In April 2009, on his fourth full day as the freshly minted chief executive officer of data storage and IT security protection software provider Symantec, Enrique Salem made a memorable entrance at Storage Networking World in Orlando, Fla. He stepped up to the podium and declared: “I want you to stop buying storage. Now!
“You heard me right: Stop buying storage,” Salem said. “How? Reduce the amount of information that you store in the first place, and make the storage you do have more flexible and efficient.”
At first glance, it seemed as if a storage and security guy was ordering a few thousand IT managers, partner companies and software developers to not buy something his company sells. Of course, Symantec is a software company that doesn’t sell storage arrays, controllers or much hardware at all (although there are options to buy appliances with certain software packages).
So, in terms of literally not buying physical storage, Salem could get away with the apparent meaning of that statement and still retain credibility with the company’s customers and shareholders.
If you really want to stop buying storage, Salem (left) said, there are four key opportunities at which everyone should be looking: storage resource management, thin provisioning, data deduplication and intelligent archiving. “If you’re like most companies,” he said, “you have a lot of -orphan storage.’ It’s time to give your orphan storage a loving family. You often have more room to grow than you realize.”
Two-and-a-half years later, Salem’s message on that score hasn’t changed-but Symantec has. During his relatively brief tenure as successor to longtime incumbent John Thompson, Symantec (an independent software company with numerous partners) has fortified its position in the shark tank with competitors such as EMC, IBM, Oracle and Hewlett-Packard. It has competed well as one of the world’s leading independent developers of data management software.
Leading in Security Software
Symantec is the global leader in the security software market with about 45 percent share, and it owns about 60 percent of the installed storage backup market with Backup Exec, according to market researchers Gartner and IDC. The company’s security products include the well-known Norton line of antivirus software for consumers, as well as data-loss prevention (DLP) and data encryption products for enterprises.
The security market is very healthy in all the areas where Symantec plays, Jon Oltsik, analyst with Enterprise Strategy Group (ESG), told eWEEK. “Improved security/risk management is one of the top four areas for IT investment in 2011,” he said.
“Symantec has very strong offerings in endpoint security, data loss prevention, email/messaging security, endpoint encryption and compliance management. Its security services [via cloud subscriptions] are growing very well. Symantec does have some gaps in its portfolio, but it has leading products where it plays in security and is experiencing strong sales and growth in these areas.”
Storing, Sharing … Secrets
Symantec is in a sensitive position when it comes to both personal and business data. On one hand, the company stores and protects all your digital valuables while enabling you to share some of them for the benefit of you, your business partners, and your friends and family. On the other hand, it keeps your secret data secret and confidential data confidential. All are very different use cases that need varying types of security access.
There’s a fundamental set of cross-purposes at play here. The questions about whose data is it, who can access it and for how long, and who gets to remove it are all part of the deal. Both humans and software make these decisions, and they had better be the right decisions-especially if one works in a regulated or confidential-data industry, such as financial services, the military, health care or the government.
Salem is fascinated by the decisions that must be made to answer these questions: Which data should we store? Which should we share? Which should we keep deeply secret, and which should be simply “confidential”? Each of these questions has a software control to match it, set by a company, a user or both in tandem. Symantec is one of the companies that offer this type of control.
How does Symantec develop this control so that it works correctly all the time? The answer is found in good software development.
An ‘Information Socialist’
Salem has described himself as an “information socialist,” and the term also applies to Symantec in general.
“There are certain people who want to horde information, thinking that they have more control and power,” Salem told eWEEK. “The term -information socialist’ means you want to share information. We think everybody gets better by having the right information. I’ve always been a big believer that sharing information is how you actually become successful.”
Information socialism goes way beyond technology, he added. It ventures into our lives in general. For example, information stored in social networks such as Facebook, Twitter, LinkedIn, FriendFeed and others is IT data that can exist in public forever. Thus, we are all responsible to be careful what we put into public purview. Make no mistake: Those are public forums, no matter what privacy controls may be in place.
“What’s interesting about technology is that you want to share information, but there’s certain information that you need to keep private for personal reasons, or you need to keep it secure because it’s intellectual property that requires confidentiality,” Salem said. “So our role here is to help people protect their own privacy and to help people control certain types of information.”
