IBM has purchased Internet Security Systems Inc. (ISSX), an IBM partner since 1999, for $1.3 Billion.  ISS started in 1994 with one product, Internet Scanner, and has grown to a suite of security offerings including the ISS X-Force Intelligence Service credited with discovering a number of Microsoft security vulnerabilities in recent months.  This is IBM’s forth acquisition this month, and its 5th largest of all time, but hey, who’s counting.

Kristof Kloeckner, vice president of strategy and technology for IBM’s software group, was interviewed about the purchase by the Washington Post

He said, “We have enough freedom to do whatever is required to strengthen our business. We do not feel constrained”.  I think in this case someone should have constrained him.

From where I sit here in the cheap seats, it looks as though IBM has made its first bad acquisition of the yearThis Purchase is very expensive in my opinion.  IBM is spending $1.3 Billion dollars on a company that earned south of $40 Million last year.  And it’s not growing very fast either.  Revenues are expected to grow less than 10% this year.  IBM earns more on the interest from that cash than they will on Internet Security Systems products and services.  This is certain unless, as they surely expect to, IBM can drastically increase sales through existing contracts and cross sell their products and services to ISS clients.  I’m skeptical that either of these will amount to much.

Kloeckner went on to say, “This is something we couldn’t do before because we didn’t have the software assets to provide protection against Internet attacks.”  IBM plans to sell Internet Security Systems’ products as services through its global services unit and as software through its Tivoli software division.  When asked about the pace of the recent spate of acquisitions, Kloeckner said IBM will continue to make acquisitions to add products that complement the company’s line of software and services. But he declined to discuss specific areas of interest or say whether the pace of purchases will continue to accelerate.

A earlier article in the Post said the following:
 

The deal also should help that unit with its stated goal of improving profit margins by integrating more software and other “repeatable” offerings into services deals, avoiding the need for IBM consultants to create expensive, customized packages anew for each client.

I’m skeptical of this as IBM’s net margin company wide – from both low and high margin offerings – is 9.5%.  ISS’s is 10.5% and all they do is “high margin” stuff.  I concede that this was a great in for IBM into the security arena.  ISS is well respected for their research and they’ve been around forever.  They have good people from what I’ve read and do security very well.  All that aside, IBM is adding:

  • a software product
  • security expertise including a global network of security operation centers
  • a number of application developers and researchers in Georgia
  • a worldwide sales force

The sales force is likely duplicative, though experienced technical salespeople with deep relationships at big clients are worth keeping even if they overlap.  I just can’t see how IBM will be able to bill for these new assets other than by charging for the software.  If that’s the case; if IBM just paid $1.3 Billion for a product producing $40 million / year in profits, IBM has lost its sense.  A few posts ago, I mentioned how the IBM ECM offering is a bunch of moving pieces picked up by acquisition but not fully absorbed or integrated into a cohesive single architecture.  Perhaps IBM has a plan for where they want to be and feel as though they need to get there immediately before some major shift or potential sustainable competitive advantage is lost.  I’ve not heard mention of any such strategy.  The impression I’m getting is that IBM is going in too many directions and is committed to generalities and big picture goals but not specific execution.  By this time next year we should know, and I hope to be proven wrong.

From the other side, an article in Forbes quotes an S&P analyst as saying, “We are encouraged by the company’s recent moves and believe it will broaden and improve its business mix,”  He seems to be speaking of the 4 purchases in general rather than ISS specifically, but that’s what he said.  ISS was up 50% recently on news that IBM was buying it but another analyst, quoted on Reuters stated with respect to IBM drastically increasing ISS sales:

“Once IBM takes hold of it, it changes the whole ballgame. They have a whole bigger distribution channel. It is probably one of the most logical acquisitions I’ve seen in security software.”

For one last differing opinion, I give you the analyst quoted by c|net:

“In addition to improving IBM’s security portfolio…this acquisition furthers IBM’s (security as a service) initiatives”

I still think whatever the strategic fit, the purchase cannot possibly add value.

A final note concerning IBM and their recent shopping spree

IBM started the year with 9.9 Billion in cash on their balance sheet ($13.7 billion including marketable securities) and they generate slightly less than $10 Billion each year in free cash flow from ongoing operations.  They have certain fixed obligations that will hit against that amount, such as dividend payouts to the tune of $1.2 Billion and announced share buybacks likely to range between $3 Billion and $8 Billion each year.  I say all that to communicate that IBM can afford to make these cash purchases.  Furthermore IBM has decided that they’d rather pay cash to acquire a company than issue new IBM shares to the owners of those other companies, diluting their own company’s stock, effectively neutralizing their continued efforts at share repurchasing.  I don’t see any reason to fault them for this.

UPDATE (8/25/06): Analysts: IBM/ISS deal positive for customers.  I don’t think that means it’s best for IBM, but I concede that looking out for customers needs is seldom a bad move.

Tags:No Tags