10 Things To Know About DXC Technology And The Channel's Newest $4.3B Public Sector Powerhouse

Wheeling And Dealing

Vencore, KeyPoint and DXC Technology's U.S. public sector business have unveiled plans to come together and form a $4.3 billion, 14,000-employee U.S. government solution provider with security, cloud and analytics expertise.

DXC said the new company – whose name is yet to be determined – will be one of the five largest pure-play federal government solution providers. The merger is expected to close on March 31, 2018.

Each of the companies enters the deal with some issues: KeyPoint suffered a high-profile security breach; Vencore eyed an initial public offering before deciding to go in a different direction; and NASA took the unprecedented step of rescinding DXC's "authority to operate" back when the business was part of Hewlett Packard Enterprise.

Here are 10 things to know about the mega-deal and the rapidly consolidating public sector solution provider space.

10. DXC Shareholders Will Own A Majority Of The New Company

DXC stockholders will receive shares of the new company through a spin-off and will own roughly 86 percent of the combined company's common stock when the deal closes, which is slated for March 31.

Funds managed by Veritas Capital will therefore own approximately 14 percent of the new company's shares when the deal closes. Veritas Capital also will receive a $400 million cash payment for the merger.

The new company, meanwhile, will distribute $1.05 billion in cash or assumed debt to DXC. Tysons, Va.-based DXC, No. 11 on the 2017 CRN Solution Provider 500, plans to use proceeds from the deal to reduce debt, repurchase shares, and for other general corporate purposes.

9. Veritas Capital Has Eyed Multiple IT Investments In Recent Years

New York-based private equity firm Veritas Capital dove into the cybersecurity software space in September 2014 with its $310 million purchase of Phoenix-based BeyondTrust from fellow venture capital firm Insight Venture Partners.

Less than three years later, The New York Post reported that Veritas Capital had expressed interest in purchasing parts of telecom service provider West Corp.'s business. The Omaha, Neb.-based company, however, opted to take the entire company private under the umbrella of Apollo Global Management.

Veritas Capital paid $815 million in November 2010 to acquire what is today Vencore and what was then known as Lockheed Martin's Enterprise Integration Group (EIG). Some one and a half years earlier, Veritas Capital acquired KeyPoint (then known as Kroll Government Services) for an undisclosed amount to get a foothold in the U.S. government security space.

8. The New Company Will Be Led By Vencore's CEO

Even though Veritas Capital is only a minority stakeholder, it will contribute the new company's CEO. Vencore CEO Mac Curtis (pictured) will take the helm as the new company's first chief executive.

Veritas Capital tapped Curtis in July 2013 to take over as CEO of Vencore, which was then known as The SI Organization. Curtis oversaw the company's rebranding, doubled its size through the acquisition of QinetiQ North America’s services and solutions business, and purchased an applied research arm known as Applied Communications Sciences.

Meanwhile, DXC U.S. Public Sector Senior Vice President and General Manager Marilyn Crouther will become the new company's chief operating officer. Crouther joined DXC from HPE Enterprise Services, where she had served in the same role since December 2011.

7. The New Company Will Have Expertise That Didn't Exist In DXC's U.S. Government Business

The new company's 14,000-person workforce will be highly skilled, with more than 1,000 Agile software developers and 170 Ph.D.s among its ranks. The firm will also house an extensive portfolio of intellectual property, with more than 260 patents either issued or licensed.

"This is expertise that, quite candidly, we didn't have in [DXC's] USPS [U.S. public sector business], and now it can be leveraged across all of the USPS client base," said Mike Lawrie, DXC's chairman, president and CEO.

The deal will enable the new company to cross-sell consulting, cloud and analytics into DXC's legacy customer base, and cross-sell infrastructure, application development and systems integration into Vencore's traditional base of clients, according to Lawrie.

6. The New Firm Will Likely Enhance KeyPoint's Offering Through Robotic Process Automation

Loveland, Colo.-based KeyPoint Government Solutions won a critical position in late 2016 alongside solution provider giants CACI, CSRA and Securitas Critical Infrastructure Services to provide background investigation services to the U.S. Government's Office of Personnel Management (OPM).

CSRA has enjoyed much success integrating robotic process automation (RPA) and cloud solutions to streamline and improve the profitability of KeyPoint's traditional staff augmentation-focused engagements, according to Joey Cresta, public sector analyst for Hampton, N.H.-based Technology Business Research.

Applying DXC's digital transformation services to KeyPoint's acquired contract vehicle would provide the new company with a use case it could show to the broader market, Cresta said.

5. A KeyPoint Employee's Credentials Were Used By Hackers To Gain Access To Sensitive Federal Employee Data

KeyPoint, however, has been subject to scrutiny around an August 2014 breach.

