Nearly five years after Dell Technologies scooped up RSA's security business via its $67 billion buy of RSA's then-parent firm EMC Corp., the technology company now plans to sell RSA to a private equity firm for $2.075 billion in cash.
Dell Technologies announced today that a consortium led by Symphony Technology Group (STG), Ontario Teachers' Pension Plan Board, and AlpInvest will acquire RSA's Archer, NetWitness Platform, SecureID, and Fraud and Risk Intelligence lines, as well as the security industry's massive RSA Conference. The company did not disclose terms of the agreement.
The decision by Dell to sell RSA was not completely unexpected among industry insiders given Dell's move to go public more than a year ago. The deal with a private equity firm basically gives both Dell and RSA more room to reset and evolve their security strategies, industry expert say. Private equity firms increasingly are setting their sights on the security industry due to its rapid and steady growth.
"I don't think RSA was well-aligned with Dell's go-forward strategy for investment," says Amit Yoran, who served as president of RSA from 2014 to 2016 and is now chairman and CEO of Tenable. "We'll see what private equity ownership means for RSA and what their plans are for the future."
Chenxi Wang, founder and general partner with Rain Capital, says Dell likely was under pressure as a publicly traded firm to trim down debt.
"Dell's vision is to be a provider of a broad swath of technology and services, from PCs, to storage, to software, to information security. RSA would have been a nice slice in that strategy, except that the RSA division has not been a fast-growing business for the Dell empire," she says. "The Dell board is probably asking the executives to concentrate its efforts and to shed low-performing businesses."
Dell Technologies still holds a solid stake in the security sector with its managed security services arm Secureworks, as well as its VMware operation's recent acquisition of endpoint protection firm Carbon Black.
Dell Technologies COO and vice chairman Jeff Clarke called the deal "the right long-term strategy" for both Dell and RSA, as well as their customers and partners.
"The transaction will further simplify our business and product portfolio. It also allows Dell Technologies to focus on our strategy to build automated and intelligent security into infrastructure, platforms and devices to keep data safe, protected and resilient," Clarke said in a statement.
Rohit Ghai, president of RSA, lauded the STG deal as providing the company "with a more independent configuration" to evolve.
"In determining the best way to support our customers' digital journeys, we sought a partner that was enthusiastic about RSA's mission, committed to our customer and partner base, and interested in unleashing the power of our talent, experience, and tremendous growth potential. Symphony Technology Group (STG) fully supports our vision," he said.
The announcement of the deal, which is scheduled to be complete within the next six to nine month, comes the week before the 2020 RSA Conference, which opens in San Francisco next week.
Dell's shedding of RSA basically closes a chapter in the EMC saga as well.
"This acquisition represents the end of an era. At one time it was thought that data center vendors should have a security arm. That concept appeared with Symantec acquiring Veritas and EMC acquiring RSA+SecurID, which it used to form the security division of EMC," says Richard Stiennon, chief research analyst at IT-Harvest. "Most of us expected Dell to spin RSA off with the acquisition of EMC. Apparently it just took longer for Dell to realize that the fast pace of innovation in the security space does not jibe with the slow and steady pace of data center and hardware vendors."
Private Equity for the Win
Private equity firms such as Thoma Bravo, Vista, IntSight, and TPG all have acquired security companies in the past few years, a trend driven by the high growth in that market as well as the ballooning size of the deals, notes Rain Capital's Wang. Private equity firms typically hold a company for 18 months, during which time they double down on efficiencies and then bundle a few companies together and spin them off in an even more lucrative deal, she explains.
"Cyber seems to be a great market for that – many small firms provide niche capabilities, combining them into a broad offering is what the market wants," Wang says. "As M&A deals get larger, it's becoming difficult for broad tech firms to continue to execute the type of deals that are expected by the market."
Enter the private equity investors, a trend Wang expects to continue in security.
Private equity firms provide an alternative way for retooling and reinvigorating firms, notes Brian Reed, senior research director at Gartner. "Private equity firms come up with interesting ways to increase a product life cycle and help reduce the amount of time it takes companies to recover from [things like] product roadmap stagnation," Reed says. The deal gives RSA more freedom and breathing room to work on its product roadmap, he says.
"There are bigger things going on with Dell at the moment from a macro standpoint and outside of security," Reed says. "This is one of those instances where private equity coming in will be a good thing in the medium and long term and allows Dell to get a reset."