|RSA Security Investor Summary May 2006 ? 2006 RSA Security Inc. All rights reserved (NASDAQ: RSAS)
|Risk Statements This presentation may contain forward-looking information regarding future events, plans and prospects for the Company. These statements are based on current expectations and are subject to a number of risks and uncertainties. Actual results may differ materially based in part on various important factors, including those found in the management's discussion and analysis section of the Company's Form 10-K and our most recent 10-Q as filed with the Securities and Exchange Commission. We do not undertake any duty to update any forward-looking information.
|Who We Are 5 5 RSA Security is the expert in protecting online identities and digital assets RSA Security invented core security technologies for the Internet and continues to build on a 20 year history of innovation 2005 Annual revenue of $310 million Cash balance as of 3/31/06 of $208 million, approximately $2.90 per share Headquarters in Bedford, Mass., with offices around the world
|What We Do RSA Security's strength is in creating, managing and leveraging the TRUSTED IDENTITY In the Digital Age, every dealing and communication is founded on a Trusted Identity, without confidence in the identity of a person, site, device or business, all exchanges are flawed Once the Trusted Identity is established, it becomes the basis for what can be done online: What we can do; where we can go; what we can see The Trusted Identity is the safeguard - the key to enablement, and the key to protection
|20,000+ customers 90% of the Fortune 100, 70% of the Fortune 500 Hundreds of millions of consumers and transactions 70% market-share in strong authentication* Great depth across a wide breadth of organizations and industries Financial Services Technology Consulting Services Manufacturing Healthcare Telecommunications Government Who We Serve *Source: IDC Worldwide Forecast, 2004-2008
|Recent Announcements RSA Security acquired PassMark Security - 4/2006 The transaction was valued at approximately $44.7 million, consisting of $9 million in cash and approximately 2 million shares of RSA Security common stock Bill Harris, the former chairman of PassMark Security and the former CEO of Intuit and PayPal, joined RSA Security's board of directors S1 announced the availability of its risk-based authentication security solution to safeguard online banking customers. PassMark Security's industry-leading authentication technology serves as the foundation for the solution - 5/2006
|Partnering for Success RSA Secured(r) Partner Program Managed service partners Channel partners and system integrators Channel partners and system integrators Channel partners and system integrators Channel partners and system integrators Channel partners and system integrators Channel partners and system integrators Channel partners and system integrators
|Heightening regulatory compliance pressures Expanding mobile workforce Exploding number of passwords Increasing incidents of identity and data thefts Growing need to protect intellectual property Need for open systems to partners, suppliers and customers Mergers and acquisitions Heightening IT/security complexity More is expected from IT, but budgets are flat Adoption of information security Best Practices Reducing costs through streamlined operations Balancing security with usability and cost Key Business Challenges
|Trust Multi-Pronged Approach To Secure Information Access and Information Protection is Needed Front End Strong(er) authentication Internal access controls Social engineering Shredding Safety Screening... Back End Holistic fraud detection Stop money theft Multi-channel, cross-industry behavior detection Internet infrastructure Stop information theft Caller ID and black lists Data Encryption Mitigating controls *Source: Gartner
|Providing Authorized Access.... Blocking Unauthorized Access BANK Call center Branch office Online customer Customer Data Access Management Trusted Identity RSA Security's Strength - creating and managing the trusted identity Trusted Identity Trusted Identity Trusted Identity
|RSA Security: Solving Key Problems in Identity and Asset Protection How do you manage identities? How can you protect data? What can you do? Who are you? Employee Customer Partner Consumer Hacker Check status Enter order Transfer funds View documents Create Provision Manage Delete Encryption Mitigating controls
|Addressing Challenges Requires Key Capabilities How do you manage identities? How can you protect data? What can you do? Who are you? Access Management Enabling organizations to carefully manage access rights to protected resources Data Protection Preserving the confidentiality and integrity of sensitive data whether at rest or in transit Identity Administration Automating user life cycle management and administration, from user creation and modification to deletion Authentication & Credential Management Determining whether someone or something is, in fact, who or what it is declared to be
|Addressing Security Challenges How do you manage identities? How can you protect data? What can you do? Access Management RSA ClearTrust(r) software RSA Reporting and Compliance Manager RSA Federated Identity Manager Data Protection RSA BSAFE(r) encryption RSA Data Security Manager RSA Digital Certificate Solutions RSA Key Manager RSA Key Management Server Identity Administration RSA Reporting and Compliance Manager RSA Deployment Manager RSA SecurID(r) technology RSA(r) Authentication Manager RSA Adaptive Authentication RSA Sign-On Manager RSA Go ID Authentication Service RSA Federated Identity Manager RSA Digital Certificate Solutions RSA FraudActionTM software Authentication & Credential Management Who are you?