According to a U.S. House Committee on Oversight and Government Reform Majority Staff Report, hackers used a credential to the OPM network held by a KeyPoint employee as an "initial vector" of an attack that culminated in two intrusions of OPM systems, detected in April 2015. But that KeyPoint employee did not have administrator credentials, meaning that the adversary needed to gain another set of credentials to do operations.

The OPM director told legislators in June 2015 that there was a direct line between the breach of KeyPoint systems and the two intrusions, according to the Federal Times.

Although the adversary leveraged a compromised KeyPoint user credential to access the OPM network, the agency said it didn't have any evidence suggesting that KeyPoint as a company was responsible or directly involved in the intrusion, the Federal Times reported.

Having valid credentials gave intruders access to the system as well as any encrypted files and other data that might have otherwise been restricted, the Federal Times said. The hackers were able to successfully exfiltrate data on some 4.2 million current and former U.S. government employees, according to the Federal Times.

An audit released in December 2015 by the OPM's Inspector General found that KeyPoint hadn't developed a firewall configuration standard, hadn't implemented an outbound web proxy, and didn't routinely audit its server and workstation configuration.

KeyPoint fully concurred with all but one of the 17 recommendations made by the OPM's CIO, and had addressed or was in the process of addressing all of the issues raised, according to an October 2015 memorandum.

4. Excising A U.S. Government Business Feels Like Déjà Vu All Over Again For DXC CEO Lawrie

The DXC assets involved in the deal all came from the HPE Enterprise Services business, which merged with CSC in March 2017 to form DXC.

That's because CSC actually spun off its U.S. public sector operations in November 2015, which in turn merged with SRA International to form $5 billion U.S. government goliath CSRA, No. 14 on the on the 2017 CRN Solution Provider 500.

DXC CEO Lawrie (pictured) served as CSRA's chairman of the board for the first nine months of the company's existence until resigning in August 2016. Now he will lead the board of one of CSRA's top competitors.

3. Consolidation Among U.S. Government Solution Providers Continues Unabated

The DXC U.S. public sector-Vencore-KeyPoint merger is just the latest consolidation domino to fall in the federal government solution provider space.

CACI International, No. 16 on the 2017 CRN Solution Provider 500, closed its $550 million acquisition of the government services group of L-3 Communications Holdings in February 2016. Six months later, the world's largest pure-play U.S. government solution provider came together when Lockheed Martin merged its $4.7 billion government IT business into $5 billion powerhouse Leidos.

The latest deal will create the 10th government services vendor at or above $4.3 billion in annual public sector revenues, according to Technology Business Research. This could result in smaller and midtier U.S. government solution providers feeling the squeeze.

2. Vencore Is Not The First U.S. Government Solution Provider To Walk Away From An IPO

Vencore in June filed the registration statement required for an initial public offering with the U.S. Securities and Exchange Commission, and updated that statement in August. The company indicated in its SEC filing that sales hit $1.17 billion in 2016, up 68.9 percent from $691.7 million four years earlier, while recording net income of $1 million, improved from a loss of $117.7 million in 2012.

But like Vencore, many solution providers that file an IPO don’t actually end up going public on their own.

SRA International started its IPO process in July 2015, but ended up announcing plans just one month later to combine with CSC's U.S. Government Services business to form CSRA. And Vertias Capital itself acquired Alion Science and Technology Corp. in August 2015, one month after Alion filed for an IPO to pay down its debt of roughly $561 million.

1. The New Company Hopes to Stem Fallout From The Legacy DXC Federal Business

DXC's U.S. public sector business has suffered reputational damage dating back to when it was part of HPE Enterprise Services due to challenges in ensuring information assurance as part of its IT services engagements, said Technology Business Research's Cresta.

"[Technology Business Research] has collected myriad anecdotes of reputational damage to the legacy HPE Enterprise Services public sector business, including apparent challenges in ensuring information assurance as part of its IT services engagements," he said. "Reputational damage of this nature will make it difficult for NewCo [the new company] to retain its legacy book of business."

NASA's CIO took the unprecedented step in July 2016 of not signing off on HPE's "authority to operate" as part of its $2.5 billion contract to address the agency's IT infrastructure. NASA's Inspector General found in 2013 that HPE had failed to promptly replace computers and apply security patches, with some updates being several months overdue.

Despite the addition of Vencore's cybersecurity capabilities, Cresta said HPE's reputational damage might be too deep for the new company to retain positions on contracts such as the U.S. Navy's Next Generation Enterprise Network contract recompete.

In that case, Cresta said Vencore could help backfill the new company's hypothetical contract losses with a book of business that overlaps minimally with DXC's public sector portfolio.