In June 2006, EMC announced that it would acquire RSA Security for $2.1 billion, only to be met with a healthy dose of analyst skepticism and a 3 percent drop in its stock price. Many on Wall Street considered the price tag too high in light of RSA’s 2005 revenues of $310 million. Moreover, industry observers were disquieted by EMC’s unrelenting buying spree: RSA was merely the most expensive purchase out of a whopping 23 acquisitions it had made since early 2003, which have crossed the spectrum from systems management to content management to BPO.

CEO Joe Tucci calmly countered that his company was focused on the big picture of information management and was providing a way to weave security into EMC’s information infrastructure portfolio. The explanation and attempts to clarify the company’s vision have so far failed to seduce some veteran analysts.

“I haven’t heard a real story for EMC’s integration, and, frankly, I don’t really see that getting done,” says Laura DuBois, research director at IDC Storage Software.

Indeed, the big question mark for IT is whether EMC can successfully integrate such a diverse menu of companies and technologies. A few weeks before the RSA purchase, Gartner analyst Robert Passmore weighed in on the huge integration task ahead: “The good news about acquiring companies is you get there more quickly. The bad news is things don’t always work together. … One thing that helps [EMC] is that the quality of their acquisitions has been quite high. But it’s a mixed bag. The serious engineering and integration is still going to take time.” Several acquisitions later, his observation holds true.

IT customers were more approving, though alert to what may happen, for example, to RSA product lines and customer relationships once RSA became the security division of EMC. “With more than 2 million records in our patient database, we’re deeply concerned about security,” says Dr. John D. Halamka, CIO of Harvard Medical School and Beth Israel Deaconess Medical Center, who believes the RSA acquisition makes sense from a HIPAA standpoint because it helps ensure that certain data can be neither compromised nor modified. To the pessimists, EMC would simply say its strategy is in line with the enterprise’s evolution from data storage to information management and data security.

Staying the course on ILM

The difficult nature of efficiently managing information is precisely why EMC, at least until about a year ago, was beating the drum of ILM (information lifecycle management), the technology concept it had long endorsed for tagging and moving information while retaining and protecting it based on its business value at different points in its lifecycle. The results, it claimed, were lower storage and management costs, improved systems performance, and easier compliance.

EMC’s 2003 acquisition of Documentum was not simply to snag a platform that helps enterprises organize and manage exploding volumes of multimedia files. With it, EMC acquired many of the elements that make up the ILM stack, including searchability, classification, and a policy engine, according to Arun Taneja of the Taneja Group. Much of that technology, along with aspects of products from other acquisitions such as Legato and Smarts, has been integrated into its InfoScape ILM software.

ILM has been slow to take, however, as many companies have stuck with point solutions that focus on data movement in one data sector, such as messaging. Rather than shift the conversation, EMC has responded by expanding its vision. “We start with ILM but extend that strategy to building the entire information infrastructure, an information-centric way of managing data that works across any type of data or application,” says Mark S. Lewis, executive vice president and chief development officer.

According to Lewis, information services will ultimately exist as a peer in a service-oriented architecture, which means they’ll have to be fully autonomous, self-managed, secure, and able to interact with multiple applications. ProActivity, which EMC acquired in June, adds an essential awareness of the business processes in which that information is used, which is especially valuable in crafting protection policies.

So, what happened to ILM? “Fact is, ILM is still the most important capability we can deliver to our customers,” Lewis writes in a November 2006 blog post.

Four-pillar strategy

Information services within an SOA is but one pillar of EMC’s four-pillar strategy. The second is information security. “Over time, you’ll see us embed security into virtually every product we sell,” says CEO Joe Tucci, who hints that there will be a number of big announcements at this year’s RSA conference Feb. 5 - 9 in San Francisco.

It’s likely that EMC will take advantage of RSA’s two-factor authentication and back-end identity management platform to create role-based access control for storage management, according to the Enterprise Strategy Group, which expects it to add identity management to Documentum and VMware (acquired in 2004). EMC will also harness RSA’s BSAFE developer platform to add solid encryption and key management to information at rest on its storage platforms and as it moves from platform to platform in ILM. In the long term, EMC also plans to harness RSA’s platform, code-named Nexus, to provide a common security infrastructure for its product lines. Another recent acquisition, Authentica, acquired this past April, adds comprehensive DRM (digital rights management) while Network Intelligence captures an audit trail across systems for compliance and incident response.

The third pillar is virtualisation, which encompasses several EMC acquisitions, most notably VMware. Widely viewed as a solid company with equally solid virtualisation technology, VMware also provides a path from the server world into EMC’s own core storage and virtualisation offerings. “IDC studies show that those who buy server virtualisation are much more likely to buy storage virtualisation,” says DuBois. Or, to put it more bluntly: “If you consolidate 20 physical machines on one physical server, you’ll need some hefty network storage,” says Enterprise Strategy Group analyst Bob Babineau.

EMC is playing a delicate balancing game, however, as while it has integrated all its other acquisitions it has purposely kept VMware independent in order to keep IBM, HP, and other competing solution suppliers comfortable doing business with the company. As for storage virtualisation, Rainfinity supplements EMC’s SAN-based Invista platform with a server-based file virtualisation capability.

The fourth, IT orchestration and resource management, seems a bit of a stretch, until you remember that information availability extends beyond just storage to applications and infrastructure. “Just trying to manage storage in a vacuum from the standpoint of fault management and business process management makes no sense,” Lewis says. “With Smarts [acquired in 2005] we can introduce IT model-based management, which describes the principal behavior characteristics of the entire system. So when [access to information is disrupted] and you get thousands of error reports from applications, routers, nodes, etc., Smarts can take all that information in and say that the problem is really that your switch is broken.” nLayers (acquired in 2006) adds an understanding of the interdependencies of applications, resources, and business processes.

Leon Erlanger is a freelance author and consultant specializing in security.