June 30, 2006 11:04 AM PDT
Perspective: EMC's security play to set off chain reactionSee all Perspectives
Now as June comes to a close, EMC is putting its money where its mouth is by acquiring industry veteran RSA Security for $2.1 billion.What does this deal mean to EMC, storage providers and the industry?
Think secure Information Lifecycle Management (ILM). Simply stated, ILM is a storage industry initiative for storing, moving, copying and protecting information based on business policies. When ILM first surfaced, no one paid any attention to security, which prompted the Enterprise Strategy Group to quip, "Without security, ILM is DOA."
EMC's acquisition of RSA proves that enterprise customers are leery of an intelligent storage infrastructure that shuffles around critical information in cleartext. Now that EMC owns RSA, expect others in the storage crowd to follow suit.
Key management is critical
Over the next few years, encrypting databases, files and storage devices will become commonplace. But this eventuality sets up a potential IT operations nightmare. How will companies create, protect, store and archive encryption keys? If encryption keys are compromised, then encrypted files become easy prey. If encryption keys are lost, data becomes unusable.
Competitors like IBM and Network Appliance have already acted upon this trend by developing products or snapping up storage start-ups. EMC's RSA grab demonstrates that it recognizes this burgeoning market need and won't sit idly by while others establish a beachhead.
Security officially in the mainstream
Cisco Systems has been building its security portfolio for years, while Microsoft went on a buying spree and then introduced its Forefront security branding. Oracle and Novell are also recent security buyers. Significant events? Yes, but EMC buying RSA rings in a whole new security era. Don't be surprised if other large security icons like Check Point Software Technologies, Internet Security Systems or McAfee get scooped up or merge with other technology leaders from completely different industry sectors.
Information a critical business asset
Wall Street is bound to scratch its collective head as it still can't figure out the whole Symantec-Veritas Software story 18 months later, but IT executives and chief risk officers certainly get it. Security is no longer about securing network pipes and desktops; it is about protecting critical business assets across the enterprise. Last time I checked, information was about as critical a business asset as any.
In an insecure technology-driven business world faced with a constant barrage of new attacks and an ever-growing regulatory compliance burden, information-centric security makes a heck of a lot of sense. Obviously EMC thinks so too.
Jon Oltsik is a senior analyst at the Enterprise Strategy Group.