Interview: Tim Pickard
RSA's acquisition by EMC was one of the big stories of 2006. The area VP of international marketing tells Paul Fisher why it's a golden opportunity.
Ten days before Christmas, and RSA's UK headquarters building has the distinct atmosphere that seems to pervade businesses in the seasonal wind-down. Outside the weather is still and uniformly grey, inside the reception area is quiet, disturbed only by the succession of old Christmas hits being pumped out on the plasma screen. You get the feeling that MTV wouldn't normally be the channel of choice.
I was beginning to enjoy Jona Lewie's Stop the Cavalry when Tim Pickard emerged from the lift to greet me. In the UK and the rest of Europe, Pickard is one of the information security business's "faces", meaning a lot of people know him and he knows a lot of people; he's been around. He even has two identities within the company: managing director of RSA Conference and area vice-president of international marketing for RSA itself, now of course officially called the "security division of EMC".
EMC bought RSA lock, stock and barrel in 2006 and turned it into its security division. Undoubtedly one of the most high-profile acquisitions of 2006, it differed from many others in that EMC has pretty much left RSA intact, and it looks like it may stay that way. But the marriage has attracted comments from some analysts, who are suggesting that it may be a strange fit.
As we settle down in Pickard's office he refutes this idea. "It's a very logical fit, actually, because RSA and EMC are essentially working together to provide secure information in its entire life cycle," he says.
Pickard is not known to be a man of few words, and so it proves to be the case. He enlarges on why RSA and EMC fit together so well. It's obvious to him how RSA can boost EMC's leading position in the storage market.
"Understanding who has access to data, and managing that appropriately, both in terms of accessing data, storage and the movement of information once it's in transit, is increasingly important to all organisations," he explains. "The principle is very sound. We bring authentication, which is clearly part of that process. We bring access management, which is again essential to the whole procedure, and we bring encryption technologies. It makes a lot of sense.
"This is the start of the journey, not the end. So as we start to acquire more companies and build up the security division of EMC, then I think the synergies will become even more obvious," he adds.
That's a revelation, the acquisitions bit. But the new marriage is already looking to add to the family. Indeed, EMC also bought technology from Network Intelligence that logs all security events taking place on a network, around the time it bought RSA.
So did it come as much as a surprise to Pickard when the acquisition came through as it had to many security analysts? He wasn't part of the takeover process. He was well aware of consolidation and, RSA had been an active consolidator itself. He knew that at some point the company may well become an acquisition target, he recalls.
"The real surprise was that EMC was the buyer, I hadn't had them on my top-three list of potential acquirers," he says.
So apart from becoming a "division", what other immediate impact has there been? Listening to Pickard, it seems that the merger is only going to make RSA more of a player. Just like in any other sector, size matters, especially when behemoths such as BT and IBM are ramping up their activities in the market. EMC is lending RSA some muscle.
"It's early days, but things are moving forward. We are integrating the business at a number of different levels, and our messages to the market are becoming more integrated. Our ability to execute in the space has gone up significantly as a result of now having a 7,000-strong sales force. RSA didn't have access to that before, apart from through its partner-base," Pickard enthuses. "We also have access to global account management. Having that additional resource is very helpful. EMC has a significant number of major account relationships that we can now leverage. It gives us an opportunity to work through EMC's sales force to get to more customers."
So on a logistical basis the benefits are obvious, but Pickard also sees some canny moves afoot in terms of branding. He thinks that leaving RSA as a division was a good tactic because, in his words, it "retains the brand". RSA keeps ownership of everything that has been put into the its brand image up to now, while also being able to leverage the muscle of EMC.
So unlike other mergers, there is little chance that the junior partner's brand will disappear. Pickard is mighty confident of that.
"One of the things EMC recognised was that RSA has been synonymous with high-quality security and encryption for 25 years. It is one of the gorilla brands in the market. EMC wants to have a strong position, and therefore using the brand to its maximum is a very sensible thing to do," he says.
In other words, Tim Pickard feels very attached to the brand and the work he has personally put into it (he has been with RSA for six years).
