
Dell Sells RSA to Private Equity Firm for $2B - susam
https://www.darkreading.com/risk/dell-sells-rsa-to-private-equity-firm-for-$21b/d/d-id/1337078
======
NelsonMinar
Never forget that RSA is the company that sold out the security of all its
customers for a $10M payment from the NSA.
[https://www.reuters.com/article/us-usa-security-
rsa/exclusiv...](https://www.reuters.com/article/us-usa-security-
rsa/exclusive-secret-contract-tied-nsa-and-security-industry-pioneer-
idUSBRE9BJ1C220131220?irpc=932)

~~~
sudoaza
10M Wow, that's cheap AF!

~~~
blaser-waffle
"Undisclosed until now was that RSA received $10 million in a deal that set
the NSA formula as the preferred, or default, method for number generation in
the BSafe software, according to two sources familiar with the contract.
Although that sum might seem paltry, it represented more than a third of the
revenue that the relevant division at RSA had taken in during the entire
previous year, securities filings show."

10MM was also 1/3 of the revenue of that division; that's a big chunk. No
reason to think they'd stop that cashflow

------
ausbah
"Private equity firms increasingly are setting their sights on the security
industry due to its rapid and steady growth."

I do not trust private equity to main the standards necessary for quality and
trustworthy security.

~~~
batmenace
I do, for the sole reason that at the end of (almost) every private equity
deal is an exit, and in order for the company to be sold at a higher price
than it was bought, it still has to be good/better at what it is supposed to
be doing. Also, from my experience for these sorts of Tech deals, the level of
due diligence conducted before an exit by potential buyers can be extensive,
so I doubt they'd let the security parts of a security business go bad.

~~~
hattar
> in order for the company to be sold at a higher price than it was bought, it
> still has to be good/better at what it is supposed to be doing

As someone who has worked for PE owned companies I can confidently say that
unless you consider the thing they’re “supposed to be doing” to be reflecting
profit on the books, you’re wrong.

The PE owners of companies I worked for pushed EBITDA over anything else and
as a result our product became a leaning Jenga tower of half finished
functionality combined with unfulfilled promises to customers. Foundational
systems were completely neglected in favor of whatever kept costs low and
increased closed ARR focused deals. We sold for many times our previous
valuation and not one person I spoke to in the company itself or our customer
base felt the product was better, all agreed it was worse.

~~~
ftio
100% in agreement. Same exact experience.

The expectation is 30% YoY growth with 30% margins. At any cost. No excuses.

Your entire company, all of your software, your assets, your people? You’re a
single line in a spreadsheet. You’re a stock certificate. An asset. Raise the
value or be fired.

What’s that? You care about your employees? They’re working 14-hour days? You
need more people. Go ahead, give all the perks you want. 30 Over 30, baby. I
don’t care how you hit the number. Just do it or you’re fired.

Oh wait, you can’t hit these crazy numbers given the staff? Boo hoo. Fired.

Your product is falling apart and you’re plugging holes in a dam to prevent
churn? Boo boo. Keep doing it.

We’re out in five years anyway.

------
tptacek
A reminder that RSA was "Security Dynamics" before they bought "RSA" and
renamed themselves. Their main line of business was hardware tokens, which
were infamously implicated in a compromise by overseas attackers that coined
the term "Advanced Persistent Threat". RSA diversified into multi-factor
authentication tools for servers and then a bunch of random enterprise
security gadgets.

Companies like Duo and Okta ate RSA's lunch; their original core business is
now a commodity. RSA's relevance in the industry is greatly diminished.

~~~
tialaramex
Also the key stupidity that made all this possible is a lesson worth
remembering after RSA is forgotten.

The RSA tokens are essentially a random number plus form factor. It isn't
necessary for the manufacturer to know what the number inside each token is,
let alone to store that after the product ships.

But of course it's tempting to do so as a convenience for your customers. Once
you set off down this slippery slope you're a dead man walking.

