Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/18/2020
04:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Dell Sells RSA to Private Equity Firm for $2.1B

Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.

Nearly five years after Dell Technologies scooped up RSA's security business via its $67 billion buy of RSA's then-parent firm EMC Corp., the technology company now plans to sell RSA to a private equity firm for $2.075 billion in cash.

Dell Technologies announced today that a consortium led by Symphony Technology Group (STG), Ontario Teachers' Pension Plan Board, and AlpInvest will acquire RSA's Archer, NetWitness Platform, SecureID, and Fraud and Risk Intelligence lines, as well as the security industry's massive RSA Conference. The company did not disclose terms of the agreement.

The decision by Dell to sell RSA was not completely unexpected among industry insiders given Dell's move to go public more than a year ago. The deal with a private equity firm basically gives both Dell and RSA more room to reset and evolve their security strategies, industry expert say. Private equity firms increasingly are setting their sights on the security industry due to its rapid and steady growth.

"I don't think RSA was well-aligned with Dell's go-forward strategy for investment," says Amit Yoran, who served as president of RSA from 2014 to 2016 and is now chairman and CEO of Tenable. "We'll see what private equity ownership means for RSA and what their plans are for the future."

Chenxi Wang, founder and general partner with Rain Capital, says Dell likely was under pressure as a publicly traded firm to trim down debt.

"Dell's vision is to be a provider of a broad swath of technology and services, from PCs, to storage, to software, to information security. RSA would have been a nice slice in that strategy, except that the RSA division has not been a fast-growing business for the Dell empire," she says. "The Dell board is probably asking the executives to concentrate its efforts and to shed low-performing businesses."

Dell Technologies still holds a solid stake in the security sector with its managed security services arm Secureworks, as well as its VMware operation's recent acquisition of endpoint protection firm Carbon Black.

Dell Technologies COO and vice chairman Jeff Clarke called the deal "the right long-term strategy" for both Dell and RSA, as well as their customers and partners.

"The transaction will further simplify our business and product portfolio. It also allows Dell Technologies to focus on our strategy to build automated and intelligent security into infrastructure, platforms and devices to keep data safe, protected and resilient," Clarke said in a statement.

Rohit Ghai, president of RSA, lauded the STG deal as providing the company "with a more independent configuration" to evolve.

"In determining the best way to support our customers' digital journeys, we sought a partner that was enthusiastic about RSA's mission, committed to our customer and partner base, and interested in unleashing the power of our talent, experience, and tremendous growth potential. Symphony Technology Group (STG) fully supports our vision," he said.

The announcement of the deal, which is scheduled to be complete within the next six to nine month, comes the week before the 2020 RSA Conference, which opens in San Francisco next week.

Dell's shedding of RSA basically closes a chapter in the EMC saga as well.

"This acquisition represents the end of an era. At one time it was thought that data center vendors should have a security arm. That concept appeared with Symantec acquiring Veritas and EMC acquiring RSA+SecurID, which it used to form the security division of EMC," says Richard Stiennon, chief research analyst at IT-Harvest. "Most of us expected Dell to spin RSA off with the acquisition of EMC. Apparently it just took longer for Dell to realize that the fast pace of innovation in the security space does not jibe with the slow and steady pace of data center and hardware vendors."

Private Equity for the Win
Private equity firms such as Thoma Bravo, Vista, IntSight, and TPG all have acquired security companies in the past few years, a trend driven by the high growth in that market as well as the ballooning size of the deals, notes Rain Capital's Wang. Private equity firms typically hold a company for 18 months, during which time they double down on efficiencies and then bundle a few companies together and spin them off in an even more lucrative deal, she explains.

"Cyber seems to be a great market for that – many small firms provide niche capabilities, combining them into a broad offering is what the market wants," Wang says. "As M&A deals get larger, it's becoming difficult for broad tech firms to continue to execute the type of deals that are expected by the market."

Enter the private equity investors, a trend Wang expects to continue in security.

Private equity firms provide an alternative way for retooling and reinvigorating firms, notes Brian Reed, senior research director at Gartner. "Private equity firms come up with interesting ways to increase a product life cycle and help reduce the amount of time it takes companies to recover from [things like] product roadmap stagnation," Reed says. The deal gives RSA more freedom and breathing room to work on its product roadmap, he says.

"There are bigger things going on with Dell at the moment from a macro standpoint and outside of security," Reed says. "This is one of those instances where private equity coming in will be a good thing in the medium and long term and allows Dell to get a reset."

Related Content:

 
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "8 Things Users Do That Make Security Pros Miserable."
 
Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8004
PUBLISHED: 2020-04-06
STMicroelectronics STM32F1 devices have Incorrect Access Control.
CVE-2020-7631
PUBLISHED: 2020-04-06
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.
CVE-2020-7632
PUBLISHED: 2020-04-06
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7633
PUBLISHED: 2020-04-06
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.
CVE-2020-7634
PUBLISHED: 2020-04-06
heroku-addonpool through 0.1.15 is vulnerable to Command Injection.