Symantec – Enabling The Shift From ‘System’ To ‘Information’ Centric IT With Cloud Computing

ITCandor Opinion

Symantec is doing no worse financially than every other software company in the teeth of the economic downturn. The company is founded on a series of important acquisitions, but has so far failed to integrate the portfolio as well as Citrix, or its salesforce as successfully as Oracle. Its customers and partners like its widespread licensing practices and it has a lot to offer all participants in the development of Cloud Computing. I was surprised to see how important managed services has become and impressed with products such as FileStore and Pure Disk. Unlike most major software companies Symantec currently lacks an operating system business and has no new acquisitions to worry about. Its business is strongly coloured, but not restricted, by its traditional security, data protection and storage past. I expect it will end the year with less than the 43k partners it claims to have in EMEA – not through its own actions, but due to the shake out. I believe its strategy will become clearer once the recession dies away in 2010 and Cloud Computing becomes a more tangible market.

Symantec 2009 Industry Analyst Conference Highlights

• Symantec is addressing the shift from system- to information-centric IT
• It claims early wins in the nascent Cloud Computing market – specifically in network back-up and messaging
• Its 3-fold Cloud approach is split between hosting, helping SPs and enabling hybrid developments
• Investment priorities are into best of breed software and integrated product approaches
• Symantec’s customers were genuinely supportive, although recognising some past failings
• There have been some significant geographic challenges in EMEA – in particular Russia, Eastern Europe and Dubai

Symantec’s Strategy Addresses The Move From System To Information Centric IT

Symantec held its 2009 EMEA Industry Analyst conference in Surrey, UK this week. Led by SVP John Brigden, an impressive team of its most senior managers for the region addressed a full room. The addition of a dedicated Twitter address (#symcar-09) made the meeting interactive through social media, allowing us to share ideas and ask questions.

Having written about the company’s small business approach earlier , I thought I’d jot down some thoughts on Symantec’s overall approach to business in the region.

There was much discussion at the conference between delegates, customers and Symantec itself about Cloud Computing, Software as a Service (SaaS) and integration. The company is doing its best to integrate its acquired businesses to offer a more coherent set of offerings to its chosen markets, which stretch from consumers (Norton), through small business, commercial, to its major and public administration accounts. It looks likely to remain one of the few major software companies without an operating system among its offerings, unlike Oracle (soon with Solaris), IBM (AIX, zOS, etc.), Novell (Linux) and Citrix (Xen). Symantec’s security and data protection offerings remain a strong part of its portfolio, although enhanced through its de-duplication and messaging activities. It makes its software available though a variety of licences and claims leadership in a couple of SaaS areas.

Symantec’s Investment Priorities Are Best-Of-Breed Software And Integrated Product Development

Ken Berryman (SVP Strategy) talked about the shift in IT from a systems-centric to information-centric world. He noted that virtualisation in storage and servers has broken the link between computing and location and that it is now expected that applications can be accessed via laptops, iPhones or even through airport kiosks (despite the security issues that need to be addressed). He noted that Symantec’s Cloud Computing approach is threefold. In particular:

• Hosting applications as a Service Provider (SP) from its own data centres (accredited by the three users it brought along to talk to us)
• Helping SPs by providing software tools to help build public Cloud Computing offerings
• Enabling hybrid private/public Cloud Computing development. In my follow-up discussion with John Magee its clear that Symantec want to help the difficult integration of in-house and SP-provided applications, especially in the security and data storage areas

In the rapidly developing Cloud Computing/SaaS market claims Symantec already claims leadership in Cloud messaging (via MessageLabs acquisition) and in Cloud online backup. Ken outlined many of the challenges involved in the shift from systems- to information-centric IT. One of the biggest in the complex national markets of EMEA is data protection and privacy legislation, which often prevent (or should prevent) the mobility of information access – ‘Systems don’t respect national boundaries, privacy laws do”.

Greg Hughes (Group President Enterprise Products) talked about Symantec’s investments. He pointed out the fact that R&D is a high proportion (c.15%) of revenues and staff (four thousand of Symantec’s total of 17,200). It has two main investment priorities. In particular:

1. To develop best of breed security, data protection and storage offerings
2. To adopt an integrated product approach

On the product front he noted a number of future developments. For instance:

• Data Loss Prevention (developed through the Vontu acquisition) will have open APIs in its V.10 release
• Pure Disk V 6.6 claims impressive ‘ingestion rates’ of 2.8TB/per hour – allegedly better than those of Data Domain (see my article on its acquisition by EMC)
• Its FileStore product is designed for Cloud Service providers who need to handle massive amounts of unstructured data (up to 2PB on the maximum 32-node configuration). I was surprised to learn that Symantec has an agreement with Fujitsu to offer a hardware version of FileStore, given the latter’s decision earlier in the year to off-load its hard disk drive business to Toshiba.

On the integration front Greg noted that in future Pure Disk’s de-duplication agent will be built into future Netbackup products – “reducing need for EMC disk!” in the process and that the company’s Data Classification Engine will also be integrated into other products, helping users address the challenge of identifying ‘who owns the data’ – a big problem for unstructured data, especially in trying to find authors of sensitive information.