A FIDO token likewise is a random number plus (somewhat more complicated) form
factor. If anybody makes RSA's mistake it has the exact same consequences (big
hole in your security for whoever knows the number). Hopefully the decisions
in FIDO to eliminate conveniences for knowing the magic number, plus RSA's
example has been enough that nobody is dumb enough but we shall see.

~~~
jlgaddis
Apparently Yubico knows the seeds written into their devices, else the OTP
auth (against their servers) [0] woulndn't work OOTB, no?

[0]: [https://demo.yubico.com/otp/verify](https://demo.yubico.com/otp/verify)

------
pge
2.1B is the same price EMC paid to take RSA private in 2006. Zero increase in
value in 13 years...

[https://corporate.delltechnologies.com/en-
us/newsroom/announ...](https://corporate.delltechnologies.com/en-
us/newsroom/announcements/2006/09/09182006-4605.htm)

~~~
NullPrefix
It's not zero. 2.1B was in 2006 dollars. 14 years of cumulative inflation
would add up to almost 2.7B in 2020 dollars.

~~~
vorpalhex
They could have literally put 2.1B in a savings account in 2006 and made more
money.

~~~
kryptiskt
Presumably the company is profitable and it could very well have racked up
quite a substantial return in dividends despite not increasing in value.

------
gumby
Dell has always felt like a financial engineering firm rather than computer
firm. Even in the 80s and 90s they made their money through holding the
customer’s money, putting unsold product on trucks parked in the street
(counts as shipped), having suppliers hold inventory in trucks on their
loading docks (supplier has to fund it as Dell hasn’t received it until they
take it off the truck) and of course the last couple of decades of back and
forth going private - going public

~~~
hammock
Good article where I can read more about this?

~~~
gumby
I'm talking about 40 years of reading articles about Dell; perhaps some old
magazines from the 80s may not be online too, but: likely if you use a useful
search engine* to look up things like "dell negative cost of capital" or "dell
minus 11 days receivables", "dell just in time inventory supplier trucks" etc
you can probably look up some of their much-lauded "innovations". I believe
the "put assembled product into trucks and drive them through the gate" was a
one-time act to meet one quarter's goals, but don't remember exactly, though
surely it would have been after they went public (the first time).

* Google used to be the obvious "useful search engine" when all others were terrible, but these days they emphasize recency and celebrity to the point where their search engine is almost useless in looking up old articles.

~~~
8bitsrule
A search using 'millionshort.com' (mentioned here yesterday) and your 1st
suggested search string found this 1998 story - 'Inside Dell Computer
Corporation: Managing Working Capital':

[https://www.strategy-business.com/article/9571](https://www.strategy-
business.com/article/9571)

------
throw0101a
Has "private equity firm" in a sentence ever been followed by good news? Why
do they seem to mess things up so badly?

~~~
kencausey
I suspect this is a case of when it all goes well or at least not badly that
it is simply normal and a case of 'not newsworthy'.

Yes, a lot of bad things happen in the world, but don't forget that a lot of
good or just OK happens and never gets reported because it is just normal.

~~~
chungus_khan
The issue is that the overwhelming incentive for these sorts of buyouts is
towards very short-term decisions leading up to a sale. If things line up
correctly, this can have good results, but usually it involves compromising
the product, long-term business, cutting corners, etc. People on places like
HN are especially wary of this sort of thing because a lot of us are tech
professionals who end up in the trenches first hand when those corners get
cut. This is especially dangerous in the realm of security.

------
142
Last time information is available, RSA generated about $1 billion in revenue.
Very hard to believe that RSA is worth 50% of annual revenue - that's a great
ROI.

For comparison, Imperva, with revenue of ~$300 million annually in 2018 was
bought by Thoma Bravo for $2 billion. I have a hard time believing Imperva is
worth the same as RSA.

~~~
redwood
Must be consulting revenue vs subscription (or similar)

------
notlukesky
For whatever it is worth, I work for an SI that sells SAASPASS IAM that also
includes MFA solutions and our only churn customers are those using RSA
SecurID. I assume this will accelerate, but I suppose that will be obvious in
a year or two from now. Of the MFA vendors out there RSA will have to invest
to keep up pace with other vendors. Let’s see if the new owners are willing to
do that.

------
protomyth
I worry with news like this that the PEF has a plan to sue some people after
the buy out. I wonder if they have anything that could be used to go after
groups?

~~~
737min
The important patents are long-expired.

------
whatsmyusername
I’m reading this as RSA is deprecated.

~~~
chundicus
This is referring to RSA the company, not RSA the public key cryptosystem
(both created Rivest, Shamir, and Adleman)

~~~
whatsmyusername
That's what I meant, RSA (the company) is cancelled.

