EMC Secures Verid

EMC has bought identity management startup Verid for an undisclosed fee, attempting to add an additional layer of security to its RSA product line. (See EMC Buys Verid and EMC's World.)

The deal is the latest in a string of security acquisitions from EMC, although it is unlikely that the fee matched the $175 million paid last fall for Network Intelligence, which boasted 700 customers and $25 million in funding. (See EMC Pockets Network Intelligence.)

In contrast, Verid has around 130 customers, and just over $20 million in funding, although the Fort Lauderdale, Fla.-based firm lists financial services giant Vanguard amongst its clients. (See Verid Secures $13.2 Million.)

Verid, which offers a managed service built around its own authentication software, will be added to the portfolio of RSA, EMC's security unit. The startup checks whether users of online banking or e-commerce sites are who they say they are. (See EMC Secures RSA for $2.1B and Execs Concerned About Data Loss.)

In a nutshell, Verid links up with its customers' Web portals to verify end-user details, which are transferred via encrypted HTTPS links. Rather than the traditional approach of relying on usernames and passwords, Verid also asks its clients' customers a series of questions.

RSA spokesman Matt Buckley told Byte and Switch that the startup's 43-strong workforce, including CEO Kevin Watson, will be staying with the firm. "Those employees, and the management team, will be moving over to EMC [where] they will be integrated into RSA."

At least for the time being, it seems that Verid's Fla.-based headquarters is secure. "There's no plans to change anything with regard to facilities or staffing," says Buckley.

The startup will function as a separate product line within RSA for at least the remainder of 2007, with Watson continuing to head the business, reporting directly to Christopher Young, vice president of consumer and access solutions at RSA.

Today's deal isn't exactly a bolt out of the blue. Last September Verid signed a deal to integrate its technology into RSA's Adaptive Authentication platform as part of a security push into the financial services arena.

At least one analyst told Byte and Switch that the move reflects CIOs' paranoia about data loss, particularly in banking. "There's a lot of pressure on financial services firms to expand what they consider to be strong authentication," said Scott Crawford, senior analyst at Enterprise Management Associates (EMA), adding that Verid will be complimentary to RSA's existing Cyota and Passmark authentication technologies. (See RSA to Acquire Cyota, RSA Touts Achievements, and RSA Announces Earnings.)

Lack of effective identity management products has already been cited as a major challenge by IT managers, with Verid coming up against credit checking firms such as Experian and Equifax, which also offer identity checking services. (See CIOs Face Identity Crisis.)

The startup initially focused on credit card fraud, although it changed tack in 2003 to focus its energies on authentication.

EMC execs promised major initiatives in areas such as security and document management at the recent EMC World event, although some users have voiced concern that the vendor could lose sight of its core storage business. (See Cisco, EMC Team on Fabric Encryption, Room for Dessert, and US MEPCOM.)

— James Rogers, Senior Editor Byte and Switch