EMC’s ‘blinged up’ RSA buy provokes mixed reactions

The acquisition doesn't fit EMC's normal pattern, but is a good move, says Paul F Roberts

Joe Tucci, EMC’s chief EXECUTIVE, likes to describe his company’s acquisition strategy as a “string of pearls” approach, focusing on small buys of top-notch technology such as Documentum, VMware and Captiva.

It’s a quaint image, evoking gifts handed from doting mums and dads to their daughters. So you can imagine the outrage felt by all those mums and dads at the big Wall Street firms when Tucci blinged up his tasteful little necklace with a walnut-sized pearl in the form of RSA Security, maker of encryption and authentication technology, at a cost of more than US$2 billion (NZ$3.2 billion).

The Street hasn’t quite forgiven Tucci. In the days that followed the June 29 announcement, traders drove EMC’s shares down almost 3% while analysts from Bank of America, AG Edwards and other firms beat-up on execs from EMC, accusing the company of drifting away from its core business and paying too much for RSA.

That line of criticism recalls Woody Allen’s famous joke about the food they serve at resorts in the Catskills: “It tastes terrible ... And such small portions!” True, US$2 billion is a lot for a company that earned just over US$5 million, on US$87 million in revenue, last quarter. EMC had to beat out at least one other company to win RSA, though — Symantec was rumoured to be a suitor, as was Hewlett-Packard.

However, away from Wall Street, executives and industry experts say EMC may be on to something with this buy.

First of all, Wall Street guys are too focused on numbers and might not appreciate how far the storage business has shifted toward holistic “information management”, says Rob Sadowski, EMC’s senior marketing manager.

There is more here than just data encryption and password management; the bigger picture on EMC-RSA includes nascent architectures for linking security services offered by both companies. EMC and RSA have been building their own version of such an architecture. EMC calls its the Common Security Platform or CSP. RSA calls its version the Identity Management System or IMS.

In the combined company, these efforts can be merged. Rolling IMS into CSP will save EMC engineers the trouble of building an identity management architecture of their own. This, in turn, will give EMC a head-start on creating a common set of security services across their products, Sadowski says.

CSP could turn into a framework that other vendors must write to, and extend the company’s reach into the enterprise, says Jon Oltsik of the Enterprise Strategy Group.

Oltsik admits that buying RSA may have more “strategic” than tactical value for EMC. (Translation: don’t expect them to cash in anytime soon). However, that doesn’t mean it was a bad move. Besides, EMC has a way of whipping laggard acquisitions into shape.