On the heels of IBM's acquisition of Watchfire, HP today announced it was buying SPI Dynamics, another application security bellwether, for an undisclosed amount.The move signifies the growing convergence of the information security marketplace, especially in light of IBM’s pickup of Watchfire, which was SPI’s main competitor, analysts said today.
"We wanted to stake a claim in the fast-growing security space, and the best way to do that is to acquire a leader," Jonathan Rende, vice presidents of products at Palo Alto, HP, said today on a conference call.
HP executives said business application security is a serious concern across enterprises. SPI’s offerings allow customers to inspect and assess security at all phases of the development lifecycle. The solutions include a real-time dashboard to centrally manage security vulnerabilities.
"We have a commitment to the enterprise software space," Rende said. "This is one of the fastest growing, most profitable parts of the business. This adds a new chapter to the application side of the house."
Last year, HP acquired Mercury Interactive, a leading automated software quality assurance company, for £2.3 billion ($4.5 billion).
Chenxi Wang, a Forrester analyst, said that today’s acquisition not only validates the application security space, but also acts as a strong complement to the Mercury purchase.
"The integration between SPI and Mercury is a very compelling one, even more compelling than IBM Rational and Watchfire," she said. "This move may be on the defensive side, in light of IBM’s Watchfire acquisition, but this also highlights HP’s commitment to deliver quality software, and also their vision to extend quality control over all phases of the software lifecycle."
Brian Cohen, chief executive officer of SPI, which has about 140 employees and some 1,000 customers, said on the call that the merger makes sense considering the two companies have been longtime partners and have an overlapping customer base.
"Web applications are becoming ubiquitous," he said. "As they do so, they fall into a lot of traps associated with application security. We have technology to let [businesses] identify weaknesses in their applications and prescribe prospective action."
The deal with SPI is HP’s first security-related acquisition since the world’s largest IT company acquired Trustgenix, a federated identity management provider, in 2005, executives said today. But they added, the SPI acquisition does not mean HP is interested in becoming a "prevention vendor."
Wang said she believes HP, following the trend of other large IT players, such as IBM and EMC, will continue to move into the security space and may next target a managed services provider.
Once the deal is finalised (expected to happen in the third quarter), SPI will be integrated into the software unit within HP’s Technology Solutions Group. Executives did not mention the possibility of layoffs.