Security Setback

2:10 PM -- "This acquisition signals a fundamental change in the landscape of the security market," said EMC chairman, president, and CEO Joe Tucci yesterday upon the $2.1 billion buyout of RSA, one of the world's best-known security vendors.

I couldn't agree more, Joe. But I don't mean that in a good way.

For years, RSA has been one of the most fiercely independent voices in the security industry, frequently swimming upstream when others were drifting with the tide. It developed encryption technology when few other vendors were addressing the problem. It fought the good fight against laws that restricted the export of security technology. It has partnered with dozens of vendors, large and small, to bring encryption and other key security technologies to all sizes of IT shops.

RSA was security when security wasn't cool.

Now, Tucci says, security must become part of the IT infrastructure. EMC wants to take RSA's technology and integrate it across its entire line of server and storage products. In essence, EMC is trying to merge data security and data storage into one big thing. Oh sure, RSA will still be able to operate as a third-party security company, but we all know which side of its bread holds the butter now.

I have nothing against EMC, but it's hard to see RSA's acquisition by another company -- any company -- as a step forward for the security industry. For years, RSA has made a mission of embedding encryption and other secure technologies into all sorts of environments, including databases, networks, desktops, and mobile devices. It has been one of the few vendors that worked with everyone, yet it remained innovative and generally stayed away from groupthink and lemming-like trends that have driven other security vendors to come out with new products every week.

When government officials want to know the security industry's viewpoint on a topic, RSA is one of the first companies they call. When IT managers want to know what's going on in security, RSA's annual conference is one of the first places they go. 'Nuff said.

Now, everything RSA says or does will have an EMC slant, whether it's real or perceived, and EMC's primary business is selling storage technology, not security. Cisco, IBM, and Microsoft all sell security products, but we don't kid ourselves that security is their first priority. EMC is a vendor in that same category. And RSA, which for years has cared about nothing but security, will now be part of EMC.

Will other security vendors jump into the void left by RSA? Sure. I've already had several vendors offer to give me their views on RSA's acquisition, presumably so they can assert their own independence and leadership. RSA's product lines and partnerships will likely continue, too. EMC didn't pay $2.1 billion just to embed the RSA technology in its own devices. It will have to do its level best to keep RSA customers happy.

As an industry, though, I believe the security market should mourn the loss of an independent RSA. Its legacy and its technology may live on, but from now on, its sharp-sighted voice will carry an EMC silencer. That's a voice that will be missed.

— Tim Wilson, Site Editor, Dark Reading

Companies mentioned in this article: