Your smaller rivals, and some industry analysts, like to say that large companies, such as Symantec and McAfee, do not innovate - they only acquire innovation. How does that strike you?
JT: There is an important mission we cannot overlook, and that is we have a bunch of customers with an enormous amount of expectation of us being able to continue to deliver new features, functions, and capabilities for them that will migrate seamlessly from what they do today to what their needs might be tomorrow. We spend 15 per cent of our revenue on research and development because we have to maintain some stream of innovation in order to serve our existing customers. Our Symantec Research Labs facility has delivered innovative capabilities such as generic exploit blocking, or the ability to see vulnerabilities and create a signature to block an attack before it occurs. The fact that we are an acquisitive company means we are open to people who have fresh ideas.
The security world has evolved so rapidly over the last five years that if we were stuck in a pattern that said we will only deal with ideas that emanate from inside the company, we would be unable to serve the needs of our customers at all. The best way for a company that competes in all the segments of the market where we compete is to use the strength of our balance sheet and income statement to continue to evolve. Consider all that against the idea that the whole software industry is consolidating around us.
DD: It's a myth that companies our size don't innovate. Lots of the work in our new consumer technologies was an organic exercise, as with ePolicy Orchestrator. But, we also have to use the balance sheet and acquisitions because we can. Maybe that looks externally like we don't have to innovate, but we're really doing both and making sure that we augment the strategy. Part of that is around blended shore development - we're moving sustained engineering and quality assurance to offshore locations like India and China.
We've seen many major platform providers make investments in acquiring security technologies. How has this shift changed how you will direct your own companies?
JT: What customers are trying to do when managing access to applications and the ability to share information across the enterprise, both internal and extended, makes it incumbent upon all of us to recognise that securing content is very important.
Many of the platform companies started their lives thinking security was something that slowed down the machine, network access, or their sales. They finally came to the realisation that security is an enabler and not an inhibitor and that they must embrace it. The real question becomes, where do customers think logically about security elements? If you look at what has evolved at Symantec, we have said that it's natural some security technologies will live in the network.
Networks have become fast enough, deep packet inspection technologies have become good enough, and we assume that more of that will occur. And the logical place for companies to do that is with the people providing network equipment, but that's only one place where you have to protect the stream of content. Another is where the users interact at a desktop or server, or where content is being managed at the gateway or applications level.
We're partnering with Cisco, Juniper and Alcatel and license our technologies to them because we'd like to have the scanners we have become more ubiquitous, not less so. Let's move to where the user is interacting with the application, or where the application is managing the digital content. There's also the issue of heterogeneity. Whereas a company such as Microsoft is only focused on Windows, our largest customers still run mainframes, Unix, and have interests with Linux in the applications sphere.
DD: One word describes our differentiation from these [platform] companies: heterogeneity. Large companies want freedom of choice - they don't want to get locked down with Oracle, EMC, or Microsoft who only support their own releases with their security products. Would you trust your security requirements to a single vendor? This goes back to conversations of best-of-breed small vendors versus best-of-breed large vendors, and it is turning into best-of-breed security versus gigantic companies with some security in their strategy.
We bet that the cross-platform approach wins out. To support all is better than just supporting one vendor, whether for storage, the OS, or routers. Cisco is not exactly supporting Juniper anymore.