A spokesperson for Islandia, New York-based CA said a definitive agreement is expected by the end of this year, and that as part of the deal HCL, which has its headquarters in Noida, near the capital Delhi, will take 375 CA staffers in the US, Australia, Israel and India onto its staff. Additional CA employees in the European Union may also be transferred to HCL, subject to a successful outcome to negotiations that will commence once the deal closes.
The products involved in the agreement cover anti-virus, anti-spam, anti-spyware, integrated threat manager (ITM), host-based intrusion prevention system (HIPS), secure content manager (SCM), internet security suite and firewall.
In other words, all the usual suspects in edge security technologies, for which HCL will take over all the threat research and writing the signatures for the AV and IPS products, as well as the overall development of the portfolio. CA, however, will continue to do all the marketing and sales for the products, which will also continue to bear its name.
This will leave CA to concentrate its own development resources in information security on identity and access management (I&AM), the spokesperson went on.
Our View
The infosec industry can be divided into two camps: edge security, which is all the technologies devoted to keeping the bad guys out of a corporate network, and core security, which is all about controlling what people who are inside the firewall, whether employees on the intranet or partners and customers on an extranet, can access. The overwhelming majority of vendors in the space have tended to focus on one of the other, to such an extent that most of the feverish M&A activity that characterizes the sector has stayed within one or other of the two camps.
CA has been something of an exception in seeking to offer an extensive family of products on both sides of the security business and, until now, support them with its own R&D resources. Now it has opted to hand the responsibility for all the edge security portfolio off to HCL, presumably because that side of infosec is a more commoditized business where scale is important if you are going to compete with the Symantecs and McAfees of the world, while the margins may not be great.
Core security, or I&AM, by contrast, is a race with fewer horses, the frontrunners coming from the systems management world, i.e. CA’s traditional adversaries IBM, HP and BMC. EMC also has ambitions in this space after acquiring RSA, as does Microsoft.
Still, it’s a less hotly contested, less crowded space, and one where CA presumably feels it has more leverage with all its existing Unicenter customers, whereas the decision which AV or firewall vendor they go with with have little to do with what sysman framework they’re using.