In June 2006, EMC announced that it would acquire RSA Security for $2.1 billion, only to be met with a healthy dose of analyst skepticism and a 3 percent drop in its stock price. Many on Wall Street considered the price tag too high in light of RSA’s 2005 revenues of $310 million. Moreover, industry observers were disquieted by EMC’s unrelenting buying spree: RSA was merely the most expensive purchase out of a whopping 23 acquisitions it had made since early 2003, which have crossed the spectrum from systems management to content management to BPO.

CEO Joe Tucci calmly countered that his company was focused on the big picture of information management and was providing a way to weave security into EMC’s information infrastructure portfolio. The explanation and attempts to clarify the company’s vision have so far failed to seduce some veteran analysts.

“I haven’t heard a real story for EMC’s integration, and, frankly, I don’t really see that getting done,” says Laura DuBois, research director at IDC Storage Software.

Indeed, the big question mark for IT is whether EMC can successfully integrate such a diverse menu of companies and technologies. A few weeks before the RSA purchase, Gartner analyst Robert Passmore weighed in on the huge integration task ahead: “The good news about acquiring companies is you get there more quickly. The bad news is things don’t always work together. … One thing that helps [EMC] is that the quality of their acquisitions has been quite high. But it’s a mixed bag. The serious engineering and integration is still going to take time.” Several acquisitions later, his observation holds true.

IT customers were more approving, though alert to what may happen, for example, to RSA product lines and customer relationships once RSA became the security division of EMC. “With more than 2 million records in our patient database, we’re deeply concerned about security,” says Dr. John D. Halamka, CIO of Harvard Medical School and Beth Israel Deaconess Medical Center, who believes the RSA acquisition makes sense from a HIPAA standpoint because it helps ensure that certain data can be neither compromised nor modified. To the pessimists, EMC would simply say its strategy is in line with the enterprise’s evolution from data storage to information management and data security.

Staying the course on ILM

The difficult nature of efficiently managing information is precisely why EMC, at least until about a year ago, was beating the drum of ILM (information lifecycle management), the technology concept it had long endorsed for tagging and moving information while retaining and protecting it based on its business value at different points in its lifecycle. The results, it claimed, were lower storage and management costs, improved systems performance, and easier compliance.

EMC’s 2003 acquisition of Documentum was not simply to snag a platform that helps enterprises organize and manage exploding volumes of multimedia files. With it, EMC acquired many of the elements that make up the ILM stack, including searchability, classification, and a policy engine, according to Arun Taneja of the Taneja Group. Much of that technology, along with aspects of products from other acquisitions such as Legato and Smarts, has been integrated into its InfoScape ILM software.

ILM has been slow to take, however, as many companies have stuck with point solutions that focus on data movement in one data sector, such as messaging. Rather than shift the conversation, EMC has responded by expanding its vision. “We start with ILM but extend that strategy to building the entire information infrastructure, an information-centric way of managing data that works across any type of data or application,” says Mark S. Lewis, executive vice president and chief development officer.

Click for larger view.