CRN Interview: Art Coviello, President Of EMC's RSA Security Unit

Art Coviello, the former CEO of RSA Security, is charged with building EMC's new security division into a billion dollar standalone business. In an interview with CRN Senior Editor Kevin McLaughlin this week at RSA's annual partner conference in Phoenix, Coviello discussed how RSA will help EMC realize its goals for information lifecycle management and dispelled some misconceptions about how the acquisition will affect channel partners.

CRN: How will the acquisition of Network Intelligence [the security incident management vendor EMC acquired last month] help the security division attain its goals?

Coviello: It's one thing to ensure that right people get access, another to encrypt, but what Network Intelligence brings is the critically important ability to understand who accessed what, and when, and if the data could have been used in the wrong way.

RSA is in a great position to do basic security things like identifying people, encrypting data, handling access control. But more than that, we need to be able to track how the data is moving and being used and provide still another layer of protection over and above everything else.

RSA, with Authentication Manager, had a plan for a rudimentary capability for what Network Intelligence provides, and we knew it was a space we needed to get into. That's why when EMC informed me it was about to acquire Network Intelligence, I heartily approved because I saw the strategic value of the acquisition.

CRN: Does EMC plan to add more technologies to its security portfolio through acquisitions?

Coviello: RSA has always had a policy of not commenting on potential acquisitions. However, I will say that this is no time to be shy about doing whatever is strategically necessary. Innovation can occur in a couple of ways: organically or through acquisitions. Both RSA and EMC have developed a distinct competence in acquiring technology and making it pay for itself. My job is to make sure the acquisition was inexpensive for EMC shareholders.

CRN: What are the most common questions you've been fielding about the EMC acquisition?

Coviello: One that comes up most often is, 'What does storage have to do with tokens?' -- that's one of my favorites. Another has been, 'EMC has a strong direct organization, and what does that means for RSA's channel?'

The fact is, RSA no more considers itself a token company than EMC considers itself just a storage company. Although SecureID authentication forms a significant portion of our revenue, we're also about identity protection and data protection. EMC is adding a tremendous amount of value with lifecycle management, and the same is true of RSA.

We've viewed ourselves as an identity protection and data protection company, and some of the technologies that RSA brings to bear were all criteria that EMC had already set for itself in terms of securing the information lifecycle.

CRN: Will the merger have any effect on RSA's channel program?

Coviello: Our charter is quite clear: to add security technology and value to EMC's products, and to secure the information lifecycle in the context of EMC solutions, but also to add our own value as a security standalone division.

A significant value of RSA is our strength of distribution; we have tremendous reach into the SMB. So it's unlikely EMC would want to do anything to upset that. What they'll provide to us is leverage in terms of our ability to get into major accounts at the CIO level.

What people also need to understand is the significant degree of control the new security division has over its sales and technology. So, as much as EMC wants to embed RSA into its products, we're also charged with becoming a billion dollar business on our own.

CRN: What do you make of comparisons between EMC acquiring RSA and Symantec acquiring Veritas?

Coviello: I think with Symantec-Veritas, there are issues of integrating two similarly sized companies from a revenue standpoint, but RSA is only about 1/30th the size of EMC, so we don't see that massive melding together of two gigantic organizations.

From a technology standpoint, encryption and key management and access control, which RSA has and Symantec never had, are a lot more vital to storage and backup. Everything about data protection is melded into those three things. Antivirus, which forms the lion's share of Symantec's revenue on the consumer side, is purely defensive.