Marc Benioff, founder and CEO of Salesforce.com and a friend of Salem’s, also subscribes to the new-generation “socialist” description of how people are using IT. His Chatter in-house social network, with about 90,000 enterprise customers, is now the largest private social network in the world. Yammer and a number of others are also gaining traction in this space.
“Chatter opens things up, which is what you want, but you don’t want to create liability for the business because the wrong information gets out,” Salem said. “For example, the SEC tends to frown upon financials getting out before they’re reported.”
There are still many precautions that need to be taken when operating such internal networks. The access must be airtight, the security layer impenetrable and the storage bulletproof. No system is airtight, you say? You’re probably right, but companies like Symantec and its competitors are constantly working to stay ahead of the hacking bad guys.
Storage and Security Future
While head counts and software purchases in many business sectors have leveled off or are still dropping following the macroeconomic crisis of 2008-2009, storage hardware and data security purchasing remains on track or is increasing, thanks to the incessant amount of data flowing into businesses.
“In this economic climate, when one-third of CEOs are expecting their IT budgets to remain flat and many are expecting to see them reduced, the most important measure of your success isn’t the ROI,” Salem said. “It’s ROY: return on yesterday.”
Symantec appears to be well-positioned in the market at the present time. Its data-protection business is getting more robust as it starts to add more hardware into the mix with integrated appliances to simplify data-protection environments, Brian Babineau, ESG senior consulting analyst, told eWEEK.
“[Symantec’s] biggest competitor is EMC, but they should start paying more attention to CommVault,” he added. “[CommVault] just made some major organizational shifts, with more emphasis put on the SMB market and cloud offerings to address this [market]. Symantec needs to continue to resource this part of the solution portfolio to maintain its growth strategy.”
Salem, a Dartmouth College graduate, appears well-suited for his role at Symantec. He worked on the technical, sales and administrative sides in several companies-including two terms at Symantec that started in 1990-before being hand-picked by Thompson to succeed him in 2009.
“Enrique had a rough time at the start, but the company has really come around,” ESG’s Oltsik said. “DLP software sales are up 100 percent in 2011 over 2010. Symantec has done better than expected with the security assets it bought from VeriSign [in August 2010]. It has defended its desktop security well in the commercial sector and has grown share in the consumer market.
“The company continues to throw off a lot of cash, so I expect Symantec to continue to be aggressive on the M&A front. I’d say that this is Enrique’s company at this point. JWT’s [former CEO Thompson’s] shadow is gone, and Wall Street has gained confidence in Enrique due to some pretty good financial results.”
According to ESG, Gartner and other analysts, storage capacity doubles in the enterprise every 18 months, and security spending continues to grow. Thus, Symantec is smack in the middle of two very lucrative IT markets.
“Symantec should continue to be successful if it does nothing, but if I were to advise Enrique, I’d tell him to fill a few product gaps, continue to build a solutions-focused enterprise sales force, strive for leadership in storage/security SaaS services (even if it cannibalizes product sales) and add resources in growing economies,” Oltsik said.
On Salem’s watch, Symantec has posted a number of distinctions. For example, the company recently made Norton Online Family, an award-winning online family-safety service, available for free worldwide in 25 languages. This gives parents the comprehensive tools they need to not only block inappropriate Websites, but to also connect with their children’s online activities.
In terms of green IT, Symantec in fiscal year 2011 nearly doubled the number of U.S. Green Building Council LEED (Leadership in Energy and Environmental Design)-certified buildings it owns, from nine in FY10 to a total of 16, including an enterprise data center. In governance and ethics, Symantec created the Global Supply Chain Manufacturing and Fulfillment Code of Conduct for its Direct Suppliers.
Symantec is one of a handful of billion-dollar-plus-revenue security companies that offer a comprehensive enterprise security portfolio. This positions the company well moving forward.
“Our role is to help people share information, but not hurt themselves in the process, and do it in a way that allows them to get the benefits of sharing without taking unnecessary risks,” Salem said.
“I believe that I can bring people together by sharing information. I think it’s been proved that it works.”