Symantec CEO opens up on future with Veritas

By Mark Schlack, Vice President Editorial, Storage Media Group
14 Apr 2005 | SearchStorage.com

At the end of 2004, Symantec Corp. and Veritas announced that they would merge, bringing together the leaders in independent security and storage software. Today, Mark Schlack, vice president of editorial for TechTarget's Storage Media Group, got a chance to sit down with John W. Thompson, chairman and CEO of Symantec, at Storage Networking World, to talk about the implications of that merger for storage managers.

Storage Media Group: Looking at Veritas' history and where you might go with them, is there an opportunity you see that perhaps they didn't see before the merger?

Thompson: We had a similar view that data is the critical asset that a business has today. And as such, you need to not just store it, but protect it, ensure its availability, ensure its integrity. Hence, marrying security and storage management technologies are a natural evolution of both of our businesses.

I think there are some things that we have in our portfolio that could be helpful and complementary to Veritas, particularly around our alerting infrastructure. We have an enormous asset base around vulnerabilities and network attacks. You can think about the notion of using that to trigger real-time or dynamic backup, to trigger storage or server provisioning or reprovisioning actions. Those are all things that would be a wonderful bolt on or addition to the Backup Exec/NetBackup suite of products.

Storage Media Group: How strong a proposition is this idea of integrating storage and security management?

Thompson: We obviously think it's a damn good idea!

Storage Media Group: Let me ask it a different way. Is this merger about creating a company with a broader portfolio or do you really expect this integration to occur at the customer level?

Thompson: The answer to both questions is yes. Let's be clear: The resulting company will be a $5 billion company growing at more than twice the rate of any software company above $3 billion. It'll have global operations in 40+ countries around the world. It'll have 4,000 engineers, almost 4,000 people in sales and systems engineering. So it will be a company of some scale and hence, oh by the way, has leadership positions in both storage and security. So we start from a platform position that's pretty damn strong.

The question becomes, what do we do with it from there?

I do believe that in today's environment, where information must be more accessible to those who have to have it, the security problems are more paramount than ever before. The fact that companies opened their electronic doors and the Internet became a business tool, that's not a proposition that the economy around the world is going to go back on...How do we manage, in a controlled and disciplined way, access to the most important asset any business has, and that is its information.

What are the two fastest growing segments of the IT industry? Security and storage management.

What are the two items that CIOs say are their highest priority? Security and storage management.

So it's inevitable that these things will come together.

Storage Media Group: Who are the two groups of people in IT who have never even met each other?

Thompson: Bingo!

There are inflection points in markets around the world that have to be dealt with -- some driven by technology, some driven by user demand. I argue that this is a convergence that's driven by both. In many instances, the users on neither side recognize the opportunity. They see the problem…but they're so siloed they haven't quite stepped up to "Gee, I have to think differently about this."

Slammer was the "Aha!" event for us. Slammer changed the way we did IT inside Symantec. We moved our CISO [chief information security officer] from worrying about operating the firewalls to worrying about security policy and security practices and security compliance. We asked the operations staff to worry about how well deployed, and how well managed the firewalls were…We moved the operational things around security to operations staff where it belongs and forced them to become more security conscious, and elevated the role of the CISO to be much more focused on risk management and policy compliance. That's an issue that I think financial service institutions, in particular, have come to grips with. I don't think many others, unless they are very, very data-intensive businesses, have reached that "Aha!" point yet.

Storage Media Group: Close the loop for me here. In doing this at your own company, where did the storage part come in?

Thompson: Storage was managed by operations all along. We collect enormous amounts of data about online transactions and customer buying behavior, and so on. We never really thought about it in the context of it being married to security, but we did start to think, gee if that data got compromised in some way, we could find ourselves, the trusted security company, being not so well trusted. It would be an enormous, enormous impact to our brand.

So this notion of operations being responsible for security is a critical part of how we control the information access of our company.

Taking the pain out of dealing with Veritas

Storage Media Group: There are two questions I get from Veritas customers most of the time. One is what are they going to do to integrate their products to work in storage area networks since it's still really a host-based approach? And two, is their pricing model going to change? Veritas really hasn't cracked the nut of network-based pricing, to find a way to make money in that environment.

Thompson: Pricing is the bane of every technology company's existence … I'd like to think that there will be a little flexibility that comes from a company that has the scale that we have to tune the pricing model around the margins. That's not to suggest that tomorrow we're going to come up with some whole new gigantic pricing system because we do have a $5 billion combined forecast for the combined companies. Therefore, we'll have to be careful about how we tune the pricing model.

The one thing that I hear from customers all the time…is that the pricing and licensing process, the negotiating process with Veritas is painful. While that may be true for Symantec as well, we don't hear that as much at Symantec. So maybe we can apply some of our disciplines or practices to the Veritas business to make that more acceptable for customers. You clearly don't want to have customers who feel like the experience of buying your products was so horrible that you forget about the value that you derive from using the product because you have to go through this annual brouhaha on renewal, or whatever the renewal cycle might be.

Storage Media Group: Is that about being a kinder, gentler company, or is it about the actual terms of licensing?

Thompson: I think it's about both. The licensing terms clearly have to be relevant to what customer expectations are. But I also think we bring a brand promise…that's all about trust and we don't let our business operations get in the way of compromising that one core value…. So if the negotiating process is less than crisp, if it creates angst with customers, that could undermine relationships, that could undermine trust over time.

Storage Media Group: Do you see any changes in Veritas' business model?

