WhiteHat will operate as an independent subsidiary of NTT Security and retain both its name and its brand. They provide NTT with a capability it did not have in-house before at all, while receiving access to NTT’s broader array of security services. Initial feedback from partners at the RSA event was highly positive.
This week, WhiteHat Security and NTT Security Corporation, the security-focused arm of Tokyo-based conglomerate NTT [Nippon Telegraph and Telephone] Group, signed a definitive agreement through which NTT Security will acquire San Jose-based WhiteHat. The deal is expected to close in the second quarter, pending regulatory approval.
Once the deal closes, WhiteHat Security will operate as an independent, wholly-owned subsidiary of NTT Security Corporation.
“As an independent wholly-owned subsidiary, we will be operated with our current leadership team and structure,” said Craig Hinkley, CEO at WhiteHat Security. “We will also retain the White Hat name and brand.”
The deal was announced at the start of RSA, and Hinkley said that feedback at the event has been extremely bullish.
“We had had nothing but positive response at RSA from our top clients with whom we have spoken,” Hinkley said. “We have also spoken with channel partners here, and they understand the acquisition and are interested to see what capabilities we can now offer to them from the NTT side. They see this as a way through which they can have a more comprehensive offering to their end clients. This is a great strategic fit, because in the past, we were not a consulting shop. This allows us to introduce the NTT portfolio of services to our partners. It will accelerate our product innovation and bring our partners a broader set of services around security consulting.”
Hinkley also stressed that the deal will significantly expand WhiteHat’s global reach.
“WhiteHat is a global company, but we have been mainly focused on North America,” he said. “We have a strategic presence in EMEA, but not a large one. NTT has a much larger presence outside North America, and this will significantly accelerate our expansion into these markets.”
NTT Security and White Hat had already been strategic partners, and this dovetailed into WhiteHat’s strategic objectives and made being acquired a good fit for them.
“From a business strategy perspective, we had determined that 2019 was going to be a scale-out year for us,” Hinkley said. “Our CFO and myself had started a strategic financial process. We didn’t need additional financial help. We weren’t burning cash, and the company was growing at a mid-20 per cent rate. But we were interested in bringing in additional capital to help us scale out. We had had partnership with NTT over the last couple years, and that triggered the conversation with them about acquiring us.”
WhiteHat has been placing a greater emphasis on their DevSecOps business, emphasizing the development of those skills by partners in the recent reworking of their partner program, because customers tell them that’s what they want today. Hinkley said that both the DevSecOps and the traditional application security are important for NTT.
“NTT sees great usage of both our application security capabilities and our DevSecOps capabilities,” he said. “For them, this underscores the criticality of both application security and DevSecOps in the broader security ecosystem. Their vision is securing a smart and connected society for enterprises undergoing digital transformation, and our joining forces addresses that enterprise security need.”
The capabilities WhiteHat brings to NTT were ones that NTT did not have previously.
“NTT had neither application security nor a DevSecOps capability in their cyberservices before,” Hinkley said. “They saw an opportunity in this, and were also getting demand for it from clients.”
Hinkley indicated that the technical integration between the two companies is still in its early stages, and won’t really get underway until the government regulatory filing process is complete.
“From a product integration perspective, the issue is how do we integrate our platform into their services,” he said. “There is a lot of work we can do through API integration. Another point of integration is bringing that security data together to enrich it and make it actionable for our clients.”
However, while the integration needs to follow the acquisition process, the cross-selling can begin.
“We can commence selling NTT even before the integration is done, with the integration work coming later,” Hinkley said. “We will retain our direct sales teams and enhance sales through NTT group, and sell through our current partners.
“We will continue our own channel program without change,” Hinkley added. “We will treat the NTT operating companies as partners within our program.” The big one here is Dimension Data, the global solution provider, which NTT has owned since 2010.
“We will ensure that the constructs of our channel program prevents any channel conflict,” he noted. “The partner program will protect them, so that business won’t be flipped to an NTT Group channel.”