Confab-ulous M&A at two cloud companies

Contact: Brenon Daly

Two of the most richly valued tech companies are each hosting annual get-togethers this week, and M&A is figuring into both of the confabs. VMware opened VMworld in Las Vegas on Monday, while saleforce.com followed a day later with Dreamforce in San Francisco. As these companies were getting ready to open the doors for the event, both announced that they had done acquisitions – with both deals coming in the security market.

VMware reached for PacketMotion, a startup that was able to capture who’s doing what on a network and whether they should be doing that at all. VMware indicated that the acquisition should allow its customers to automate security and compliance policies. For its part, salesforce.com added encryption vendor Navajo Systems. While terms weren’t announced on either transaction, we suspect that the price tags for both startups were in the low tens of millions of dollars. On the other side, we’d note that, collectively, VMware and saleforce.com are valued at north of $50bn.

Part of the tremendously rich valuation that both VMware and salesforce.com enjoy can be chalked up to the fact that each company is the sort of corporate representation for two key components of the whole cloud computing model: VMware for virtualization and salesforce.com for on-demand delivery of software and, more recently, infrastructure.

So it’s no surprise that these cloud stalwarts both recognized the need to shore up their cloud offerings by going out and buying security startups. After all, security remains probably the most important concern for broader adoption of cloud computing. In a recent survey, our sister organization ChangeWave Research asked both IT purchasers and users at companies to rate the security of current cloud offerings on a scale of 1 (very unsecure) to 10 (very secure). The median response was a distinctly middling 5.6. As a point of reference, the rating for cloud security was actually lower than the median rating for the reliability of cloud offerings, even after several high-profile outages at Amazon Web Services so far this year.

The saga of Certicom’s sale

Contact:  Brenon Daly

After more than two months of bid and counterbid, the saga of the sale of Certicom appears to be nearing its close. In early December, fellow Canadian tech company Research in Motion tossed out a low-ball bid of $1.21 for each of the 43.7 million shares of Certicom. Overall, that valued the cryptography vendor at some $53m. We should hasten to add that RIM’s offer was unsolicited.

Certicom, along with adviser TD Securities, mulled over the offer for about three weeks before saying ‘thanks but no thanks’ to RIM. Undeterred, RIM kept its bid alive for the next month, before officially pulling it January 20. Three days after that, VeriSign stepped in with an offer of $1.67 for each Certicom share, or a total of $73m.

Just last week, RIM reentered the picture with a bid of $2.44 per share, or about $106m. (Viewed another way, RIM’s new offer values Certicom at exactly twice the level as its initial bid.) As part of the terms, VeriSign now has until Wednesday to up its offer or see Certicom go to RIM. (The deal carries a $4m breakup fee.)

Of course, there could always be a third suitor in the picture. If we had to pick one likely candidate, we might tap IBM. Last April, Big Blue inked a ‘multiyear, multimillion-dollar’ license agreement with Certicom, and has already handed over a $2m upfront payment.

Sophos bags an elephant

In a twist on a private-public transaction, Sophos laid out on Monday a bold $340m plan to pick up Utimaco, an encryption vendor that trades on the Frankfurt Stock Exchange. Rather than rolling into the public company, Sophos plans to take Utimaco off the market. It plans to fund the acquisition by drawing on three sources. (My colleague, Nick Selby, has the details on the financing as well as the strategy.)

The financing is crucial because this deal is a whopper. If it goes through, it’ll be the largest IT security deal in seven months. More significantly, however, Sophos’ planned acquisition of Utimaco stands as the biggest purchase by a privately held security company. In fact, it’s nearly twice the size as the number two deal, Barracuda’s unsolicited run at Sourcefire. (And it’s not certain that deal will close at all. Sourcefire, which is slated to report second-quarter earnings on Thursday, has shot down the deal so far.)

Although Utimaco will be erased from the market, we view the disappearance as temporary. Once the two companies get through the integration, we expect Sophos to try to go public once again. (Recall that last fall, it announced plans to list on the London Stock Exchange but shelved them as the markets deteriorated.) Among the underwriters for the planned IPO was Deutsche Bank, which advised Sophos on the purchase of Utimaco. Indeed, it was the same DB banker on this deal that also co-advised on a very similar transaction last fall, McAfee’s $350m purchase of Dutch encryption vendor SafeBoot. (DB and UBS Investment Bank advised SafeBoot, while Morgan Stanley advised McAfee.)