|RSA Security Investor Summary February 2006 ? 2005 RSA Security Inc. All rights reserved (NASDAQ: RSAS)
|Risk Statements This presentation may contain forward-looking information regarding future events, plans and prospects for the Company. These statements are based on current expectations and are subject to a number of risks and uncertainties. Actual results may differ materially based in part on various important factors, including those found in the management's discussion and analysis section of the Company's Form 10-K and our most recent 10-Q as filed with the Securities and Exchange Commission. We do not undertake any duty to update any forward-looking information.
|Agenda RSA Security Solutions Overview Expanding Authentication Solution Strategy Market Segment Strategies Consumer Solutions Division Enterprise Solutions Division Developer Solutions Division Financial Metrics Why we'll succeed
|RSA Security's Value RSA Security is the expert in protecting identities and digital assets. RSA Security invented core security technologies for the Internet and continues to build on its 20 years of innovation.
|Call center Branch office Business partner Customer Data Online customer Trusted Identity Trusted Identity Access Management Protecting Online Identities and Digital Assets
|Risk-based Authentication Segment-based Authentication Access Control Anti-Fraud Services RSA Security's Go-To-Market Model Technology Map Enterprise Consumer Data Protection Encryption Adaptive authentication, end-to-end protection Protecting data at rest and in transit future Establishing and leveraging trusted identities
|Agenda RSA Security Solutions Overview Expanding Authentication Solution Strategy Market Segment Strategies Consumer Solutions Division Enterprise Solutions Division Developer Solutions Division Financial Metrics Why we'll succeed
|Authentication Requirements Vary: No 'one size fits all' Risk Appropriate Security Threat assessment Likelihood of attack Magnitude of loss Total Cost of Ownership Deployment Acquisition Operation End-User Fit Convenience + ease of use vs. acceptable risk Portability Multi-purpose Cost Convenience Security
|Enhanced Authentication Strategy Offer broader choice of authentication solutions Different levels of security, price points and usability characteristics Offer broader range of authentication technologies, including OTP, digital certificate, biometric, life questions and transparent, risk- based solutions Expand the range of authentication devices Increase leverage and interoperability of RSA(r) authentication solutions Single Sign-on offerings from RSA Security Interoperability with 3rd party SSO solutions Embracing authentication industry standards, e.g. OTPS
|10 1000 10000 100000 1000000 Risk-based 5 4 3.5 1.5 2 OTP 35 20 10 5 3 3 Factor 60 50 40 30 20 Broad Spectrum of Pricing Options # of users SMB Enterprise Consumer Cost per user, per year OTP hardware & software tokens 3-factor (smart card, biometric, PIN Risk-based, transparent authentication
|Agenda RSA Security Solutions Overview Expanding Authentication Solution Strategy Market Segment Strategies Consumer Solutions Division Enterprise Solutions Division Developer Solutions Division Financial Metrics Why we'll succeed
|Hundreds of millions of users transacting online Online Banking Users Online Trading Users e-Commerce Users ~200M ~400 M ~17 M
|Recent Legislation and Guidance Has Created a Near Term Opportunity United States FDIC December 2004's "Putting an End to Account-Hijacking Identity Theft" suggests upgrading from single-factor to two-factor authentication for access to online banking FFIEC guidance in October 2005 Considers single-factor authentication, as the only control mechanism, to be inadequate for online banking, banks should use methods that are both effective and appropriate to the risks associated with online banking. SEC Published an investor guide advising Americans to "install a personal firewall and security software package, use a security token..." Europe Multiple data protection laws All data-holding companies are required to apply a "appropriate" levels of security to sensitive personal data Singapore Monetary Authority of Singapore - November 2005 requires two-factor authentication login for all types of internet banking system to be implemented by December 2006, repeated two-factor authentication is recommended for high risk transactions Japan Act on Protection of Personal Information (effective from April 2005) establishes policies to govern collection of citizen's personal information
|RSA Security's Consumer Solutions End to end offering External Treats Pre Login Authentication Strong Authentication Transaction Protection Stop Phishing & Pharming via a 24x7 Service Validate Site to User via digital watermarks Login & Transaction Authentication via risk & segment based authentication Fraud & Risk Management via transaction monitoring