And RSA won't be leaving its current UK base in Bracknell for the delights of Brentford, where EMC's employees have a fine view of the M4 as it snakes in and out of West London. "Brentford is full," quips Pickard, seemingly happy with his corner office looking out over the leafy suburbs of Bracknell.
More seriously, there was criticism at the time that EMC got more out of the deal than did RSA. It comes back to the poor-fit allegation, but this time in terms of products.
Worse for Pickard's sunny optimism, and perhaps his corner office suite, some unkind souls have suggested that the partnership won't be in the same shape 12 months from now. Again he is dismissive of such speculation.
"It's true; we will see integration of our technologies into EMC's products, because it just makes a lot of sense for them to be able to offer those types of services around their storage and information life cycle management products," he admits. "That will happen quite quickly. So ... what do we get?"
As I wait for the answer, Pickard points out that much of the negative comments surrounding the merger happened very soon after the event and that already, three months later, a very different picture is emerging.
"EMC brings to us a number of things we couldn't have done on our own. Capital is one. Our objective is to be a $1 billion (£515 million) company in three years ... a $1 billion division", he corrects himself.
"We'll probably close the year, at around the $400 million (£206 million) mark, so you can see that there is some significant opportunity for growth in the business.
"Clearly our challenge is to understand where those opportunities are and to utilise the access to capital and resources that we now have in order to accelerate growth. That's what EMC brings us: the opportunity to become a much more powerful player in the market. I don't think it's unbalanced. I think it's a good balance," he insists.
But what of the temptation that EMC may sell of parts of the business; the consumer group for example, the part that supplies financial institutions with authentication tools for their customers, the only vertically focused part of RSA. Pickard sees this as unlikely.
"That business has grown enormously this year. We now offer a range of solutions, not just token-based authentication. We understood a while ago that this was going to be an expanding part of the market, because of phishing attacks, vulnerabilities and concern within the user community that security was not good enough, so we invested in companies and products," he says.
And, Pickard continues, increased regulation has also helped. The Federal Financial Institutions Examination Council (FFIEC) in the US issued a mandate that decreed that by the end of 2006, US banks would have to manage two-factor authentications within all their online banking environments. And other countries, including Singapore and Hong Kong, are following suit.
"The banking community is very significant to EMC, as it is to most vendors," he explains, "so from that perspective I think the ability to provide a range of services to those customers is still very important.
"I'll make a prediction that you will see more service-based offerings from RSA and other vendors in the security space, because more and more people are going to want to outsource some of these issues rather than tackle them in-house."
At the RSA conference in Nice last October, it was apparent that some European banks are embracing this philosophy with more sophisticated protection using tokens, but the UK is still lagging behind. Indeed one Italian customer, the UniCredit Banca, is so happy that it promoted its security in an advertising campaign. In this country, security is yet to be used as a marketing tool. RSA thinks this will change.
"Next year we're going to see a big shift in the types of attack we experience, specifically in the UK," he predicts. "Traditionally, the two big open markets are the US and the UK. Lots of English-speaking people; tons of money; no strong authentication. But what's going to happen when the US locks all the doors to online banking after the new FFIEC rules have kicked in?," Pickard muses.
"Cyber crime is a ruthless business; the perpetrators go to the next lowest hanging fruit. Guess what; that's the UK. "And so we're actually expecting, and I won't use the word predicting, but we're expecting that we'll probably see quite a big shift, both in terms of the sophistication of the kinds of attack and the sheer volume that will shift to the UK market in particular".
The RSA logic is thus: Because the US market was so easy to attack, Trojans were quite rare, because there wasn't really a business case for criminals to develop them. All of a sudden there is. That means that even the markets in Europe that are strongly authenticated today using traditional two-factor authentication and the like will now be open to attack as Trojans are developed.
So the knock-on effect of increased security in the US means that Europe will come under increased pressure from cyber criminals.
