Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:00 PM
Connect Directly

Dell Sells RSA to Private Equity Firm for $2.1B

Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.

Nearly five years after Dell Technologies scooped up RSA's security business via its $67 billion buy of RSA's then-parent firm EMC Corp., the technology company now plans to sell RSA to a private equity firm for $2.075 billion in cash.

Dell Technologies announced today that a consortium led by Symphony Technology Group (STG), Ontario Teachers' Pension Plan Board, and AlpInvest will acquire RSA's Archer, NetWitness Platform, SecureID, and Fraud and Risk Intelligence lines, as well as the security industry's massive RSA Conference. The company did not disclose terms of the agreement.

The decision by Dell to sell RSA was not completely unexpected among industry insiders given Dell's move to go public more than a year ago. The deal with a private equity firm basically gives both Dell and RSA more room to reset and evolve their security strategies, industry expert say. Private equity firms increasingly are setting their sights on the security industry due to its rapid and steady growth.

"I don't think RSA was well-aligned with Dell's go-forward strategy for investment," says Amit Yoran, who served as president of RSA from 2014 to 2016 and is now chairman and CEO of Tenable. "We'll see what private equity ownership means for RSA and what their plans are for the future."

Chenxi Wang, founder and general partner with Rain Capital, says Dell likely was under pressure as a publicly traded firm to trim down debt.

"Dell's vision is to be a provider of a broad swath of technology and services, from PCs, to storage, to software, to information security. RSA would have been a nice slice in that strategy, except that the RSA division has not been a fast-growing business for the Dell empire," she says. "The Dell board is probably asking the executives to concentrate its efforts and to shed low-performing businesses."

Dell Technologies still holds a solid stake in the security sector with its managed security services arm Secureworks, as well as its VMware operation's recent acquisition of endpoint protection firm Carbon Black.

Dell Technologies COO and vice chairman Jeff Clarke called the deal "the right long-term strategy" for both Dell and RSA, as well as their customers and partners.

"The transaction will further simplify our business and product portfolio. It also allows Dell Technologies to focus on our strategy to build automated and intelligent security into infrastructure, platforms and devices to keep data safe, protected and resilient," Clarke said in a statement.

Rohit Ghai, president of RSA, lauded the STG deal as providing the company "with a more independent configuration" to evolve.

"In determining the best way to support our customers' digital journeys, we sought a partner that was enthusiastic about RSA's mission, committed to our customer and partner base, and interested in unleashing the power of our talent, experience, and tremendous growth potential. Symphony Technology Group (STG) fully supports our vision," he said.

The announcement of the deal, which is scheduled to be complete within the next six to nine month, comes the week before the 2020 RSA Conference, which opens in San Francisco next week.

Dell's shedding of RSA basically closes a chapter in the EMC saga as well.

"This acquisition represents the end of an era. At one time it was thought that data center vendors should have a security arm. That concept appeared with Symantec acquiring Veritas and EMC acquiring RSA+SecurID, which it used to form the security division of EMC," says Richard Stiennon, chief research analyst at IT-Harvest. "Most of us expected Dell to spin RSA off with the acquisition of EMC. Apparently it just took longer for Dell to realize that the fast pace of innovation in the security space does not jibe with the slow and steady pace of data center and hardware vendors."

Private Equity for the Win
Private equity firms such as Thoma Bravo, Vista, IntSight, and TPG all have acquired security companies in the past few years, a trend driven by the high growth in that market as well as the ballooning size of the deals, notes Rain Capital's Wang. Private equity firms typically hold a company for 18 months, during which time they double down on efficiencies and then bundle a few companies together and spin them off in an even more lucrative deal, she explains.

"Cyber seems to be a great market for that – many small firms provide niche capabilities, combining them into a broad offering is what the market wants," Wang says. "As M&A deals get larger, it's becoming difficult for broad tech firms to continue to execute the type of deals that are expected by the market."

Enter the private equity investors, a trend Wang expects to continue in security.

Private equity firms provide an alternative way for retooling and reinvigorating firms, notes Brian Reed, senior research director at Gartner. "Private equity firms come up with interesting ways to increase a product life cycle and help reduce the amount of time it takes companies to recover from [things like] product roadmap stagnation," Reed says. The deal gives RSA more freedom and breathing room to work on its product roadmap, he says.

"There are bigger things going on with Dell at the moment from a macro standpoint and outside of security," Reed says. "This is one of those instances where private equity coming in will be a good thing in the medium and long term and allows Dell to get a reset."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "8 Things Users Do That Make Security Pros Miserable."
Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...