Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:30 AM

Users Welcome Super-Deal

EMC's RSA acquisition appears to resonate well with IT pros

Users' desire to lock down their storage systems prompted EMC to throw down more than $2 billion for RSA security last night, according to the vendor's CEO Joe Tucci. (See EMC Buys RSA, and EMC's Blockbuster.)

"Customers are demanding that we do this -- they want the security built in, not bolted on," Tucci said on a conference call last night.

At a grass-roots level, some initial response appears to confirm Tucci's talk. "The integration of security management in hardware, as opposed to a plug-in, is a good move," said Sanin Rahman, a member of the South East EMC Documentum User Group (SEDUG).

Rahman, who is also a software engineer at Marietta, Georgia-based content management consulting firm Armedia, explained that security add-ons are often a pain-point for users. "Oftentimes you have all these different components that come together, and they are not always compatible," he said. "They don't work as they are supposed to."

Another user also thinks the merger is a great idea. Rafael Rodriguez, acting CIO of Durham, North Carolina-based Duke University Medical Center, which relies on EMC hardware to support its SAP system, was not at all surprised by the RSA acquisition. "It does seem to make sense," he told Byte and Switch. "Obviously, with financial and healthcare institutions, something that we're always concerned about is protecting the confidentiality of the data."

That users want to see a storage/security combo was underscored in a research note released last night, in which A.G. Edwards enterprise storage analyst Aaron Rakers said that the market is eager for joint EMC/RSA products. "Investors will want to focus on the company’s ability to bring an increasingly integrated product portfolio to the market," he explained.

Identity management will feature prominently in any integration. Art Coviello, the former RSA CEO, who will now head up EMC's new Information Security Division, explained on last night's call that his firm has been working to develop a common identity management platform stretching across different technologies, such as servers.

This initiative, predicted Coviello, will give EMC a substantial "leg up" in the identity management space. "There's more and more of a demand, from CIOs to crunch technologies, to buy from a single vendor," he added.

Charles King, principal analyst at Pund-IT research, agrees that the acquisition could spell good news for users. In a note released today, King highlighted the recent theft of a Veterans' Administration (VA) laptop as evidence of the need to combine storage and security. (See VA Reports Massive Data Theft.)

Despite the laptop's reappearance this week, the VA fiasco is just the latest in a string of data security snafus that have dogged U.S. organizations over the last few years. (See Breaches Stress Need to Improve, IT Managers Walk Tape Tightrope, Financial Security: Priceless, Don't Be a Data Privacy Dunce, and CardSystems Responds to Security Incident.)

King feels that there is no guarantee of success for EMC's RSA mega-merger. "Every corporate acquisition contains caveats, and this one is no different," he said. "While the two companies complement each other technologically and strategically, how they fit culturally might throw as yet unseen obstacles into their path."

The analyst warned that cultural misalignments have already created problems in other multi-billion-dollar deals, such as HP's acquisition of Compaq, although he feels that EMC's integration of VMware and Documentum have proved more successful. (See EMC Gobbles VMware and EMC Cops Documentum.)

EMC management believes strongly enough in demand for security products that it paid an enormous price for RSA, fearing others might get to the security supplier if EMC did not. CEO Tucci, in response to a question from an analyst, confirmed that RSA could easily have been snapped up by one of EMC's competitors. "RSA wasn't going to be around," he explained, adding that other suitors may not have wanted to share RSA's technology with EMC.

Yesterday, prior to announcing the deal, RSA confirmed that it was in discussion with a number of interested parties, although the vendor did not reveal their identities. (See EMC Secures RSA for $2.1B.)

— James Rogers, Senior Editor, Byte and Switch

  • A.G. Edwards
  • EMC Corp. (NYSE: EMC)
  • Hewlett-Packard Co. (NYSE: HPQ)
  • Pund-IT Inc.
  • RSA Security Inc. (Nasdaq: EMC)
  • SAP AG (NYSE/Frankfurt: SAP)


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/9/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
    Jai Vijayan, Contributing Writer,  7/10/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-10
    Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
    PUBLISHED: 2020-07-10
    In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
    PUBLISHED: 2020-07-10
    Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
    PUBLISHED: 2020-07-10
    osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
    PUBLISHED: 2020-07-10
    An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...