As viruses and hacker threats push corporations to bolster information security, the company that commercialized data encryption seeks stardom beyond the high-tech stage.
By Jeffrey Kutler
May 2001
Institutional Investor Magazine
As viruses and hacker threats push corporations to bolster information security, the company that commercialized data encryption seeks stardom beyond the high-tech stage.
A movie about a fictional technology company resembling Microsoft Corp. - Antitrust - was a box-office dud last winter. But RSA Security saw it as the start of something big.
The film was RSA’s premiere in the Hollywood game known as product placement. Typically, certain brands of beverages or breakfast cereals get screen time, for a fee. In Antitrust RSA’s logo appeared on wall posters and computer screens, and the company’s SecurID cards allowed access to sensitive systems. As part of the deal, RSA provided technical advice to the producers at MGM.
Intrigued by what RSA might be? That’s the point, says CEO Arthur Coviello Jr., 47, a former networking industry executive who joined RSA as head of finance and operations in 1995. The Bedford, Massachusetts, company, maker of those SecurID cards, was then called Security Dynamics Technologies. A year later it paid $258 million to buy RSA Data Security, a 50-employee Silicon Valley shop that had made its mark developing data encryption systems for securing databases, electronic messages and financial transactions. In 1999, the year before Coviello succeeded longtime Security Dynamics chief Charles Stuckey as CEO, the entire company adopted the RSA identity because, Coviello says, “RSA was synonymous with e-security.”
But it wasn’t a household name - hence the foray into product placement. “Financially, it’s breakeven for us, and in terms of marketing bang for the buck, it’s about as good as it gets,” says Coviello.
RSA bears the initials of its founders - mathematicians Ronald Rivest, Adi Shamir and Leonard Adleman. In 1983 the three obtained a patent on what became the commercial standard for the complex data scrambling codes that keep hackers and tamperers at bay. With more than 1,000 licensees, RSA spawned an industry that came into full flower in the 1990s, when the Internet heightened demand for digital security.
But the patent expired last September, and RSA - now with 1,350 employees, 8,000 customers and a market capitalization of $1.7 billion - is trying to convince investors of its continuing strengths as a seller of digital security and user-identification products as well as cryptographic tool kits and consulting assistance.
At a recent price of $30, RSA’s stock was 43 percent below its 52-week high - not bad for a tech company - and its price-earnings ratio was about 10. Revenues rose 28 percent last year, to $280 million, and 21 percent in the first quarter of this year, to $76 million. Says Salomon Smith Barney data security analyst Chuck Jones, “They have a large number of products, which is what gets them in the door, and they’ve shown an ability to execute.”
Not surprisingly, Coviello asserts that “We think we’re undervalued.” He recently discussed the postpatent state of RSA with Institutional Investor Assistant Managing Editor Jeffrey Kutler.
Institutional Investor: Does RSA live or die by the Internet?
Coviello: Our business is, for the most part, driven by the Internet. We obviously believe that over the long term a tremendous proportion of the economy and exchanges of information will be on the Internet. There’s no turning back from that.
How do you square that outlook - and RSA’s results - with the recent collapse of many Internet businesses?
Security is fundamental to e-commerce and to the confident flow of information over the Internet. We have seen a steady buildup of customers trying to understand their needs for security. Security is coming out of the shadow of internal security departments and is getting more prominence with business decision makers and upper managements. In an economy that is potentially slowing down, business leaders will be looking for ways to be more cost-effective. The Internet can help with that, and security enables it.
Are you saying that you can buck any recession?
There are mitigating factors. First, there’s a general view that it’s the U.S. economy that is slowing. We were very strong in Europe in the first quarter, and we expect that to continue this quarter. [RSA gets 35 percent of its revenues from outside the U.S.] Second, though there may be an oversupply of bandwidth and a slowdown in application deployments, most of that bandwidth and those applications are insecure. The bandwidth and applications went in first, and security is a latent purchase, so there is ongoing demand.
As your business attracts more competitors, how do you define RSA’s role?
We’ve always had strong leadership positions in the market segments we’ve chosen. We’ve always had a reputation for innovation. We don’t view ourselves as an encryption company or a public key infrastructure company or a user-authentication company. We solve a real problem for customers: helping them to identify the people they are doing business with and ensuring that their online transactions or exchanges of information remain private and confidential.
If security vendors do well by staying focused, how close are the end-to-end solutions that the industry has been promising?
There was a fallacious belief several years back that one security company could solve all problems. The security industry is made up of multiple segments, and customers have tended to buy best-of-breed products and solutions from leaders in the various segments. Where there’s overlap, we have to make sure products work together; RSA’s compatibility with Check Point Software’s virtual private networks is an example of that.
What other alliance strategies are you pursuing?
They are almost too numerous to mention. There is more interdependence in technology than ever before, especially with the Internet. You have operating systems and applications, wireless versus wired technologies, databases and directories. It goes on and on. We recognized early on that we would be most effective by dealing with that complexity. That means making APIs - application programming interfaces - that are easy to tie into. That means embedding agent code - which we actually give away - in other people’s products. So we have partnerships with big operating systems vendors like Microsoft and Sun Microsystems. Our code is in Cisco Systems’ and Check Point’s and many telecom and application vendors’ products.
What kind of event - or nonevent - was the expiration of RSA’s patent?
I think there was a lot of confusion. Our stock price fell despite the fact that we had a record number of new licensees as the technology was coming off patent. The patent was based on a mathematical formula. Our value was always in its implementation, all the software around it, the APIs. We are now in the ironic position of seeing, with the patent off, our cryptography establishing itself as the industry’s open standard.
Is that a case study on the benefits of open technology?
It’s a case study of a patent doing what it’s supposed to do. It protected a fledgling company, giving it an opportunity to exploit its invention. Now that it can withstand competition, the technology is available to everyone, and I expect that we’ll continue to offer the best implementation.
How does venture capital investing fit into RSA’s strategy?
This is one of the legacies of Jim Bidzos [RSA Data Security CEO from 1986 to 1997]. When start-up companies wanted to license our cryptography, we would do it in exchange for stock or warrants. One of our first deals was with a fledgling browser company called Netscape; we made more than $20 million on that investment. VeriSign, another big Internet IPO, was spun off by RSA in 1995. We also had positions in Trintech, an Irish payments company that went public in 1999, and [security hardware provider] nCipher, which went public last year.
What emerging technology excites you?
With Ericsson we have demonstrated a mobile phone that can authenticate, encrypt and digitally sign transactions, using the Bluetooth short-range communication capability. It will be a while before there is a significant revenue stream, but this is how great innovations get started. We have to build technology that paves the way.
