Companies typically need to integrate four types of security products to conduct secure e-business: authentication tools to prove the identity of users; encryption tools to keep communications private; public key infrastructure (PKI) tools to provide integrity and non-repudiation for transactions; and authorization tools to control which applications and services users are allowed to access.

RSA already held the first three pieces of that puzzle, with its SecurID two-factor authentication product, BSAFE encryption tools and RSA Keon PKI products. The Securant acquisition gives RSA an authorization tool, ClearTrust, to complete the picture.

ClearTrust is a Web-centric authorization and policy management system designed to enable authentication, transaction authorization, delegated user management, Web and cross-domain single sign-on (SSO), session management, policy assessment, risk management and threat monitoring and auditing. RSA is paying $136.5 million in cash for Securant, and the companies expect to finalize the deal late this month.

"I'm not surprised RSA chose to do this," says Bob Lonadier, analyst for the Hurwitz Group, a consultancy in Framingham, Mass. "They have been on a buying spree. They are trying to find the right formula for renewed growth and profitability."

In the past year, RSA Security has also acquired Xcert, a PKI company, and 3-G International, a producer of software-based smart cards, biometrics and card management products.

RSA believes the Securant acquisition will enable it to provide leadership in one of the few growing IT markets - extranets. Extranets enable companies to tie in business partners to their corporate nets while maintaining security. Tools like ClearTrust are an essential component, because they enable partners to see only the applications and services for which they are authorized.

ClearTrust is also a natural complement to RSA's authentication, PKI and encryption solutions. For example, once a user is securely authenticated via SecurID, the next logical question is, what is that user allowed to do? An authorization tool like ClearTrust provides the answer.

"This [acquisition] shores up a hole in the RSA authentication story," says Matt Barzowskas, a financial analyst and vice president with FAC/Equities, a division of First Albany. "This makes RSA stronger and lets it sell a new product into its large installed base of customers."

RSA says it will continue to sell ClearTrust as a standalone product, although now it will benefit from the marketing efforts of a larger company.

Calling it a "strategically positive move," Barzowskas notes the importance of the acquisition for Securant. "Right now there are a number of small private [authorization tool] companies that have good technology but are struggling to get more financing. These companies will not be able to make it on their own, so [their] only hope is to get acquired," he says. "The ones that do not get acquired will just whither away."