Thompson: One of the interesting things going on in their research labs is using anomaly detection techniques for detecting unwarranted or unnecessary access to databases or storage devices. Think about being able to add that to the foundation layer of the storage infrastructure. Probably not a bad idea, particularly when you think about today's environment where Lexis/Nexus just announced not a 100,000 records, but 300,000 records put in the public domain. So this notion of protecting data at rest and stronger relationships with the likes of HP or NetApp or IBM – people who feel like their competitor is EMC – will be a good thing for Veritas. And hopefully, the combination of the two companies can do something that's uniquely different than EMC could ever do.

Storage Media Group: How do you interpret Veritas' relative lack of success in integrating even storage and systems management?

Thompson: I don't think they've been at it that long…When you buy little things, how do you give them the attention that they really need? When we buy little stuff, we cordon it off and put dedicated leadership and mentorship and stewardship over it, or it gets lost… You have to have a management process that allows you to take little things that you think are strategically important and nurture them. We've learned that the hard way.

It may very well be that the issue you point to with Veritas is whether they took the right management process for nurturing what were really startups that got lost inside a company that's $1 to $2 billion big.

Storage Media Group: Should users be looking for anything along those lines in the next year from you?

Thompson: Ajei Gopal, who was Symantec's senior vice president of technology and corporate development, will lead the business unit responsible for principally the management technologies and all of our offshore development activities…The stewardship of trying to figure out how do we blend these technologies to try to create a true platform where you can integrate storage and systems and network capabilities and security will be stewarded by Ajei.

Chris Hagerman will have to worry about whether the Veritas clustering capability gets more rapidly deployed across a range of platforms. Does the foundation layer for the file system get more broadly deployed? What is the strategy for the Linux environment for the file system technologies? There are very specific strategic questions each team will have to address. I believe out of this the new Symantec can look at an infrastructure and make decisions about how it should be managed.

The concept here is "How do you make the infrastructure as resilient as possible?" And storage is just one component of that infrastructure. Yet we have enormous assets between Symantec and Veritas to deal with the systems layer. We have few assets to deal with the network layer and the question becomes, is that a place where we need to go, near term? I don't think so. Do you want to go and fight Tivoli and Computer Associates for the network management function, or do you want to be in the same business as Micromuse or some of the smaller companies that are doing specific network management capabilities? My answer to that now is "No, we've got enough on our plate."

Paying more attention to the mid-market

Storage Media Group: EMC is obviously the big dog in this space, but do you worry about companies like CommVault?

Thompson: Sure. They paid attention to a segment that Veritas wasn't paying attention to. There is no reason for CommVault to exist.

Storage Media Group: How do you define that segment?

Thompson: Middle market. What Veritas calls the commercial territory. It's just below the large enterprise, a customer who has big data needs, but doesn't have 50,000 users. It's a company the size of Symantec, perhaps. They've done a terrific job in penetrating that market -- good strong and consistent channel focus, very competitive product, consistent pricing. They've done a good job.

Storage Media Group: Do you need to compete with them now?

Thompson: We need to compete with everybody who's doing the same thing we're doing. And we expect to win.

Is integration desirable?

Storage Media Group: Do you believe that IT, especially in larger enterprises, has become more specialized and that in fact, at the rubber meets the road level, there are very few people who need to see a lot of different things?

Thompson: The reason the big frameworks failed is that they gave a view into the environment, but not necessarily the capability to do anything about the problems they identify. And it's their failure that made companies like Symantec and Veritas successful because we built the tools that allowed you to do something about it. People who get confused about the systems view are also less knowledgeable about the operational tools that make the systems run. That's where these two companies have cut their eyeteeth.

We expect always to be able to integrate into OpenView and Unicenter and Tivoli because that is a view. But we will also have our own view of the specific domain that we manage. In the storage domain, there ought to be a way that you can look inside it, independent from a Tivoli or Unicenter point of view, because people who only do that for a business, as opposed to monitoring a whole system, will want to know that.

What you can't do is execute a strategy the way Tivoli or Unicenter did, which is "Here's all my stuff, buy it all, and I'll take care of you forever." None of it worked, it never got deployed, it was some of the greatest shelfware ever created.

The idea is, build operational tools that solve a particular problem, are prerequisites and core to one another, don't necessarily dictate that you take it all, they interoperate well with each other and work well with platform providers that have been installed by customers for many years. That strategy we believe allows us to coexist in a Unicenter world and over time, perhaps displace them.

Storage Media Group: Do you think Veritas is facing that problem in that they have a lot of piece parts, but to integrate them you have to have Volume Manager and File Manager? Is that really going to hold forth in the future?

Thompson: We will certainly have to rationalize the technology management layer that sits between the backup products, and the storage and file management products that Veritas has. That is…inevitable. We also have to include in that the backup and recovery capabilities that are in our LiveState platforms. It does things that Backup Exec and NetBackup don't do. It does not just storage recovery, but it does recovery all the way down to the bare metal, which is an issue for many of the distributed environments.

How do you use intelligence about a vulnerability to shore up the infrastructure so that it is more resilient? And if it does get attacked, how do you recover it as quickly as you possibly can? In many instances, the outage isn't a network breach, it's a failed server. One of the real issues in a server environment is whether you have an identical server that I can recover the image to. LiveState allows you to recover to dissimilar hardware – no one else does that. That's a wonderful capability that's in our portfolio that we can marry to the Veritas assets.

Copyright 2000 - 2005, TechTarget

Questions or problems regarding this web site should be directed to abeckman@outdoorssite.com.

Copyright © 2008 Art Beckman. All rights reserved.

Last Modified: March 9, 2008