|Risk-based authentication real-time, invisible Segment-based authentication - pre-defined Pre-defined User Segments Continuing Transaction HW/SW Token Device Recognition 1% High risk Real-time Risk Assessment 99% Low risk Extra Authentication Shared Secret Out-of-band Phone Auth. RSA Security's Consumer Solution Adaptive Authentication
|Scoring Results Profiling Expanding into Transaction Anti-Fraud Services Analyze each online transaction (e-commerce, banking, trading, etc.) Score each transaction on a scale of 1-1000 Set rules Block high risk transactions Internet communication information Proprietary device fingerprints Transactional data & patterns Remote proxies Cyota eFraudNetwork eRisk Engine
|Rules Management Customer Service Reports Provisioning Unified Integration Layer Risk-based Authentication Module Secret Questions Automated Phone Call 3rd Party Auth. API Transaction Signing Software Tokens Hard Token RSA/Others Segment-based Authentication Module ? eFraudNetwork: Cross Bank Shared Fraud Repository Watermarks Consumer Adaptive Authentication Solution
|Customer Success: Washington Mutual Online banking w/risk-based authentication Washington Mutual operates more than 2,400 retail banking, mortgage lending, commercial banking and financial services offices across US Purchased solution in Q4 2005 for risk-based multi-factor authentication solution to provide enhanced security for its online banking users Analyzes every online login and transaction and scores potential risk based on a broad range of criteria Invokes additional authentication methods in real-time when potential risk detected Engages in real-time world-wide fraud detection network
|Customer Success: Japan Net Bank/SMBC Online Banking with OTP tokens Japan Net Bank $10 million for RSA SecurID(r) Consumer Authentication Largest deal in the history of RSA Security - new customer in Q4 2005 First bank in the world to deliver two-factor tokens to all active account holders Protecting over one million online banking customers with RSA SecurID authentication Deploying RSA SecurID authentication to all customers over next 12 months Part of the bank's strategy to reinforce online banking security Sumitomo Mitsui Banking Corporation SMBC is one of Japan's top bank SMBC One's Direct network is one of largest in Japan (6M+ users) One's Direct recognized as premier online banking service in Japan First financial institution in Japan to offer two-factor authentication for online banking customers Available to any One's Direct customer, regardless of account size or transaction volume Monthly service charge is 100 yen -- less that $1 per month! Japan Net Bank
|Agenda RSA Security Solutions Overview Expanding Authentication Solution Strategy Market Segment Strategies Consumer Solutions Division Enterprise Solutions Division Developer Solutions Division Financial Metrics Why we'll succeed
|17M users of RSA Security strong authentication Source: RSA Security estimates as of October 2005 93M remote access users +400M online business users Significant Market Opportunity
|Market-leading OTP Risk-based authentication Digital certificate solutions Enterprise Solutions Establishing and Leveraging Trusted Identities Web SSO and Access Management Enterprise SSO Cross-Domain SSO (Federation) Embedded functionality Deployment Manager Smart Card Management New product Best-of-breed technology High growth market Unique offering User & Credential Management Trusted Identity
|Customer Success: Hudson Advisors RSA SecurID solution with enterprise SSO 1,200 employees and 30 offices worldwide 14 systems - 2-3 min. per day/user managing logons Customer challenges: Easing password and help desk burdens Ensuring strength of user passwords SSO into customer applications and solutions such as Oracle ERP Six-week bake-off led to RSA(r) Sign-On Manager 4.5 and RSA SecurID two-factor authentication Vasco two-factor authentication token swap-out 4:1 ROI (benefit "in the millions") IntelliAccess self-service reduces help desk calls
|Customer Success: American Water RSA SecurID solution with multiple SSO solutions $2 billion; large water services provider in North America (serving 29 states and 3 Canadian provinces) March 2002: RSA Authentication Manager and RSA SecurID solution deployed for data on field laptops Needed smart card-based solution for ID, authentication Deployed RSA Smart Cards, RSA Sign-On Manager and RSA Digital Certificate Solutions Selected RSA ClearTrust(r) software for portal project; seeking robust access control capabilities Purchased RSA(r) Federated Identity Manager RSA Security named American Water's "Strategic Security Partner"
|Agenda RSA Security Solutions Overview Expanding Authentication Solution Strategy Market Segment Strategies Consumer Solutions Division Enterprise Solutions Division Developer Solutions Division Financial Metrics Why we'll succeed
