Archives

security

Dell sells RSA to consortium led by Symphony Technology Group for over $2B

Dell Technologies announced today that it was selling legacy security firm, RSA for $2.075 billion to a consortium of investors led by Symphony Technology Group. Other investors include Ontario Teachers’ Pension Plan Board and AlpInvest Partners.

RSA came to Dell when it bought EMC for $67 billion in 2015. EMC had bought the company in 2006 for a similar price it was sold for today, $2.1 billion. The deal includes several pieces including the RSA security conference held each year in San Francisco.

As for products, the consortium gets RSA Archer, RSA NetWitness Platform, RSA SecurID, RSA Fraud and Risk Intelligence — in addition to the conference. At the time of the EMC acquisition, Michael Dell actually called out RSA as one of the companies he looked forward to welcoming to the Dell family after the deal was completed in a letter to customers.

“I am excited to work with the EMC, VMware, Pivotal, VCE, Virtustream and RSA teams, and I am personally committed to the success of our new company, our partners and above all, to you, our customers,” Dell wrote at the time.

Times change however, and perhaps Dell decided it was simply time to get some cash and jettison the veteran security company to go a bit more modern, as RSA’s approach no longer aligned with Dell’s company-wide security strategy.

“The strategies of RSA and Dell Technologies have evolved to address different business needs with different go-to-market models. The sale of RSA gives us greater flexibility to focus on integrated innovation across Dell Technologies, while allowing RSA to focus on its strategy of providing risk, security and fraud teams with the ability to holistically manage digital risk,” Dell Technology’s chief operating officer and vice chairman Jeff Clarke,” wrote in a blog post announcing the deal.

Meanwhile RSA president Rohit Ghai tried to put a happy spin on the outcome, framing it as the next step in the company’s long and storied history. “The one constant in every episode of our existence has been our focus on the success of our customers and our ability to endure through market disruption by innovating on behalf of our customers,” he wrote in a blog post on the RSA company website.

The deal is subject to the normal kinds of regulatory approval before it is finalized.

Ring slightly overhauls security and privacy, but it’s still not enough

Security camera maker Ring is updating its service to improve account security and give more control when it comes to privacy. Once again, this is yet another update that makes the overall experience slightly better but the Amazon-owned company is still not doing enough to protect its users.

First, Ring is reversing its stance when it comes to two-factor authentication. Two-factor authentication is now mandatory — you can’t even opt out. So the next time you login on your Ring account, you’ll receive a six-digit code via email or text message to confirm your login request.

This is very different from what Ring founder Jamie Siminoff told me at CES in early January:

“So now, we’re going one step further, which is for two-factor authentication. We really want to make it an opt-out, not an opt-in. You still want to let people opt out of it because there are people that just don’t want it. You don’t want to force it, but you want to make it as forceful as you can be without hurting the customer experience.”

Security experts all say that sending you a code by text message isn’t perfect. It’s better than no form of two-factor authentication, but text messages are not secure. They’re also tied to your phone number. That’s why SIM-swapping attacks are on the rise.

As for sending you a code via email, it really depends on your email account. If you haven’t enabled two-factor authentication on your email account, then Ring’s implementation of two-factor authentication is basically worthless. Ring should let you use app-based two-factor with the ability to turn off other methods in your account.

And that doesn’t solve Ring’s password issues. As Motherboard originally found out, Ring doesn’t prevent you from using a weak password and reusing passwords that have been compromised in security breaches from third-party services.

A couple of weeks ago, TechCrunch’s Zack Whittaker could create a Ring account with “12345678” and “password” as the password. He created another account with “password” a few minutes ago.

When it comes to privacy, the EFF called out Ring’s app as it shares a ton of information with third-party services, such as branch.io, mixpanel.com, appsflyer.com and facebook.com. Worse, Ring doesn’t require meaningful consent from the user.

You can now opt out of third-party services that help Ring serve personalized advertising. As for analytics, Ring is temporarily removing most third-party analytics services from its apps (but not all). The company plans on adding a menu to opt out of third-party analytics services in a future update.

Enabling third-party trackers and letting you opt out later isn’t GDPR compliant. So I hope the onboarding experience is going to change as well as the company shouldn’t enable these features without proper consent at all.

Ring could have used this opportunity to adopt a far stronger stance when it comes to privacy. The company sells devices that you set up in your garden, your living room and sometimes even your bedroom. Users certainly don’t want third-party companies to learn more about your interactions with Ring’s services. But it seems like Ring’s motto is still: “If we can do it, why shouldn’t we do it.”

Egnyte unifies its security and productivity tooling into single platform

Egnyte announced today it was combining its two main products — Egnyte Protect and Egnyte Connect — into a single platform to help customers manage, govern and secure the data from a single set of tools.

Egynte co-founder and CEO Vineet Jain says that this new single platform approach is being driven chiefly by the sheer volume of data they are seeing from customers, especially as they shift from on-prem to the cloud.

“The underlying pervasive theme is that there’s a rapid acceleration of data going to the cloud and we’ve seen that in our customers,” Jain told TechCrunch. He says that long-time customers have been shifting from terabytes to petabytes of data, while new customers are starting out with a few hundred terabytes instead of five or ten.

As this has happened, he says customers are asking for a way to deal with this data glut with a single platform because the volume of data makes it too much to handle with separate tools. “Instead of looking at this as separate problems, customers are saying they want a solution that helps address the productivity part at the same time as the security part. That’s because there is more data in the cloud, and concerns around data security and privacy, along with increasing compliance requirements, are driving the need to have it in one unified platform,” he explained.

The company is doing this because managing the data needs to be tied to security and governance policies. “They are not ultimately separate ideas,” Jain says.

Jain says up until recently, the company saw the data management piece as the way into a customer, and after they had that locked down, they would move to layer on security and compliance as a value-add. Today, partly due to the data glut and partly due to compliance regulations, Jain says, these are no longer separate ideas, and his company has evolved its approach to meet the changing requirements of customers.

Egnyte was founded in 2007 and has raised over $138 million on a $460 million post valuation, according to Pitchbook data. Its most recent round was $75 million led by Goldman Sachs in September, 2018. Egnyte passed the $100 million ARR mark in November.