As one of the world's largest security vendors, Symantec has its finger on the pulse of the latest threats and business protection methods. In the first part of an in-depth interview with ARN's Nadia Cameron, managing director and vice-president of the Pacific region, David Sykes, lays out the vendor's roadmap and how its acquisitions strategy has helped build out its three-tiered security stack.
What does Symantec's company roadmap look like over the next two years?
When we talk about protection, it's about bringing together the traditional areas of security and availability and backup as well as recovery and performance. We divide our approach into three layers, and the roadmaps click into that: firstly, it's about protecting the infrastructure - physical servers, endpoints; it's about protecting information - email, document flow; and ultimately it's about protecting the interaction and the user experience. And you need to address each to be able to build on the other.
Protecting the infrastructure is our traditional portfolio and where you have storage, backup and reactive protection technologies like IDS and firewalls. We have all played in this space for a long time and there are still enormous opportunities. Storage rates are growing, online threats are constantly changing, but the overarching trend at the moment is about integration. So you see us do things like our Storage United strategy, which represents a lot of the work we're doing on datacentre consolidation and bringing those tools together. And at an industry level, the argument's moving more away from feature/function/megaflops to return on investment, TCO, and business propositions.
There are still quite segmented silos in security and storage. It's hard to tell how much integration or cross-pollination will occur against traditional security, storage or recovery, partly because it's hard to tell where the logical linkages are and partly because of the way people buy. But there's no doubt that as you look at protecting the infrastructure level, fewer players, tighter integration, and virtualisation are the order of the day.
The hot field is the information level. As we start to get on top of the infrastructure layer, we're turning our attention to protecting the information flowing across it. And right now the big one is email, or message management. So moving towards integrated message management -IM, email and hybrid messaging - is an area one we are heavily focused on.
There's a lot else going on is this space however: the rebirth of encryption and secure document management, for example. These things are indicative of the activity at protecting the information level. And we'll see that continue to heat up in the next year as people start to realise the privary legislation and straight intellectual property values buried in some of these unstructured systems. I think you'll also see a lot more point players coming into this space looking for specific opportunities.
The more challenging part, and the one where you need to have the first two layers down before you attack, is protecting the actual user experience. The best indication of our direction there is our consumer business. Products like Norton 360 and Norton Confidential are moving towards giving users a real-time, as-you-interact capability for being protected.
The other big one around interaction is identity and that's an area we are actively exploring over the longer term.
You mentioned acquisitions, such as Veritas, have been critical to developing your strategy. How far along are you with integrating that technology into the stack, and how has it changed the way you develop products?
I think we are very well progressed in terms of the integration of Veritas and Symantec, although the interesting observation there is that the touch points aren't where we thought they would be. We had dreams of a seamless workflow that ran from an early warning system telling you of a potential rising storm of some online threat that would kick-off a whole bunch of processes to change firewall rules, IDS, update signatures, and so on. Based on a triage, you would seal some systems off, back some systems up and leave some to be sacrificed. Once you'd been through the whole experience, you'd then recover them all and measure the whole loop. That was the Holy Grail and still is.
But two significant things: firstly, that flow isn't necessarily the way customers look after those incidences - it's still much more fragmented, and it's certainly not how they buy. Secondly, we found the value of integration was more around doing things like bringing our internal live update automated services to customers. Having that capability across all of our availability tools provides a lot more value in that it's automated to a single point of contact. And in a crisis situation that's worth more than a seamless workflow. It's also something we could do much faster.
So the obvious things we could quickly have been done. Now we're looking at where the market will lead us on the logical integration points. We're also realistic enough to know it's not going to be a complete yellow shop: you still need to have touch points with third-party solutions.
- For Part 2 of this interview click here
- For Part 3 of this interview click here
- For Part 4 of this interview click here