CA's Veracode Deal Not a Sign of DevOps Consolidation, Analysts Argues

CA Technologies’ announced acquisition of application-security vendor Veracode will help beef up the company’s DevOps security portfolio, but will also require it to support some product integration with competitors

devops drive cloud

CA Technologies announced its intention March 7 to buy application-security firm Veracode in a $614 million deal—a move that has all the hallmarks of continuing the industry’s consolidation but more strongly shows the company’s commitment to expanding its DevOps software portfolio, a Forrester analyst argued in a research note published this week.

The acquisition, which will likely close in the first quarter of fiscal 2018 that starts April 1 for CA, expands the company’s DevOps technology offerings with Veracode's dynamic and static application testing as well as the firm’s software-as-a-service application-security testing software. Veracode counts more than 1,400 companies of all sizes as customers.

The purchase will significantly strengthen CA’s security capability, Amy DeMartine, principal analyst with Forrester, told eWEEK.

“They are trying to fill in a missing piece in their DevOps puzzle,” she said. “Over the past few years, they have really promoted the app economy, and now they are saying that security is a major piece of it.”

The move appears to be a reaction to the purchase of Cigital by Synopsys, a company focused on the technologies needed to create embedded applications and the Internet of Things. While the closeness of the pair of purchases—Cigital in November and Veracode this month—could signal a new round of consolidation in the DevOps sector, DeMartine argued that the companies are pursuing separate paths.

In its press release, CA Technologies cited Gartner research that estimated that more than half of all enterprise DevOps initiatives will automate the testing of application security by 2019, while less than 10 percent did so last year.

Yet, the move also brings complications. Veracode integrates with other DevOps products that compete with CA Technologies’ own software-development portfolio. While CA could stop supporting those products, it would likely hurt their bottom line, DeMartine said. With 43 percent of developers preferring to use best-of-breed products according to a previous Forrester study, it's unlikely those customers will change their tools any time soon, she said.

“People like their own tools, so if CA wants to sell and be successful, the Veracode tools will have to remain agnostic,” she said.

Whether CA’s strategy will work is unclear, and the company has stressed that benefits will not be seen for a few years.

In addition, because Veracode is a private company, no one will know if the price is right. Yet, at its face, the deal seems extremely good for the firm, DeMartine said.

“They are getting a portfolio of products,” she said. “I was intrigued, but I also thought they got Veracode for cheap.”