|RSA Security Competitive Differentiators Enterprise Full suite of identity & access management offerings with well-defined understanding of prospects Highest quality producer of enterprise strong authentication Strategy provides depth, breadth ? choice and flexibility Appliance offerings offer strong expansion opportunities into SMB Consumer Risk-based, layered authentication strategy unrivalled in the marketplace Depth, breadth....choice and flexibility across software and services Anti-phishing/pharming and transaction protection solutions Focused, integrated team Developer Proven, heavily-used technology ripe to meet regulatory needs Comprehensive solutions that protect data at rest and in transit Corporate Exceptional customer service and support Flexible lead times for fast delivery Size, stability and worldwide presence to assure customer success and continued innovation and execution
|Record Bookings of $95.5M, up 30% Y/Y Record Product / Service Backlog @ $32.9M $21.8M Increase Y/Y ~200% Def Rev Increased $7.3M (15% Y/Y) to $56.0M Revenues up 16% Y/Y and 7% Q/Q to $87.5M Developer revenue up 13% Y/Y GAAP EPS $.07, includes - $2.6M Restructuring Charge Intangibles Expense of $1.3M Stock Option Expense of $2.8M Cash currently at $208.2M up $20.5M Q/Q DSO of 51 Q1 2005 Revenue Q1 2006 Revenue Enterprise 70.2 76 OEM/Dev 5.4 6.1 Consumer 5.4 $ in Millions $75.6 $87.5 Q1 2006 Financial Summary *Consumer revenue not reported for Q1 '05
|Why RSA Security Will Succeed! Unique solution to critical customer challenges Secure data access and data protection Authentication, access control and encryption Continue to be out in front of evolving and growing authentication market Range of solutions to meet unique customer requirements Risk-based and segment-based Strong, experienced management team
|APPENDIX 1 Strong Authentication An Expanded Strategy
|Enhanced Authentication Strategy Offer broader choice of authentication solutions Different levels of security, price points and usability characteristics Offer broader range of authentication technologies, including OTP, digital certificate, biometric, life questions and transparent, risk- based solutions Expand the range of authentication devices Increase leverage and interoperability of RSA(r) authentication solutions Single Sign-on offerings from RSA Security Interoperability with 3rd party SSO solutions Embracing authentication industry standards, e.g., OTPS
|Authentication Requirements Vary Risk Appropriate Security Threat assessment Likelihood of attack Magnitude of loss Total Cost of Ownership Deployment Acquisition Operation End-User Fit Convenience + ease of use vs. acceptable risk Portability Multi-purpose Cost Convenience Security "No one size fits all"
|10 1000 10000 100000 1000000 Risk-based 5 4 3.5 1.5 2 OTP 35 20 10 5 3 3 Factor 60 50 40 30 20 Broad Spectrum of Pricing Options (Pricing per user per year) # of users SMB Enterprise Consumer Cost per user, per year OTP hardware & software tokens 3-factor (smart card, biometric, PIN Risk-based, transparent authentication
|APPENDIX 2 RSA Consumer Solutions
|RSA Consumer Solutions The industry's most complete, proven portfolio of authentication products and services designed to bolster security and confidence in the online channel by protecting financial institutions, their brands, and their customers against the latest online threats Risk-based, mutual and one-time-password authentication to transaction monitoring, transaction signing and anti-phishing/anti-pharming services The RSA eFraudNetwork(tm) community amplifies the protection provided to all customers Cross-institution collaborative online fraud network shares fraud data in real-time Many of the world's top 50 banks, including Bank of America, Credit Suisse, HBOS, ING Direct, Barclays, and Washington Mutual use RSA Consumer Solutions to protect hundreds of millions of consumers and transactions worldwide
|Online Banking Users Online Trading Users e-Commerce Users ~200M ~400 M ~17 M Consumer Market Opportunity Source: RSA Security estimates
