensure that RSA did not fall to a competitor, the analyst noted.

RSA is most known for its SecurID multifactor authentication tokens, used to log into a network or get into a building. It also provides access control and encryption technology.

On criticism that EMC could have overpaid for RSA, Penn said: "It will certainly take time to directly repay the high acquisition cost."

However, Dennis Hoffman, EMC's vice president of information security, defended the purchase.

He told ZDNet Asia that information-centric security is expected to become a US$1 billion-business for EMC over the next several years, and "RSA Security is the foundation for this growth".

He added that RSA's identity and access management capabilities will be integrated across EMC's product lines as key components of the company's security platform. Its encryption and key management technologies will become the standard product for data protection within EMC, he said.

Specific timeframes and product roadmaps, however, will be announced at a later date, said Hoffman.