Hewlett-Packard Enterprise (NYSE:HPE) recently partnered with CyberArk (NASDAQ:CYBR) to launch the HPE Privileged Account Management (PAM) Service, which will expand its HPE Managed Security Services portfolio by protecting internal accounts from hackers or disgruntled employees.
According to CyberArk, 80% of all targeted attacks exploit privileged accounts during the attack process. Research firm Gartner predicts that regulatory fines for organizations with deficient PAM controls could rise 40% by 2017.
The new service will combine the resources of ten HPE Security Operations Centers worldwide with CyberArk's PAM platform to help organizations address major security challenges like insider threats, malware, advanced targeted attacks, and the outsourcing of internal information. CyberArk's platform can be deployed on-premise, in the hybrid cloud, and within other controlled environments. Let's take a look at what this deal means for both companies.
What this deal means for CyberArk
HPE's choice of CyberArk as its PAM partner reaffirms its position as the "best in breed" leader in the niche sector. Research firm IDC calls CyberArk the "PAM pure-play 'big gorilla' with the most revenue and largest customer base" in the market. Its PAM solution is used by over 2,600 customers worldwide, including 40% of Fortune 100 companies and 17 of the 20 biggest banks in the world. It's also the only comprehensive PAM solution certified by the U.S. Department of Defense.
Partnering with HPE also complements the C3 Alliance, a PAM consortium CyberArk launched in April. Those partners, which include Symantec, Intel Security, FireEye, and now HPE, will integrate CyberArk's PAM solutions into their own security platforms. The C3 Alliance helps CyberArk counter the threat of bigger and more diversified competitors like CA disrupting the market with cheaper bundled PAM solutions.
HPE's partnership also indicates that potential rivals can become allies. HPE's IAM (Identity and Access Management) Service initially seemed like a threat to CyberArk, but HPE is now integrating CyberArk's solutions into the platform to increase its effectiveness. IBM's own PAM platform was also once considered a threat, but Big Blue also integrated CyberArk's PAM solutions into its Security QRadar SIEM (Security Information and Event Management) platform last December.
What this deal means for HPE
HPE's security portfolio is part of its Software business, which also includes its big data and IT management software. Revenue at that unit fell 13% annually to $774 million last quarter and accounted for 6% of the company's top line. HPE noted that weak demand for IT management software offset gains from its security and big data solutions. However, pre-tax income at the Software business rose 21% to $192 million, or 15% of its bottom line, thanks to better cost controls.
HPE's security business is small, but it's categorized as a high growth segment alongside its cloud and big data businesses. During the first quarter, HPE noted that revenue from those three units rose 30% annually, but it didn't provide an exact sales figure (the cloud business is included in the Enterprise Services segment) or update that percentage during the second quarter.
Like CyberArk, HPE is trying to expand the reach of its security platform by integrating it with other companies' platforms via the HPE Security Technology Alliance Program. Sales of security software to these customers can lead to purchases of HPE's other IT, cloud, big data, and enterprise hardware and software solutions. That bundling strategy can widen its moat against major enterprise rivals like IBM. Therefore, HPE investors shouldn't simply value its security business in terms of revenue or operating income -- it can also be considered a way to tether new organizations to its ecosystem.
A great deal for CyberArk, a good one for HPE
This partnership is a win-win deal for CyberArk and HPE, but it will likely benefit the former more than the latter. That's because it reinforces CyberArk's dominance of the PAM market, ensuring its niche is well-protected and that its business can generate over 30% sales growth this year. As for HPE, the partnership strengthens its small but growing security business, but it probably won't make a meaningful impact on its top or bottom line growth.