"The good news is that we've definitely seen an uptake in risk-based protection," says Pickard. "It's more convenient for the user because they actually have variable impact in terms of how they operate. And it's more convenient from a banking perspective because they don't have to issue and manage potentially hundreds of thousands of tokens. So I think it's a positive way forward."
So if the picture is less clear for 2007 in what is going to happen and UK and European banks, isn't it about time they followed the Italians' lead and promoted security a little more?
Pickard is not sure about this, even though RSA would stand to gain. "You're not necessarily going to see that, and I don't know how some of these major banks are going to communicate the fact that they are now offering a more secure service," he cautions.
"But it's very interesting. Barclays produced some numbers for us about the incidence of attacks on them once they introduced our service, and they went down dramatically in a period when attacks overall were going up."
So, yes, we are living in interesting times. In 2007 all the predictions say that the financial sector is likely to come under the heaviest attacks yet seen. Intelligence suggests that the money lost to criminals will easily beat 2006 figures, and the trend is likely to be exponential.
Undoubtedly, the owners of the now cash-rich and resource-hungry security division, still known as RSA, will be looking increasingly to Pickard to consolidate and innovate its way to leadership of the market that will help the financial sector fight back. And his reward? The emergence of that $1 billion division.
TIM PICKARD - The CV
1980-84 BA Systems Analysis, University of Western England, Bristol
1986-90 Major account sales, then regional sales manager, Businessland UK
1994-95 MBA, Cranfield School of Management
1995-99 Marketing director, 3Com Corporation
2000-04 Director of RSA Conference Europe
2004 to date promoted to area vice-president, international marketing in addition to existing role
Other interests - Pickard is a a founder member of the Institute of Infomation Security Professionals. He is an enthusiastic yachtsman
THE MEANING OF ART
Another man whose name is synonymous with RSA is, of course, its chief executive, Art Coviello (pictured, right) - the man who is credited with turning a $25 million (£13 million) company into a $310 million (£160 million) giant in less than ten years. The merger with EMC has meant a change of title to executive vice-president of EMC and president of the security division, but what about the longer term effects?
According to Tim Pickard, vice-president of international marketing and managing director of RSA Conference, Coviello is still going to be very much involved in RSA and its future. He has undoubted status within the organisation, and the requirements from new parent EMC are quite simply to return a revenue and a profit number.
Coviello's remit is to run and grow the business as he sees fit, within financial guidelines and with an overall long-term target of reaching the $1 billion revenue figure.
"He sees his role as being a very exciting one now; different, but still exciting," says Pickard. "He has access to resources he didn't have before in order to achieve those numbers, which is a thrilling proposition."
According to reports, Coviello will be given free reign to build or buy solutions independent of EMC's product lines. "We have to justify what we do and the investments that we make, but it's up to Art how he directs the business," explains Pickard.
WHAT'S IN STORE FOR THE RSA CONFERENCE IN EUROPE?
After the acquisition by EMC, some feared that the well-established RSA Conference may not have a future, at least not in Europe, where its profile is much lower than that of the Infosecurity shows, for example.
However, Tim Pickard, managing director of RSA Conference, refutes such talk: "It's absolutely going to continue. The RSA Conference has a very strong brand and is well established, both in the US, UK and Japan. And from a European perspective, it's going to get a greater level of investment."
But changes are afoot, and it's good news for London. "We've never had a permanent base for the event, and that's made it very difficult to build a strong community because of that fact," he says.
The Nice event was the last to be held on the old basis, which saw the conference and exhibition travel round the more attractive cities of Europe. Instead it's going to a new permanent home, the shiny ExCeL Centre in London's Docklands. "And that's quite a big investment because London is a very expensive city in which to host an event, but its also significant because it is the financial centre of Europe. And it's one stop from most European countries," says Pickard.
"Also the UK is commercially a very strong economy, so all those things rolled into one mean that I think this is a good venue. And we're hoping to grow the number of full conference attendees. It's been rising by about 10 to 15 per cent a year, but we're looking for a more significant jump by moving to London from that point of view.
"And also, the exhibition traffic I think is going to be more significant," Pickard adds.