Symantec Customers Commend Its Offerings, But Discuss Past Difficulties

In (for me) the most interesting session Symantec brought three of its CIO customers on stage to talk about their use of Symantec offerings. In particular:

• Tiscali (Salvatore Pulverinti) is an alternative Telecoms company based in Italy set up in 1998, which has grown through acquisition. It had a Net Income of €151.6 million in 2009 and 700 employees. To handle the major consolidation challenges Salvatore set up what he calls ‘IT as a Service’ (ItaaS) in 2002 to handle Tiscali’s subsidiaries. Tiscali claims 80% storage utilisation (v an average of 25% quoted by Symantec for all storage earlier in the conference) and a 50% annual increase.
• Abu Dhabi Commercial Bank (Lee North) uses Symantec to manage end points, mail and the periphery of his organisation. The bank is 30 years old, but has grown rapidly in the last 5 years – increasing the number of its accounts from 200k to 800k. The bank uses a number of other suppliers (IBM for System p servers, HP Enterprise Systems/EDS, Oracle and others). Lee mentioned the importance of the relationship with Symantec, which helped overcome some shortcomings in past offerings.
• Xstrata (Jason Wilkins) claims to be the fifth largest mining company in the world. Founded in 1926 it has 68k staff (of which 20k are contractors). It runs confederated IT support model encompassing 17k desktops, 1,800 servers, and 21k users in 157 locations with 275 IT staff. It buys managed security solutions from Symantec, which includes IPS, HIPS, firewall and vulnerability scanning. Jason is a keen user of Altiris (‘Altiris is my killer app…. It’s awesome…”), which he used to discover and start to manage the assets acquired through Xstrata’s acquisition of Falconbridge.

In our question and answer discussions with these customers it was interesting to note that their relationship had developed as Symantec acquired other suppliers. Jason said that had initially been worried when Altiris was acquired and Lee that he was weary of putting ‘all the eggs in one basket’, when asked about increasing his spend on Symantec products. Both Salvatore and Lee said they were using VMWare for virtualisation, although Jason said it wasn’t much use in the distributed world he manages. Data Loss Prevention was of particular interest to Lee, who has to take care of the extra legislation Arab countries operate under. When asked about Green IT Jason raised a laugh when he talked about the importance of the subject to a mining company – although he said his data centre strategy was to improve energy efficiency for cost savings, rather than Green ideals.

Finally, the customers indicated that they were not looking for Symantec to buy an operating system company, Jason saying that it was a big enough beast to worry about already and Salvatore that it would not be a good idea to distract the company from the areas it was already pursuing.

Symantec Has A Stable Management Team To Address Downturn Challenges In EMEA

John Brigden talked specifically about Symantec’s EMEA business. He pointed to the stability brought about by having the same management team in place for the last 4 years. He has driven a more segmented business by reaffirming the roles of the companies account representatives and sales engineers. It has also updated its performance management system. John believes the company is gaining market share in Endpoint management, network back up, compliance and other areas. He reports that customer satisfaction scores are up and that the company had a successful ‘Stop Buying Storage’ campaign in the region – especially it is tuned to the recession.

Russia, Middle East and Eastern Europe have been very strong historical growth areas for Symantec. However during the world financial crisis, Russia and Eastern Europe have faced some major challenges, not least with very high inflation. In the Middle East it has managed to grow by focusing around and outside of Dubai, something confirmed by Lee for the UAE and Abu Dhabi where his bank is based.

Symantec claims to have 43k partners in EMEA – for me the shear number underlines the importance of indirect distribution in the regions fragmented national markets. I’m also pretty sure the number will prove to have reduced itself through the shakeout of the recession during 2009.

How Does Symantec Shape Up As A Major Software Player?

Symantec had revenues of $6.2 billion in the year to the end of March 2009, making it the fifth largest software supplier after Microsoft, Accenture, Oracle and IBM (see Figure 3). It claims that its products help back-up 50% of the world’s data and that they touch 33% of the 60 billion emails sent worldwide every day. It also claims to have 50 million active users.

Like many other US-based vendors it has enhanced its business through acquisition, the largest of which was the $13.5 billion spent on Veritas in July 2005. However most of the companies it has taken over are far smaller (see Table 1).

Symantec specialises in data protection, anti virus, security, storage and systems management solutions, back up and de-duplication. It generates approximately 30% of its worldwide revenues from consumers, for whom Norton is the most well known anti-virus software – a brand better known than Symantec itself. The majority of its revenues in the business-to-business market come from large and medium companies, although it claims that 68% of its total transactions come from small companies.

On a long term basis Symantec’s revenues have grown significantly, like other major suppliers helped by the non-organic revenues of acquired companies (see Figure 2) – especially in the quarters following the Veritas acquisition.

Like all other companies Symantec’s business has suffered in the last few quarters (Figure 4).

Symantec announced a non-cash expense of $7.4 billion in ‘goodwill impairment’ in the last 2 quarters of its last financial year, a decision based on the poor macroeconomic climate, the drop in the value of the company’s shares (to around $10 last November), the impact of the recession on the company’s short-term growth rate and new assumptions about the increased cost of capital. It will be interesting to see if other ITC companies have to announce similar provisions in their Q209 financial reports.

Table 1 – Symantec Acquisitions By Date, Area And Price From 2002

Source: ITCandor, October 2009

Are you a Symantec customer or partner. Let me know what you think about the company’s strategy by commenting on this article