While IBM jumped into security with the acquisition of companies such as Consul, Internet Security Systems, Micromuse and Watchfire, Hewlett-Packard sat on the sidelines. This week, HP grabbed SPI Dynamics, an application security play that started a "who will HP buy next?" buzz on the mergers-and-acquisitions grapevine.
Yes, I've heard the rumors about McAfee and Symantec, but I don't believe them. McAfee is too deep into the desktop, an area that HP has continuously shied away from. Symantec has roots in desktop security as well and would also be a big pill to swallow. The debate over whether HP's Compaq acquisition was a success or failure is still too hot in the HP boardroom. Symantec would reinvigorate this discussion.
So if not McAfee or Symantec, who should, or will, HP buy? Here are a few thoughts:
1. HP buys Check Point Software Technologies. This one is a long shot as it would cost HP around $6 billion and require a few large Check Point shareholders to approve the deal. Nevertheless, this acquisition would make sense. HP is one of the best-kept secrets in the networking-gear space, the No. 2 vendor in terms of ports shipped per year to Cisco Systems. Check Point would provide a complementary portfolio of enterprise network security products and customers, and it would give HP's ProCurve networking products an easy entrance into Cisco's backyard. Besides, Check Point is wildly profitable and is sitting on more than $1 billion in cash and other current assets.
2. HP gets into security-management software. The players here are a lot smaller, so this type of purchase is more likely. I'm thinking about a vendor like ArcSight, Intellitactics, Arbor Networks, Mazu Networks, or Q1 Labs. Anyone of these could be folded into the OpenView network-management software division. This could also be a good start for an HP offering in managed security services.
3. HP goes for PKI. Everyone loves to beat down PKI--or public key infrastructure--as a overly complex technology, but sales are starting to pick up. This would help HP get a bigger piece of phat government contracts and provide a shot in the arm to HP's technically strong but marketing challenged identity business.
4. How about data security? PGP is a sleeper even though it has been bought and sold more times than Nantucket real estate. I can see PGP helping HP grab a leadership position in data governance, an area you will hear loads about in the next few years.
I certainly believe that HP is easing its way into security over the next few years, which probably means we can forget about a Check Point, McAfee, or Symantec acquisition. Anything else is possible.