|Data Protection Market Needs Software & Device OEM Market Quality security solutions to protect IP Available customization & Support Adaptable security to meet constrained resource requirements Government & Aerospace Market Certified Off the Shelf Solutions Suite B, FIPS Elliptic Curve Cryptography (ECC) Customization Services Enterprise Market Protection of credit and other personal data Solutions that can integrate easily into the existing information lifecycle Sharing of risk with reputable, name-brand vendors
|Application File / OS Databases Storage / Tapes Laptops/PDA's RSA Enterprise Data Protection Management Near-Term Expansion Database Encryption Possible Expansion RSA Identity & Access Management Partner Solution Partner Solution RSA Data Protection Professional Services File System Encryption Application Encryption Security Policy & Control Central Key Mgmt & Storage Monitoring & Audits How We Approach EDP Opportunities Deliver a comprehensive solution that addresses data protection needs Across multiple data tiers Using a common centralized management framework
|Customer Success: Accor North America PCI data protection with multiple products Accor North America 1,200 upscale and economy hotels in U.S., Canada and Mexico Facing PCI Data Security Standard compliance; needed enterprise data protection Existing RSA Certificate Manager and RSA Validation Manager customer, turned to RSA Security for solution RSA Key Manager Selected RSA Federated Identity Manager for federation project, RSA ClearTrust software for access management
|Agenda RSA Security Solutions Overview Expanding Authentication Solution Strategy Market Segment Strategies Consumer Solutions Division Enterprise Solutions Division Developer Solutions Division Financial Metrics Why we'll succeed
|Financial Results - Balance Sheet
|Business Model - P&L % of Revenue * Includes $2.1M restructuring charge and $1.3M inventory charge in Q4 05 77
|Q4 2005 Financial Results Q4 Operating Metrics Record Bookings of $107 M Record Product / Service Backlog @ $31.7M Deferred Revenue Increased to $54.9M Total Short Term Deferred Revenue, Contracts, and Backlog entering 2006 @ $80.2M Revenues up sequentially to $81.7M Up 7% Q/Q Record 1.55 Million Authentication Credentials Shipped Includes ~500K Consumer Units GAAP Earnings per share $.16 Cash currently at $187.8M Q4 2004 Revenue Q4 2005 Revenue Enterprise 73.3 76 OEM/Dev 9.9 5.7 $ in Millions 7 $83.2 $81.7
|Financial Metrics Defined Total estimated unrecognized revenue from managed service contracts - contracted monthly fixed & variable fees based on an estimated number of units for the remaining term of the contract. Primarily related to Cyota, contract terms are 1 - 3 years. Contracts are billed monthly & excluded from deferred revenue; also not included in total products & services backlog. Total product & services backlog - contracted orders for products, maintenance and professional services that have not been fulfilled. The short-term component of these metrics is expected to be recognized as revenue in the next 12 months
|Agenda RSA Security Solutions Overview Expanding Authentication Solution Strategy Market Segment Strategies Consumer Solutions Division Enterprise Solutions Division Developer Solutions Division Financial Metrics Why we'll succeed
|RSA Security Competitive Differentiators Full suite of identity & access management offerings Protecting data at rest and in transit First to market with risk-based, layered authentication portfolio Robust on-premise and service-based offerings Anti-phishing/pharming and transaction protection solutions Highest quality producer of enterprise strong authentication Extensive customer experience and testing Independent third party test results Exceptional customer service and support Flexible lead times for fast delivery Lowest total cost of ownership (TCO)
|Expanding Market and Offering Expanding markets Consumer banking & brokerage market is hot, global opportunities Core remote access and enterprise desktop user opportunities continue to grow New products and services Cyota acquisition significantly enhances RSA Security's portfolio Recent updates to RSA Sign-on Manager and RSA SecurID for Microsoft(r) Windows(r) solution RSA Card Manager solution RSA BSAFE(r) Data Security Manager and Key Management Solutions
|Programs for Growth Sales and distribution Revamped direct selling strategy, integrating direct touch teams Single integrated solution to enterprise customers Named account managers jointly selling enterprise and developer solutions Dedicated consumer team selling alongside full enterprise team, penetrating key accounts New RSA SecurWorldTM Partner Program Record number of trained partners Record number of registered deals Hundreds of new customers acquired each quarter, and growing