News Stay informed about the latest enterprise technology news and product updates.

When security firms merge, some users are losers

Some users see their services improve when IT security vendors merge with other companies or get acquired. Others say they've been left out in the cold.

When one security vendor merges with another or is acquired by a larger IT provider, the parties involved always tout the benefits customers can expect -- better help desk services, a wider array of management tools and the tighter integration of security into the larger infrastructure. Unfortunately for some users, those benefits don't always materialize.

When I heard of the acquisition, I was worried about whether talent would be depleted and whether service would wither.
Franklin Warlick,
senior messaging systems administratorCox Communications recently interviewed IT professionals whose security tools passed from one vendor to another to see if they're still happy with the products. Some are pleased with the end result, while others say they're frustrated by a drop-off in quality and support.

One unhappy customer is Farhad Karampour, an IT engineer with Newton, Mass.-based MIS Alliance Corp., which provides IT management services to small- and mid-sized businesses. Many of his clients use Symantec Corp.'s Backup Exec, a network-enabled backup product the Cupertino, Calif.-based antivirus giant acquired when it purchased storage company Veritas Software Corp. in late 2004.

Before Symantec took over, Karampour had no trouble renewing his clients' support licenses and found that the people working for Veritas' help desk could almost always help him resolve a problem. It's been the opposite scenario under Symantec, he said.

Using acquisitions to boost security:

In an effort to improve the security of their products, many large IT vendors have acquired third-party software companies. Here is a look at some of them:

-- JUNE 2007: HP announces it will acquire SPI Dynamics.

-- JUNE 2007: IBM announces it will acquire risk management software vendor Watchfire Corp.

--FEBRUARY 2007: EMC Corp. announces a definitive agreement to acquire data security firm Valyd Software Private Ltd.

-- JANUARY 2007: Cisco Systems Inc. announces plans to buy Internet security gateway appliance vendor IronPort Systems for $830 million.

-- JANUARY 2007: Fortify Software Inc announces its acquisition of Secure Software Inc.

-- DECEMBER 2006: IBM announces plans to acquire Consul Risk Management Inc., whose software tracks employee behavior and unauthorized records access.

-- SEPTEMBER 2006: EMC Corp. announces its $175 million acquisition of security event management vendor Network Intelligence Corp.

-- AUGUST 2006: IBM announces the $1.3 billion acquisition of Internet Security Systems Inc. (ISS) to bolster its position in the managed security services market.

"The technicians handling calls regarding Symantec Backup Exec don't seem to be as knowledgeable as when this software was supported by Veritas," he said. "It takes an average of 45 minutes or more to get a support technician on the phone."

One day, after waiting 45 minutes and then getting a technician who couldn't help him address his problem, Karampour asked to speak to a manager. He said he was disconnected after spending about a minute on hold.

He said it's been a nightmare trying to resolve the licensing issues, including the process for accessing the product installation keys. "To receive the license key for some of our clients, I have spent hours without any resolutions and the final answer during the support call is for Symantec to follow up and send an email with the requested information," he said. "The software continues to do a good job. The problem is the service."

Karampour believes Symantec bit off more than it could chew when it took over the product and that its technicians were not properly trained to deal with Veritas-related questions.

Symantec acknowledges problems
Symantec doesn't dispute that there have been problems. Last November, Veritas and Symantec enterprise resource planning systems were merged, resulting in new licensing, ordering and support programs that will ultimately streamline customer and partner processes, a company spokeswoman said in an email exchange. But in the short term, she admitted, the waters have been choppy.

"As expected with an infrastructure change of this magnitude, we are working through a period of transition with our partners and customers," she said.

In some cases, she said the problems are more cultural in that customers need to learn new procedures or processes to use the merged systems. In other cases, customers are running into technical problems on Symantec's end.

"However, Symantec has continued to process orders throughout this transition, and processed more orders in the month after the merger than were processed the month before or in the same month last year," she said.

She said Symantec is taking specific steps to resolve all issues. This includes increasing the capacity of its customer support lines and keeping in touch with the community via the company's Web sites, outbound emails and account-specific calls. The company is also working to resolve invoicing and reporting issues on an individual basis and is giving customers more time to make the transition.

"We have corrected the most serious issues already and are working with our partners to reconcile reports to ensure that processed orders were properly shipped, fulfilled and invoiced," she said.

A smoother transition
While the transition from Veritas to Symantec has been difficult for Karampour, other IT professionals report that their product support has improved or stayed the same following the acquisition or merger of their vendors.

Franklin Warlick said he was initially terrified to learn that his messaging security vendor, CipherTrust Inc., was being acquired by Secure Computing Corp., a San Jose-Calif.-based provider of security appliances, firewalls, and programs for identity and access management and content management and filtering.

"CipherTrust was a huge success story here," said Warlick, senior messaging systems administrator for Cox Communications, a multi-service broadband communications company with approximately 6 million customers across the United States. "Support was good. We had no complaints. When I heard of the acquisition, I was worried about whether talent would be depleted and whether service would wither."

His concerns proved to be unfounded, and today he happily uses Secure Computing's IronMail product to keep spam and other malicious content out of the company's 30,000 email inboxes.

A few weeks after the acquisition was announced, Secure Computing invited Warlick and other customers to a roundtable discussion where he was able to meet the CEO and get a better idea of the company's intentions.

"I saw they were keeping a lot of CipherTrust people at top levels," he said. "Once I saw it wasn't just about buying the product and releasing the people I quickly relaxed."

He said his product has not changed since the acquisition, though he's optimistic the company will add functionality to help enterprises combat Web-based image spam. He has also used the customer support system two or three times since the merger without incident.

Looking ahead, Warlick hopes Secure Computing will add more reporting capabilities to the product. "A better interface for customer reporting is something we hope for, and I was told it's coming," he said.

Too soon to tell
For others, it's simply too soon to tell if the quality of their security products and services will change as the result of a merger or acquisition.

Bryan Sowell, authentication services engineer for a large Fortune 500 company, is an RSA Security customer who has seen no change since the company was acquired by storage giant EMC last summer. He said it's probably too soon to tell what the overall impact will be, but for now he's cautiously optimistic.

"I haven't seen any change in the service or effectiveness of the RSA solutions," he said. "EMC did not have any competing products with RSA, though, so there were none of the traditional issues associated with acquisitions."

Dig Deeper on Security vendor mergers and acquisitions

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.