When Steve Bennett took over as CEO of Symantec, he promised to deliver a new corporate strategy within his first 6 months on the job. After discussing the company with customers, partners, investors, and analysts around the globe, Bennett and other executive managers unveiled its “Symantec 4.0” strategy yesterday afternoon.
Clearly a lot of the announcement was targeted at Wall Street with details about growth rates, margins, dividends, etc. I’m no expert in this area so I’ll leave the financial analysis to the 20-something Ivy Leaguers in lower Manhattan.
From a technology and industry perspective, it is clear to me that Bennett and team “get it.” In other words, they get where the security industry is going, what types of security technologies customers require, and where Symantec has strengths, weaknesses, and opportunities. In my opinion, the most positive aspects of the announcement included:
1. A security solutions focus. Symantec is a market share leader with a number of its security products but it hasn’t been very good at integrating products into solutions. Symantec recognizes this weakness and outlined some plans for integrated solutions in 3 areas: Mobile workforce, Information security, and information management. I especially liked its plans to build a big data security analytics service on the back of its MSSP and security intelligence offerings. Given the combination of new threats, new technologies, and the security skills shortage, this service could be wildly successful.
2. Streamlining sales. With its history of acquisitions, Symantec's sales force had more disparate groups than the United Nations. What’s more, customers joked that you needed an army of contract specialists and lawyers on your security technology procurement team when negotiating with Symantec. Symantec should be able to increase sales just by eliminating existing layers of sales process, pricing complexity, and complex contracts.
3. Vertical industry specialization. Symantec will double-down on its public sector focus where rival McAfee has been killing it for years. Symantec will also customize products and go-to-market strategies for other verticals including Telecommunications and Financial Services. Good move as vertical security solutions become more specialized because of industry-focused threats, regulations, and business processes.
4. Organizational changes. Symantec is bringing product groups together under fewer layers of management. This could reduce headcount, improve communications, and boost efficiency. At the same time, Symantec will hire new talent in areas like marketing and engineering to support its strategy.
These are big and necessary changes and a good start but Symantec needs to push further as strategic gaps remain such as:
1. Network security and SIEM. I estimate that .50 cents of every security dollar is spent on firewalls, VPNs, IPS/IDS,SIEM, etc. Once Symantec exited the network security space a few years ago, it virtually ignored this strategic area. Symantec mentioned that it would pursue partners but it didn’t provide a timeframe or details. Ditto on SIEM, a critical market where competitors like HP, IBM, LogRhythm, McAfee, RSA, and Splunk reign supreme. How will Symantec participate in these markets? It didn’t say yesterday but it needs to if it wants to truly provide enterprise security solutions.
2. A software architecture. Symantec needs to build and market a software architecture that provides a foundation for security solutions integration. This would help Symantec integrate its own solutions and also help the company recruit and support third party partners. Enterprise software architecture may already be part of the plan but Symantec didn’t talk about it. On a similar note, Symantec needs a partner ecosystem but this discussion was also absent.
3. A security framework for marketing communications. Even with a focus on security solutions, it’s hard to understand how Symantec views enterprise security holistically. To sell solutions rather than products, Symantec needs to think, empathize, and communicate at a CIO/CISO level. This is new territory however and Symantec needs to up its game.
4. Stickiness. Yes, Symantec backup products are sticky, but I would argue that its anchor security products don’t fit this model and many could be easily replaced by competitive offerings. McAfee built portfolio stickiness with ePO. Symantec needs to do the same thing with Symantec Protection Center (SPC) or find other sticky products to anchor customers.
Bennett recognizes that Rome wasn’t built in a day and proposed a realistic timeframe of a few years to complete this transition. Nevertheless, Symantec should communicate regularly with the market as it progresses. Finally, Symantec talked about “organic growth” signaling that it will slow down on acquisitions. Given its product portfolio gaps, eschewing M&A would be a mistake. Symantec should be willing to support its strategy with creative startups like Damballa, FireEye, Invincea, or Malwarebytes where appropriate.