Symantec Corp. wants more presence in the enterprise IT infrastructure space and its spate of acquisitions and technology strategies are evidence of that move. ComputerWorld Canada senior writer Mari-Len De Guzman recently sat down with CEO and chairman John Thompson to explore that aspect of his company’s business and more.
Q: Symantec’s acquisition history over the years has evolved beyond purely security-related purchases. What is Symantec’s acquisition strategy?
A: Most of our acquisitions have been focused on one of two things: Giving us a unique piece of technology that complements what we are already doing or giving us a time-to-market advantage as we look to expand to a new market area or an adjacent (one). Case in point: We knew we wanted to be in the availability management space, we knew we wanted to be there in a big way. Veritas clearly got us there in a big way. We knew we wanted to be in the Windows-based management technology arena. We have acquired a number of components there — Power Quest, ON Technology and now Altiris. As the company scales in size — this year we’ll be over US$5 billion in revenue — one of the critical issues for us is to think through not just whether or not we are buying technology, but whether we are buying businesses that can run effectively inside a large organization.
Q: You are in the process of closing a deal to acquire asset management software vendor Altiris Inc. What was the driver behind that acquisition?
A. If you think about today’s systems environment, in many respects vulnerability is the weak link that causes a machine or device to be attacked. What Symantec has in its portfolio is certainly vulnerability management technologies that allow us to understand where vulnerability might exist and understand what the compliance requirements for a given device might be. But we didn’t necessarily know the kind of state of every device — what was its configuration, what applications are running on that device — or the ability to push a software update or patch to the device. Those are the components that Altiris will bring into the fold. Imagine a closed loop process that says: I understand the state of the device; I understand whether or not a vulnerability that has been discovered could affect that device; I can push [the necessary] patch, update my database and test for compliance. And then I have a nice, clean, closed-knit system. It’s a way to ensure the integrity of the operating environment, without necessarily having to be solely concerned about how secure it is. It’s more about ensuring that the information within the system it is managing is always available, hence, the notion of security and availability being tied together.
Q: As the market moves into an information-centric security world, many application developers are beginning to integrate security into their products. How would this affect Symantec’s share of the market?
A: I think it is really a function of what you are trying to protect. And in many instances a lot of the products that Symantec has that are security-related are about protecting the infrastructure. We believe that over time, more and more of our products will have to be about protecting the interactions and the information that is so critical to the whole process of computing. For example, one of the biggest issues for enterprise buyers is data leakage protection. I want to know that the information in my organization is not finding its way out of my organization without my knowledge. That is a very, very important issue. Now could you imbed that in the application? I would suspect so. But the reality is, many, many applications have already been built and so you need data leakage protection for the existing infrastructure or classic apps that you have.
Q: Where do you see your company five years from now?
A. There’s a stack of software and at the bottom layer is this thing called the operating system. Above that rides a series of software technologies for systems management, storage management, security management, network management. I see Symantec playing in all those areas. Above that is a set of software that is about the database, about the application development tools and the apps itself. I don’t see us necessarily playing up there. I don’t see us in the OS and I don’t see us in the apps, but I do see us in what is classically referred to as the infrastructure software layer. Today, we have a strong leadership position in infrastructure software – the stuff that makes the applications work. [These are] things that make the systems environment more solid, more secure, more recoverable, more highly available.