This page contains a Flash digital edition of a book.
have their security requirements working well together.”


Doing this, he suggests, makes the


CISO’s task easier. It is not, however, IBM’s intention to be in every sector: the company no longer develops anti-virus software, for example, but works instead with Trend Micro.


It’s Not All Roses


Not all security experts believe that mergers and acquisitions are benefi cial for end-user businesses, with many suggesting it is the company’s founders, or its buyers, who reap the rewards.


“In my experience, deals have not


benefi ted users”, cautions John Walker, a professor at Nottingham Trent University and member of the ISACA Security Advisory Group. “A lot of these deals occur where a product is bought, and it is never quite the same animal. Some of the niche companies produce specialist products and in my opinion, they deliver better products. The bigger companies buying them don’t have the spirit that produces them, the keenness and the attention to the product.”


John Walker


In some cases, he says, good products have disappeared from view under the stewardship of new, larger owners, often by being incorporated into other products or as part of bundles. Others have been starved of investment and have fallen from favor, as their capabilities have diminished. Other


Case Study: Clearswift


In November 2011, Clearswift, a UK-based security vendor, was bought for $46.5m (£30m) by Lyceum Capital, a London-based private equity house whose investments range from security, to care services, media, and food retail. Infosecurity magazine spoke with its CEO, and its new owner. “Lyceum is focused on mid-cap UK-based companies. They are a ‘buy and build’ equity investor”, says Richard Turner, who will remain as CEO. “Private equity has a keen eye for quality assets in the security industry. They look at the technology, the customer base, and the distribution channels.” According to Turner, the deal will allow Clearswift to grow organically, but also to grow through its own acquisitions, as businesses look to consolidate their security spending.


“What we look for in our acquisitions are good market fundamentals”, explains Jeremy Hand, a managing partner at Lyceum. “Clearswift has an impressive and loyal international customer base – especially government and defense clients that are attracted by the company’s software – which is capable of dealing with the largest and most complex threats.


“The business fundamentals are strong, and Richard Turner has done a great job re-positioning the company. It has a well-invested software product with a differentiated offering, and a good reputation and positioning with customers”, Hand continues. “[We saw] strong underlying growth rates and low customer churn, with a clear strategy driven by capable management.”


As an investor, Lyceum has clear plans to help Clearswift grow. “Scale is an obvious advantage in terms of product development, threat identifi cation and the recovery of fi xed costs associated with sales and administration”, says Hand. “In the growing, but still young and fragmented IT security market, we would expect to see market consolidation. This has indeed happened to some extent, but we expect to see more over the next few years. Accelerated growth, both organically and through M&A, are certainly central to Clearswift’s plans over the next few years.” Turner agrees that the market can only consolidate further. “Security has resisted [acquisitions] more than the general IT market, but customers want to deal with as few people as possible, to get the job done”, he says.


www.infosecurity-magazine.com /// 41


In my experience, [mergers and acquisition] deals have not benefited users


acquisitions have been asset-stripped for interesting technology, leaving the original users behind; in some cases, acquisitions have been made simply to remove a competitor from the marketplace. Walker also suggests that the presence of two large security vendors in the market brings its own problems. “Two big players – Symantec and McAfee – from a customer choice point of view, is not benefi cial to the industry”, he says. Buyers of IT security, however, can do little to protect themselves from the possibility that a supplier is bought out, suggests Walker. “The danger with niche players is that larger players buy them, and they could disappear overnight”, he says. “But smaller players can run into fi nancial trouble, and disappear. You can do your due diligence, but there are no guarantees.” The best way to protect security investments, Walker says, is always to buy into technology based on industry standards, and which support interoperability. In a market where deal-making may well increase, it is solid advice.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60