McAfee overpaid big time for SafeBoot

While we East Coast folks celebrated Columbus Day, McAfee announced its acquisition of privately held SafeBoot for $350 million. SafeBoot provides software for file and full disk encryption.

Now, I certainly understand the rationale behind this deal. McAfee can now bundle encryption software into its PC security software and integrate key management into its ePolicy Orchestrator (ePO). We saw this same market consolidation pattern a few years ago with antispyware, which went from a stand-alone product to an integrated feature in endpoint security suites. In that transition, CA bought antispyware vendor Pest Patrol, while Microsoft grabbed Giant. Obviously, the same type of market dynamics are at work here.

What makes no sense at all to me, however, is the price tag. Three hundred and fifty million dollars? Holy cow!

Software-based disk encryption has about two years of runway ahead of it, then the market tanks. Why? In that time frame users will opt for hard-drive-based encryption from Seagate Technology, Western Digital and the like, or it will be based upon Windows Vista BitLocker. These products will be baked into new laptops one way or the other. No encryption utilities to install, with no fuss.

My view is that the hard-drive guys win, but it's pretty certain that the software-based utilities lose, regardless. Most of these software vendors are already planning for this inevitability by developing heterogeneous key management capabilities or expanding their product focus to non-PC devices.

McAfee is selling this deal to Wall Street by saying that it bought a market leader with more than 100 million desktops under management in 20 different languages and 76 countries. OK, but who cares? McAfee brings way more brand recognition and leadership to the table than SafeBoot ever could. Any full-disk encryption software bundled into McAfee would do the job just fine. McAfee could have paid a fraction of $350 million and bought someone--Voltage, Utimaco, PC-encrypt, etc.--and gotten the same functionality. Heck, it could have used open PGP and done it for free!

In summary, I like the strategy but not the financial execution. While a few investment bankers and SafeBoot executives are laughing all the way to the bank, I can think of a half dozen companies that McAfee could have purchased that would bring in more future upside than SafeBoot.

[cwhitney01]

What's the value of 100 million desktops?

Generally agree with everything stated, but I was wondering what the value of 100 million desktops would be to McAfee if those desktops don't already have McAfee security products on them? Would be curious to know what percentage of the 100 million desktops do not currently run McAfee products, and what percentage could potentially be converted based on the acquisition and a unified management tool set. The price tag may look more reasonable (not good, but reasonable) if there is a big opportunity to grab share and increase revenue through new licenses for those seats.

[mrashley]

finally, someone makes sense

Thank you, Jon. This deal seems baffling to pay that much money. Is there something else here? I don't see it.

I blogged a bit about it too. http://mitchellashley.typepad.com/the_converging_network/2007/10/disk-encryption.html

[hsoiii-cnet]

Oltstik got it mostly wrong on the SafeBoot deal...

Clearly software based encryption is moving towards hardware and operating systems. What Oltstik completely missed was Intel's Danbury project which will move encryption into VPRO. This will make hardware based encryption a controllable service which can be used for various hardware and software calls. Who is one of the project partners on Danbury? You guessed it - SafeBoot. Although software based encryption is going away - somebody has to manage all of those encryption keys. SafeBoot is well positioned to provide this capability with their management architecture. Lastly, with the encryption market shifting revenue generation from the client sided to server sided model, look at SafeBoot's market position (large fortune 500 and government sales) and McAfee's business model. They compliment each other and McAfee will be in a good position to expand key management as client sided encryption moves away from software to hardware. Whether $350M was too much, we'll see...

[djlarson2]

Well, nearly two years have passed and the market has proven you wrong. BitLocker has had zero traction. PointSec is basically dead after their disastrous acquisition. Symantec has partnered with Guardian Edge, but stopped short of acquiring them. Pre-encrypted drives do exist, and McAfee will be managing them with ePO (http://www.seagate.com/ww/v/index.jsp?locale=en-US&name=null&vgnextoid=eac9eedc1278d110VgnVCM100000f5ee0a0aRCRD). And oh by the way, McAfee managed to continue double-digit growth in 2008 while everybody else tanked (thanks in large part to SafeBoot becoming its #3 best selling product).

[Rock_Pool]

I say McAfee got away with murder here - $350 for the most popular and highest regarded product in the market? A steal indeed.