|Recent Legislation and Guidance United States FDIC December 2004's "Putting an End to Account-Hijacking Identity Theft" suggests upgrading from single-factor to two-factor authentication for access to online banking FFIEC guidance in October 2005 Considers single-factor authentication, as the only control mechanism, to be inadequate for online banking, banks should use methods that are both effective and appropriate to the risks associated with online banking. SEC Published an investor guide advising Americans to "install a personal firewall and security software package, use a security token..." Europe Multiple data protection laws All data-holding companies are required to apply a "appropriate" levels of security to sensitive personal data Singapore Monetary Authority of Singapore - November 2005 requires two-factor authentication login for all types of internet banking system to be implemented by December 2006, repeated two-factor authentication is recommended for high risk transactions Japan Act on Protection of Personal Information (effective from April 2005) establishes policies to govern collection of citizen's personal information
|Risk-based authentication real-time, invisible Segment-based authentication - pre-defined Pre-defined User Segments Continuing Transaction HW/SW Token Device Recognition 1% High risk Real-time Risk Assessment 99% Low risk Extra Authentication Shared Secret Out-of-band Phone Auth. RSA Adaptive Authentication Solution
|Rules Management Customer Service Reports Provisioning Unified Integration Layer Risk-based Authentication Module Secret Questions Automated Phone Call 3rd Party Auth. API Transaction Signing Software Tokens Hard Token RSA/Others Segment-based Authentication Module ? eFraudNetwork: Cross Bank Shared Fraud Repository Mutual Authentication (Watermarks) RSA Adaptive Authentication Solution
|APPENDIX 3 Enterprise Data Protection
|Secure Data Access & Data Protection Two sides of the same coin Growing number of authorized users need access to business and personal information Organizations need to establish trust/confidence in the digital identities Specific access privileges need to be given based on the identity of the person or resource trying to access the data Increasing sophistication of attacks and rate of fraud Organizations need to protect data at rest and in transit Encryption policy must be developed and implemented on a consistent basis Trusted digital identities are critical to keeping out unauthorized users Data Protection Secure Data Access
|Need for Enterprise Data Protection Growing Data Privacy Legislations US: growing State & Federal-level data breach legislations gaining speed (e.g. CA & 30+ states) Europe: Data Privacy Directive APAC: Japan PIPA Act on Data Privacy Tougher Industry Vertical Regulations PCI on consumer credit card data GLB on sensitive financial data HIPAA on patients records Significant Bottom-line Impact Cost to Choicepoint $11MM Cost to Card Systems: out of business Cost to Customer Loyalty: 20% switch rate "EDP" = A new market focus emerging in the enterprise market to better protect consumer data privacy, driven by regulatory pressure - Source: Morgan Stanley, 2005 Anti-Virus VPN/SSL Communication Perimeter Network Data Firewall Server Security Access Control Commoditization Line Security Type Risk/Value Enterprise Data Protection "EDP" Market Evolution Identity Mgmt
|Issues Associated with Enterprise Data Protection Companies are being driven by regulations and data privacy concerns to encrypt their corporate and customer data No link between a company's security policy and application development - no enforcement Application developers often lack the necessary security expertise which hampers enterprise-wide adoption Core security engineers in short supply Apps being launched with no/insufficient security - vulnerability! Key management critical, but difficult to implement Improper key management can compromise security and prevent an enterprise data encryption initiative to scale
|Near-Term Expansion Possible Expansion Application File / OS Databases Storage / Tapes Laptops/PDA's RSA Enterprise Data Protection Management Database Encryption RSA Identity & Access Management Partner Solution Partner Solution RSA Data Protection Professional Services File System Encryption Application Encryption Security Policy & Control Central Key Mgmt & Storage Monitoring & Audits RSA Security's Approach to Enterprise Data Protection Deliver a comprehensive solution that addresses data protection needs Simplified development and deployment of secure applications across multiple data tiers Enforces security consistently through security policy, not code Puts policy in the hands of security experts vs. corporate developers