OpenText/Micro Focus Agreement Signals New Phase of Consolidation
After 30 years in and around the security industry, I’m not surprised that business cycles repeat themselves over and over again. I’ve been through a number of boom/bust cycles – in 2022 we’ve clearly moved on to the bust part.
One way to get a sense of where we are in the cycle is to track mergers and acquisitions (M&A). During the boom, acquirers pay high valuations and high earnings multiples to drive growth. In the security industry, it’s 30x to 40x sales. It seems like a long time ago, but many were stunned to see Splunk buy Phantom for $350 million in 2018. As the cycle continues, valuations are inexplicably rising. Palo Alto bought Demisto about a year later for $560 million. Same market space, similar sized companies, but this deal closed at a significantly higher valuation.
As the cycle continued, many deals had multi-billion dollar valuations. Okta buying Auth0 for over $5 billion comes to mind. With deals funded by acquirers’ go-go growth stocks (or cheap debt raised by private equity firms), valuations don’t seem to matter. Until they do.
At some point, the cycle shifts (usually quite abruptly) into a bust mentality. Chicken Little thinking reigns supreme; the sky is falling and the multiple offers come to a halt. Then begins a new phase of consolidation. The targets are no longer high-growth companies, but rather mature, established companies with significant revenues and real cash flow, even if their growth is slow or non-existent.
It seems that when the global economy starts to slow down, it helps to be able to fund a business through cash flow. Go figure.
Clearly, in 2022 we are seeing the consolidation of larger, less interesting companies that missed a product cycle and saw their competitive position weaken. Last year we saw private equity firms acquire mature security companies like Forcepoint, RSA Security and McAfee Enterprise and FireEye (then merged by the investor into Trellix). Corporate acquirers are also bundling assets, as Broadcom bought Symantec (along with CA and VMware) and HelpSystems completed a dozen deals with smaller but slow-growing or no-growth security companies.
This brings us to last week’s news regarding The proposed acquisition of Micro Focus by OpenText. This is the part of our show where aggregators buy other aggregators into the technology version of Survivor. Only the aggregators with the largest scale and the safest cash flow can stay on the island. OpenText has been quite active in buying security companies (Guidance Software, Carbonite/Webroot, Zix, Bricata) and now they are adding Micro Focus security brands like ArcSight and Fortify. You remember those companies, right?
Let’s look at the deal from a security market perspective. The product lines of the two companies are quite complementary. OpenText brings functionality to the endpoint protection, email security, network detection, backup and incident response markets. Micro Focus has application security and security monitoring features. While you can’t say that any company’s products are market leaders, most have a large and slowly eroding customer base. This means that the products continue to generate cash flow during maintenance renewals. OpenText also migrated many of its offerings to the cloud much faster than Micro Focus. I expect Micro Focus’ offerings to begin moving to the cloud soon after the deal closes.
When mature companies merge like this, most customers don’t see much of a difference, at least for a while. Their renewal agreements may come with a different logo. But over time, aggregators have to reduce their costs to pay for these offers. This means reducing R&D and optimizing sales/marketing. If you’re still a Micro Focus customer, you probably shouldn’t expect much innovation, although it’s not like Micro Focus has been very innovative since it acquired the assets of HP security.
Conclusion : The OpenText/Micro Focus deal makes sense as OpenText seeks to continue expanding its product offering, particularly in the security markets. This poses no threat to the security market leaders, but as a way to get more and better profits from Micro Focus assets, it seems like a good move.