“I am trading nine members of the board for a CEO”

It was in the offing was sometime. A lot of people in the Silicon Valley were speculating about the future of RSA Security, while many concurred that it would be bought out, not many could guess by whom. All the speculation culminated with EMC’s announcement. EMC acquired RSA for some $2.1 billion, but it is not the first one to have courted RSA. Founded in 1986, RSA was first acquired by Security Dynamics in 1996, exactly a decade earlier.

RSA has been a pioneer in the encryption industry in true sense of the term with a long history to boot. Barely a year after Bailey Whitfield Diffie and Martin Hellman published their path breaking paper on encryption, “New Directions in Cryptography” in 1976; three mathematicians at the Massachusetts Institute of Technology came up with an elegant solution on public key encryption. The three gentlemen were Ron Rivest, Adi Shamir and Leonard Adleman. Subsequently, the three filed for a patent on public key system and formed a company, naming it after the first letters from their last names. And thus RSA Data Security was born.

Over the years, RSA became synonymous with encryption and as the Internet spread globally so did RSA’s power and dominion. The company generated revenues in range of $310 million last fiscal year and much of the credit goes to Arthur W Coviello, Jr., president and CEO, RSA Security. Coviello has been with the company for over a decade and has been instrumental in turning the fortunes of the company.

With its merger into EMC, Coviello is slated to head the new-formed security division and also perform the role of executive vice president at EMC. He had recently come down to India for a company event and spoke to at length to Shashwat Chaturvedi from Cyber Media News, on the issues of merger and the future of online security industry. Excerpts.

Your views on marriage of storage and software.

IT infrastructure and security have always been entwined with each other, though the way security was perceived and provided has changed dramatically over the years. A decade over so ago, security was bolted on top of the IT infrastructure. With the sophistication of attacks faced by an enterprise, there has been a steady shift to in-built security. Of late there has been a number of mergers of storage and software companies. It goes on to prove that the so-called marriage (between storage and software) is proceeding quite well.

Is there a feeling that stand-alone security companies cannot make it all alone?

Not necessarily. I believe that stand-alone security companies have a great future for a long time to come. We could have continued to stay independent and could have grown fairly well. Proverbially speaking, we could have threaded the needle on our own, so as to say. But we opted for faster growth, with EMC financial muscle behind us, we can accomplish results much quicker.

How is the integration with EMC proceeding?

The merger has just been completed on Friday (September 15). I do not anticipate much issues with the processes as we have acquired quite a few companies in past and so has EMC. The deal has been well laid out, RSA will continue to have a level of independence within EMC and we will add value to the offerings of EMC. Rest, will be much the same, in a sense, I am trading nine members of the board for a CEO (Joe Tucci, CEO, EMC)

How will your acquisition by EMC affect your standing in the market?

The security division (RSA) will accrue to EMC. We will work closely with RSA and service all their clients. Thus, we gain a better reach globally with EMC.

The deal seems to be a perfect fit for EMC, what does it have for you?

There is a lot of value add by both EMC and RSA to each other. No successful M&A can be one-sided, both partners need to add value. With EMC behind us, we expect much greater gains in terms of customer acquisitions and better access to markets. Also, EMC will add its expertise in the ILM (information life-cycle management) space, we both can do a better job in it. So there is tech get and tech give. Finally, the culture fit is pretty good too. EMC is also a result-oriented company, with a history of innovation, quite like RSA. Thus we are very much culturally compatible.

Security concerns on the online space? There is a general feeling that protection against virus attacks is all that is to online security?

With the explosion of e-commerce, the threats to enterprises have become quite significant. Of all the millions of Internet users, only a small percentage of them regularly update their operating systems or their anti-viruses. Most companies now have a customer face (online), and they are not very confident about the kind of security provided by the piece-meal solutions. As the threats have evolved and attacks have become more sophisticated, so does the security need to evolve and become more dynamic. The challenge is to provide a solution that is both comprehensive and cost-effective. The market for such solutions is pretty big. Take the instance of SecureID tokens; we have sold more than 20 million such tokens. They have been a lot of demand for them, and we expect to have around 100 million consumers for our array of authentication solutions by the end of the year.

What are the emerging trends in the cyber security space?

The latest technology in the space is risk-based authentication. It combines pattern-based behavior of a user with the IP address. For instance, a user that tends to pay bills online from a same computer for a long time does not raise doubts if he continues to do the same. But if there is a sudden wire-transfer of a few millions to say Latvia, now that should raise a few eyebrows. The system is based on a score kind of a thing, where a pattern of behavior is established and consumer is identified in a way.

The other emerging trend is to extend security to other elements of information life cycle. There is an attempt to secure points along the way, from the storage to the database, etc. But all this is done in seamlessly transparent and unobtrusive ways, the customers are more aware of security concerns and appreciate the efforts made to safeguard all the access points.

How is the online security space evolving in India?

Currently, the security market in India is not pretty large, due to low Internet penetration. But things are changing dramatically; the risks concerns are pretty much universally applicable. Every organization needs to evaluate their strategies based on the three factors, namely, risk, convenience and cost. Currently the risk is lower (in India) and hence the market is smaller. While, the Indian market is smaller than the Australian one, the big difference is that the Australian market is finite, the opportunities are incredible in India. As the domestic markets expand, so will the threats, and the types of attacks seen in the western markets will quickly come to India. But, India has the added advantage to learn from the best practices and in way leapfrog over other players in terms of tech up-take.

Are you also looking at India for development work?

We have a long-standing relationship with India for quite some years. MphasiS BFL developed a few of our consumer facing applications in the past. And HCL has worked on most of all are products like digital certificate server. We also have a captive center in India and are expanding our facilities. Currently there are some 50 people, and we hope to have around 200 by next year. Our association with HCL will continue to be strong in the future. We also intend to provide local support to our customers in India in the days to come.

What about EMC in India?

Again, EMC is doing pretty good in India and their development center is right next to ours in Bangalore. So no problems on that front as well.

What is your take on the e-governance space, a lot of the governments are going online with their services and providing information, what are the unique concerns?

Indeed the concerns are pretty significant. Most of the significant data security breaches recently in the U.S. have been at administrative websites, for instance the state motor vehicle database or some college or university database. It is incumbent upon the government and the private parties to provide secure communication channel to the users. After all, good security measures will instill confidence in the users and lead to an increase in number of people using them.

Finally, what is your personal take on the acquisition?

On a personal level, I would have preferred to continue as an independent entity. But I also have a fiduciary duty towards my investors and stockholders, to ensure better returns on their investments. I am sure with this deal in place, the employees and customers will prosper.

© CyberMedia News