OpenText scoops up Carbonite as it looks to reach new customers

November 12 2019
by Fernando Montenegro, Steven Hill, Scott Denne


OpenText has announced the acquisition of Carbonite, a data protection and cybersecurity provider with a strong cloud-based delivery model and a focus on smaller enterprise and SMB customers. The deal represents one more addition to OpenText's stable of cloud-centric purchases, which include Recommind, Catalyst, Liaison and many others. The move brings to an end the discussions that recently surrounded Carbonite about a possible sale due to challenging results.

Snapshot Snapshot






Information security

Deal value


Date announced

November 11, 2019

Closing date, expected

Within 90 days


J.P. Morgan Securities (Carbonite); Lazard (OpenText)

The 451 Take

OpenText has developed a model for buying cloud-centric companies and its reach for Carbonite fits this model. For the target, this transaction represents an opportunity to integrate with an enterprise vendor that gives it ammunition to continue to compete in the SMB/'prosumer' space. Meanwhile, OpenText obtains another cloud-centric business with an attractive revenue model. It also gets a brand that is well-known in its space along with a well-oiled channel operation that can reach into accounts that OpenText is not usually involved with.

Additionally, the deal highlights the importance of cybersecurity: Carbonite's endpoint protection and data backup offerings are well-suited to address the most common threats associated with the SMB/prosumer space such as ransomware, but that technology can easily be applied to larger enterprises as well. This is where Carbonite's Webroot offering may potentially find some synergy with OpenText's EnCase.

Deal details

Many things about OpenText's $792m acquisition of Carbonite are familiar. The buyer, as it has often done, adds an ancillary product to its software portfolio at a price that reflects recent challenges at the target. Yet this transaction, according to 451 Research's M&A KnowledgeBase, marks the first time that OpenText has paid more than 3x trailing revenue, although it's crossing that threshold on a technicality. The all-cash deal gives Carbonite an enterprise value of $1.42bn, or 3.2x trailing revenue, although that doesn't include a full year's worth of results from Webroot, the security firm that Carbonite bought earlier this year in a transaction that nearly doubled its topline. Calculating the multiple using a full 12 months of Webroot's revenue brings the multiple to 2.8x, safely in OpenText's comfort zone.

Poor performance of Carbonite's backup and disaster recovery business in the second quarter sent the company's stock tumbling last summer when it announced the shortfall and lowered revenue guidance. Today's acquisition, which sees OpenText paying $23 per share, comes in 24% below the target's 52-week high. Although Carbonite had hit a rough patch and struggled as a public company, it's still expected to post annual growth in the low-single digits, has a topline that's 90% recurring revenue, and generated $29m in EBITDA last quarter.

J.P. Morgan Securities advised Carbonite on its sale, while Lazard advised the buyer.

Target profile

Carbonite is one of the largest players in the cloud backup market, and targets both consumers and SMBs with its data protection wares. It received a major boost at the end of 2018 when rival CrashPlan exited the consumer segment to focus on SMB services. Carbonite expanded its portfolio when it purchased security vendor Webroot in February for $619m. Webroot has a portfolio that includes endpoint protection, network protection, security awareness and threat intelligence offerings. The company typically focuses on SMBs and smaller enterprises.

Acquirer profile

OpenText is a leading provider of enterprise content management (ECM) products, which include e-discovery software acquired from Recommind. It also offers OpenText Magellan, an artificial intelligence platform designed to offer business insight.

The vendor is a serial acquirer and views M&A as core to its growth. With each acquisition, the company aims to bring in new technology, partners and customers to fuel expansion in enterprise information management. In relation to security products, OpenText spent $240m for Guidance Software in 2017. Guidance's EnCase is a well-known digital forensics offering, and served as the basis for OpenText's entrance into endpoint security with additional products for endpoint detection and response (EDR) and risk management.

Notable OpenText M&A Notable OpenText M&A

Date announced


Target abstract

Deal value


November 11, 2019


Backup and recovery software and services



July 26, 2017

Guidance Software

E-discovery software



September 12, 2016

EMC [Dell] (Documentum)

ECM software division



December 5, 2014


BI analytics software



November 5, 2013


EDI software and BPO services



July 13, 2011

Global 360

BPM software



451 Research's M&A KnowledgeBase


Given the breadth of its portfolio, OpenText faces competition on numerous fronts. These range from macro-level competitors such as IBM, Microsoft and Oracle to specialists in the ECM space such as Alfresco, Kofax and others, to content collaboration vendors like Dropbox, Box and more. The EnCase security product line encounters FTK, XWF, Oxygen suite and others on the forensics side, as well as numerous EDR specialists such as CrowdStrike, Carbon Black, Cylance, Elastic (via its Endgame buy) and many others.

In the consumer/prosumer sector, Carbonite's data protection business vies with players like Acronis, Backblaze, iDrive, SpiderOak and others that also reach into the SMB space – from an SMB standpoint, though, Carbonite is also facing increased competition from enterprise data protection providers such as Cohesity, Commvault, Rubrik and Veeam that likewise target the growing midmarket and offer both data and workload protection. Lastly, Carbonite's Webroot security offerings contend not only with similar rivals as OpenText's EnCase, but also with other endpoint protection firms including but not limited to Sophos, Malwarebytes, BitDefender, Avira and many others ranging from industry stalwarts Symantec and McAfee to newer entrants such as SentinelOne and Cybereason.