Thoma Bravo’s $6.9B SailPoint deal brings IAM to security portfolio

In a move to put in place a key piece for its portfolio of cybersecurity companies, private equity firm Thoma Bravo has finalized plans to acquire IAM (identity access management) security vendor SailPoint in a go-private deal worth $6.9 billion.

When completed, the deal, announced Monday, will be the latest in a string of security-focused technology acquisitions for the firm, which last year purchased payment security provider Bottomline Technologies for $2.6 billion in December and cybersecurity and compliance vendor Proofpoint for $12.3 billion in August, among other transactions, some of which date back to 2016.

The terms of the SailPoint deal represent a 48% premium on the company’s current stock price, and Thoma Bravo said in a statement that the acquisition will see SailPoint operate much as before, but with “the flexibility and resources to continue providing industry-leading identity security solutions to modern enterprises around the world.”

“Additionally, SailPoint will benefit from the operating capabilities, capital support, and deep software expertise of Thoma Bravo,” the private equity firm said.

The deal was announced just a day before news broke that the private equity firm was planning to divest itself of another security company — Barracuda Networks, which Thoma Bravo took private for $1.8 billion in 2018. Thoma Bravo is near a deal to sell Barracuda to KKR, another private equity company, according to published reports Tuesday. Thoma Bravo did not immediately comment on how the Barracuda sale figures into the reshuffling of its security portfolio.

IAM, though, has become an important piece in security companies’ offerings. Recently, for example, endpoint security vendor SentinelOne announced plans to acquire IAM provider Attivo Networks for $616.5 million. In particular, as remote work has expanded the boundaries of corporate network security perimeters, attack vectors have multiplied, making identity access management an increasingly crucial threat-protection method.

SailPoint offers identity governance, password management, compliance controls, access request and automated provisioning services.

Andras Cser, a vice president and principal analyst at Forrester, said that the SailPoint deal is an attempt to fill a hole in Thoma Bravo’s growing lineup of security companies, but that the results from this type of pattern can be mixed.

“A lot of times, [private equity will] build a portfolio out of these acquisitions, and they’re successful,” he said. “Sometimes, they acquire companies that they think will make sense together and they unfortunately don’t.”

Private equity acquirers are generally focused on the bottom line, according to Cser. But, for the acquirees, going private can still be less restrictive than being a part of the demanding public stock market.

“The interesting question is why SailPoint’s leadership goes with a private equity firm, [instead of] issuing more shares and maintaining transparency,” he said. “It’s typically because, if you’re a Wall Street-listed company, you’re required [to keep raising profit/revenue figures] so your ability to innovate might be less than in a privately held company.”

Thoma Bravo invested privately in SailPoint in 2014, Cser noted, years before the company’s IPO in 2017, so the two firms are already well acquainted.

The deal is still subject to approval by SailPoint stockholders, and a “go-shop” period will last until May 16 — during that time, alternative acquisition proposals can be sought out and pursued, but Thoma Bravo said that they still expect the deal to close in the second half of 2022.