Today's acquisition announcement of Archer Technologies is likely a harbinger of what we'll see from EMC during 2010 -- swift execution around strategic themes that we've already discussed.
The first order of business -- a hearty "welcome aboard" to Jon Darbyshire and his world-class team. We're proud and excited to have you as the latest member of the RSA and EMC family!
And, for the everyone else, I'd like to share a bit of the story behind the story ...
It's All About (Enterprise) GRCThat's "governance, risk and compliance" if you're not familiar. Good GRC is primarily about having good process, which good technology can enable.
In a nutshell, Archer provides the frameworks, the solutions and the services to help enterprises identify and manage different forms of risk.
If you're thinking "IT risk", you're only partially right. Archer's capabilities are designed to help enterprises manage all forms of enterprise risk -- and not just IT-related ones.
So, in one sense, enterprise GRC is a business application in the same sense as ERP or enterprise email or perhaps enterprise content management.
However, it's also fair to say that most business activities involve IT, so much of Archer's focus has to do with enterprise systems and information.The Rationale(s) Of The Deal
First, if you're an industry watcher in general, and an EMC watcher in detail, some of the first-level synergies should be pretty easy to spot.
Enterprise GRC is a growing application market that has direct executive-level and board-level engagement. That's good, for starters. And I think most people can spot that RSA's existing assets in DLP (data loss prevention) and SEIM (security event information management via enVision) are highly complementary.
But there's more if you go looking.
For example, Ionix' ability to discover application and infrastructure relationships is a powerful asset in this space, not to mention our existing capabilities for IT GRC compliance which now complement a broader enterprise GRC discussion. There's a healthy synergy between Archer's solutions and EMC's traditional backup, recovery, archiving and business continuity capabilities. And, of course, EMC's Documentum portfolio is frequently used in multiple GRC-related contexts.
If you'd prefer to instead think in terms of industry themes, this acquisition is clearly an example of the increasing value of discovering and orchestrating things, rather than the things themselves.But I think there's even a deeper strategic synergy ...
It's About (Private) Clouds ... Again
Ask any 10 large enterprise IT users as to why they won't use external service providers (e.g. cloud), and they'll usually talk about things like security, regulations, risks, compliance, etc. -- essentially, a GRC-related discussion.
And ask any 10 large service providers about their #1 obstacle to getting more business, and they'll inevitably cite the exact same customer concerns about security, regulations, risks, compliance, etc. -- the exact same GRC-related discussion.
The thinking is simple: without an enterprise GRC framework, their isn't likely going to be widespread adoption of cloud-based services by larger enterprises. Enterprise GRC frameworks will be an important enterprise cloud enabler.
As is security (RSA), management (Ionix), storage, and -- of course -- virtualization.
The Bottom Line
The good people at Archer can help make the case as to why enterprise GRC is an important topic, and why their framework-based approach is the best one.
Talk to EMC and RSA field people, and they can likely extend the picture even further, and show how Archer extends the value of other EMC capabilities, and how these other EMC capabilities make the Archer approach even more compelling than before.
And, if you talk to someone like me about it (or perhaps Yo Delmar) you'll find us taking the rather esoteric and controversial perspective that enterprise GRC will likely be mandatory in tomorrow's world of enterprise cloud computing.