By most measures, RSA Security should be sitting pretty. After all, its product category,security software,was identified by more VARs than any other product category as the fastest-growing part of their businesses, according to our 2003 State of the Market survey. Despite that, the company has missed Wall Street expectations in two of the past six quarters, while sales continue to struggle and losses mount.
Not for long, says Arthur Coviello, CEO of the Bedford, Mass.-based company. With an eye on rebuilding investor confidence, Coviello believes that whatever growth rate the market achieves in 2003, RSA will beat it by three to five percent, simply due to customer interest in security. In a recent interview, Coviello sets the record straight on whether security has been overhyped and where partners can make money with his company's products.
VB: With several of the top security companies struggling financially, I'm beginning to wonder if the market is overhyped. What do you think?
Coviello: It is absolutely a great market. But 110 percent of zero is still zero...A high priority when CIOs aren't spending a lot doesn't translate into a high growth rate. I think what's hot,and it's clear if you follow Symantec,is the antivirus stuff. Why? People are finally getting it with the sheer volume of attacks and viruses on their home and office PCs. The more subtle security, like the strong authentication products and Web access-management products we have, really requires a significant uptick in the rollout of Web-based applications and, ultimately, Web services. If we have to wait for those, [our growth is going to take some time%85Having said that, we bottomed out in Q1, and we have had sequential upticks in revenue since. The pipeline is building, we are seeing a slow,but steady,comeback to our business, and we are capturing new accounts.
VB: So you're still an optimist?
Coviello: I am hugely optimistic because the next wave of technology adoption will be to Web-enable existing applications. That's the story I am hearing from CIOs who have to make more out of what they have already invested in. That means Web-enabling Oracle, SAP, Siebel, etc. As they do that, they expose those applications to the public Internet. When they do that, there's going to be an incredible requirement for strong authentication and Web-access management, and we're going to clean up.
VB: What should solution providers be doinging at this moment?
Coviello: Exactly what I am doing: keeping a tight fist on expenses, being incredibly opportunistic, looking at the application areas, such as security, that will be a higher priority for customers, and tenaciously going after every bit of revenue they can. But they have to have focus. One of the things that I think we've done successfully since Q1 is strip down the product lines. We got rid of losers or places we thought the market just wasn't going to develop. And we focused on our three areas: authentication, Web access management/authorization and our development group, which is not so much a channel offering as it is an OEM offering. I also think that partners need to find the companies that they think are going to be winners.
VB: What does that mean for point-product vendors?
Coviello: I think VARs should look for fewer point-product vendors, fewer small vendors, that cannot add multiple products that are best-of-breed quality. Multiple products allow VARs to get follow-on sales and allow them to bundle two or three products into a single sale. We can offer that for our partners better than most, if not all, security companies.
I think the niche guys are going to die. I really do.