On August 8, France-based security technology provider Gemalto announced a definitive agreement to acquire US-based firm SafeNet for US$890 million. Gemalto’s press release can be seen here, so we won’t rehash all the details in this blog post. However, we will provide a few comments regarding the potential synergies between the companies in the IoT/M2M market.
Both Gemalto and SafeNet have significant businesses in the banking and financial services markets. Among its many offerings, Gemalto is a leading supplier of EMV (Europay, MasterCard, and Visa) smartcards, as well as e-banking authentication solutions. SafeNet is a leading supplier of Hardware Security Modules (HSMs), which are dedicated appliances used for authentication, encryption, and cryptographic key management within datacenters at banks and financial institutions. (SafeNet says that its products protect over 80% of the world’s intra-bank fund transfers, nearly $1 trillion a day.)
About the only area where Gemalto and SafeNet products overlap is in end-user authentication devices, such as smartcards, one-time password (OTP) generators, and USB tokens. In an investor webcast announcing the SafeNet acquisition, Gemalto CEO Olivier Piou stated that within the market for such devices, “We have a very different distribution channel and type of customer. We very seldom compete against each other...”
Gemalto is also quite active outside the banking/financial sector.
In 2010, Gemalto acquired Cinterion, maker of wireless radios for cellular communications in embedded devices such as vehicles and industrial machinery. And in 2011, Gemalto acquired the assets of SensorLogic, a cloud-based service delivery platform for M2M devices. (At the time of the SensorLogic acquisition, that company had been on shaky financial grounds, and notably Gemalto did not acquire the SensorLogic company and its debts.)
With the SafeNet acquisition, Gemalto has assembled yet another piece of an end-to-end IoT/M2M solution.
In March 2014, VDC published a “Security Vendor Profile” on SafeNet. In that analysis, we noted:
“SafeNet has been in the information security business for nearly as long as there has been an information security business. Within its designated areas of focus — authentication, encryption, and software monetization — its depth of expertise is likely unmatched elsewhere. Currently, SafeNet’s solutions are suited primarily to enterprise data centers for authentication and encryption, and embedded devices based on PC hardware [e.g. ATMs and gaming machines] for software monetization. VDC believes that SafeNet could leverage its expertise to become a major provider of similar technologies in the smaller embedded device market. If the company can scale down some of its offerings to make them better suited to devices at the outer edges of the Internet of Things, SafeNet has the potential to scale up its business considerably.”
The Gemalto acquisition positions SafeNet to do what we suggested in that analysis.
Within Gemalto, VDC believes that SafeNet’s technologies could be applied particularly well in the automotive and vehicle telematics markets, where device authorization and data encryption are critical to vehicle-to-infrastructure (and forthcoming vehicle-to-vehicle) wireless communications. The combined Gemalto/SafeNet business has the potential to become a major player, for example, in the market for automotive Hardware Security Modules, competing with the likes of automotive powerhouse Bosch (and its security subsidiary ESCRYPT). What’s uncertain, however, is whether Gemalto will seek to take SafeNet in such a direction.
In his webcast announcing the SafeNet acquisition, Gemalto CEO Olivier Piou did not mention the automotive market, focusing on the payment/identity and mobile phone markets, leaving vague (presumably by intention) the company’s plans for its newest subsidiary in the rest of the IoT.