Login  |  Register  |  Contact

Tumbleweed Acquired

Sopra Group, through its Axway subsidiary, has acquired Tumbleweed Communications for $143 million. The press release is here

With Tumbleweed’s offerings for email security, secure file transport, and certificate validation, there were just not enough tools in that chest to build a compelling story- either for messaging security or secure transaction processing. And it provides just one more example of why Rothman is right on target. Given that Tumbleweed’s stock price has been flat for the entirety of this decade, this is probably both a welcome change of scenery from the stockholders’ perspective, and a sign of new vision on how best to utilize these technology elements. There are lots of fine email/content security products out there having a very difficult time of expanding their revenue and market share. Without some of the other pieces that most of their competitors have, I am frankly impressed that Tumbleweed has made it this far. Dropping this product line into the Axway suite makes sense as it will add value to most of their solutions, from retail to healthcare, so this looks like a positive outcome.

—Adrian Lane

Previous entry: I Don’t Get It | | Next entry: DRM In The Cloud


If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By Kevin Rowney  on  09/08  at  08:50 AM

I think this outcome for Tumbleweed is relevant to another issue frequently covered here: Data Loss Prevention.  What I’‘ve been seeing for years is a large number of defunct Tumbleweed installations that were the customer’s best attempt at doing Data Loss Prevention.  They took a go at using pure keywords and pattern-matching as their detection technology, and (just like old-school IDS systems) turned them off once the false positives started to surge in.  That, or they quickly found a range of relevant threat vectors in DLP that are not covered by DLP (i.e. data-at-rest, endpoint exposures, etc..)

Obviously, DLP as a space is really thriving right now. It’s just that the vendors who tried to move into this space as a supplement to their core market have had lots of Tumbleweed-like outcomes in the DLP space.  Trying to move sideways into DLP with only an email gateway and some pattern matching is - at this point - a very painful path.

At this point, the minimum requirements for making an effective contribution to a data loss risk reduction plan for large enterprises are tough to meet.  That is, they are tough to meet unless you really focus on nailing that problem.

I suspect that in the years to come, we’‘ll see more vendors who claim DLP as a value proposition (but who do not claim it as their primary value proposition) exit the Data Loss Prevention arena.  DLP isn’‘t a simple value proposition that can be taken up idly as a mere side-business.

I know you guys may see it differently, but I just don’‘t see any room left in DLP for non-specialist vendors.

Kevin Rowney
Founder, Data Loss Prevention Division

By John  on  09/12  at  01:37 AM

You are dead on with your comment about "defunct Tumbleweed installations" comment… We’‘ve been running them for 5 or 6 years as our primary mail relays, and cannot wait to retire them (we are migrating to Google/Postini for cloud MXing) and will figure out what to replace them with at the border for DLP/TLS.  Running a mail relay on SQL Server is never a good idea.  Many Pharmas and Law Firms run tumbleweed exclusively, and the proprietary SPN is still how many shops exchange secure mail.  Thank God for TLS…



Remember my personal information

Notify me of follow-up comments?