IT security technology vendors need to change their businesses to respond to new requirements, such as making products that not only protect from attacks but detect them before they hit, Symantec Chief Executive Officer John Thompson told a packed audience at the RSA Conference in San Francisco Tuesday.
In a keynote address at the annual security show, Thompson justified his company's recent merger with data backup company Veritas Software Corp., saying that Symantec and other security companies need to expand into areas such as storage and systems management to remain relevant.
Thompson offered a strong argument for his company's planned merger with Veritas, defended his company's traditional security business and took shots at Microsoft, just one hour after that company's Chairman and Chief Software Architect, Bill Gates, announced plans for new security products and features that could eat into Symantec's bottom line.
Thompson said he applauded Microsoft's security initiatives, but that they were "insufficient for large enterprises," because they did not provide security for heterogenous computer networks that use different operating systems and technology platforms.
Unlike Microsoft, Symantec is a company that sells tools that work in environments with disparate technologies and wasn't distracted by "computer games and a lot of other, unrelated stuff," Thompson said, to applause from the audience.
Companies are being squeezed by data privacy regulations from the U.S. government and from many states on one side, and by virulent and costly threats such as SQL Slammer on the other, Thompson said. To protect them, IT security companies have to redefine their roles by making products that integrate with hardware clients and that reduce the cost and complexity of enforcing security and regulatory compliance, he said.
Simply protecting the network perimeter is no longer adequate because network administrators and chief information security officers need tools that can detect attacks before they hit an organizations' network and make sure that corporate data is protected, he said. "In the old world, security was different from storage and systems management. Under the new paradigm, those silos go away," Thompson said.
Thompson likened Symantec to United Parcel Service, which changed its business focus from small package delivery to global logistics and supply chain management in the late 1990s. Symantec will use its merger with Veritas to move beyond security and stake out a place as a provider of information management technology, with better ability to manage issues such as system availability and network access.
Wall Street investors and customers have been skeptical of Symantec's strategy in agreeing to acquire Veritas for around US$13.5 billion in December. The company's stock price is down by around 30 percent since the Veritas merger was announced. Industry experts have raised concerns over a lack of obvious integration between the two companies' products, fears of layoffs at Veritas and technology overlap with PowerQuest, a storage management software vendor Symantec bought in September 2003
On Tuesday, Thompson brushed aside those nagging doubts, and said that his company and others like it would profit handsomely by recognizing the shift in the security technology industry and redefining their role to accommodate it. "Leaders don’t follow," he said. "Innovators see ideas where others can’t and fortune favors the bold."