Minerva Studio - Fotolia
Symantec Corp. Thursday confirmed rumors that the vendor plans to separate into two companies, with one focused solely on security while the other handles information management and data storage. The move was positioned by corporate leadership as a way to grow both halves of what has become an increasingly disparate business, but will the Symantec split ultimately fix the issues that have plagued the security division?
According to a Symantec press release, the company plans to complete the spinoff by the end of 2015. The newly formed security company will retain the Symantec name, and CEO Michael A. Brown will continue in his current capacity. Symantec said it will deliver a unified security platform that will rely on threat intelligence from its several endpoint security products.
The company also plans to consolidate its Norton-labeled offerings into one product, grow the managed security and incident response services portion of the business, and integrate its advanced threat protection and data loss prevention capabilities into its various security gateways. The refocused Symantec will feature endpoint security and management, encryption, SSL certificates, user authentication, DLP, hosted security and more, all of which accounted for $4.2 billion in revenue for fiscal year 2014.
What the new Symantec won't feature is the company's $2.5 billion information management business, including the NetBackup data backup and recovery software suite that was consumed as part of the company's blockbuster $13.5 billion merger with Veritas Software in 2005.
"It has become clear that winning in both security and information management requires distinct strategies, focused investments and go-to market innovation," said Symantec President Michael A. Brown in a statement. "Separating Symantec into two, independent publicly traded companies will provide each business the flexibility and focus to drive growth and enhance shareholder value."
Symantec split: Long overdue?
Symantec's breakup plan came as no surprise to industry watchers, who noted that the security and storage sides of the equation never truly meshed as the company had hoped.
Jane Wright, senior analyst with Technology Business Research Inc. in Hampton, N.H., said there had been signs that a corporate spinoff was in the works since at least two quarters ago, when Symantec began training its sales force to be specialists either in security or information management. Wright added that the move makes sense, as the needs of security customers are unique and require a much greater level of focus by vendors to satisfy them.
John Pescatore, director of emerging security trends at SANS Institute, based in Bethesda, Md., and the former longtime lead security analyst for Gartner Inc., said that Symantec's identity issues stem all the way back to the company's ballyhooed acquisition of Veritas, which was initiated only after Microsoft threatened Symantec's core antivirus business with the 2003 purchase of Romania-based GeCAD software.
Pescatore recalled attending the 2006 RSA Conference, the first after the Symantec/Veritas merger, and hearing then-Symantec CEO John Thompson deliver a speech on why security will become just another part of the larger storage and data management market.
"Security was not going to be a standalone thing anymore," said Pescatore, recalling Thompson's thinking. "[But then at the 2007 RSA Conference], he didn't mention storage once. Thompson left in 2008, and the strategy never worked from a user perspective."
Bob Tarzey, analyst and director at UK-based research firm Quocirca Ltd., said that because Symantec never did successfully integrate its security and data management business, the company has always operated like two separate entities behind the scenes.
Even though at the time many thought Thompson to be a successful, visionary leader who had grown Symantec's revenue and positioned it for the future, Pescatore said that the reality was that the vendor often seemed out of step with the rest of the security industry. For instance, Microsoft's 2003 acquisition of antivirus vendor GeCAD may not have killed that market off, but it did have the effect of putting downward pressure on antivirus product prices. While its competitors delivered cheaper offerings, Symantec kept prices inflated as it bundled more features into its endpoint security products.
Because of that strategy, Pescatore said, Symantec missed out on another trend in the enterprise security market: enterprises demanding less burdensome security software for client machines. Symantec's endpoint products became so bloated, he added, that in some cases enterprises would no longer update them so as to avoid issues -- Home Depot, for one, was found to be running outdated versions of Symantec software before its recent data breach.
"When you look at somebody like Home Depot, they can't install giant product suites with popups and so on," said Pescatore, "Symantec was going in the opposite direction of what businesses wanted."
Solution providers welcome Symantec split?
Although Symantec won't officially be split for at least another year, Symantec's channel partners already foresee a brighter future for Big Yellow sans its information management business.
Angelo Sciascia, senior vice president of sales and services at NetX Inc., a Symantec Platinum Partner based in Columbus, N.J., said that Symantec has long struggled to integrate newly acquired companies, which has made it difficult to stay on message with the huge variety of technologies under its corporate umbrella.
The vendor still has some industry-leading security products such as its data loss prevention tool, said Sciascia, which should enable it to remain competitive in the security market.
"Symantec as a stand-alone security company will be much better off," said Sciascia.
Kevin Wheeler, managing director at InfoDefense, a security-focused Symantec Platinum Partner based in Lewisville, Texas, agreed with Sciascia that Symantec's DLP product is "second to none" and that the company shouldn't leave the endpoint security market, where it remains one of the leading vendors.
Some of Symantec's products have fallen to the wayside over the years though, according to Wheeler, as the vendor, based in Mountain View, Calif., has struggled to juggle marketing and sales for both its security and information management businesses.
"I think there's no doubt that, because of the way the security market has changed with all of the new threats and technologies emerging, you have to be fully committed and focused on information security," said Wheeler.
After Symantec split, what will the future hold?
Pescatore said that a security-only Symantec could indeed be the springboard for the company to become an across-the-board market leader again, but cautioned that much work is still required for the vendor to complete a full transformation.
For one, Pescatore said Symantec must become more competitive in emerging areas such as mobile device security, where enterprises no longer work on five- and 10-year technology-refresh cycles thanks largely to the acceptance of the BYOD movement and consumer-focused cloud storage offerings like Dropbox. That new corporate IT environment requires vendors to be much more focused and quick to respond to emerging trends, Pescatore added, which is exactly what tech behemoths like Symantec have struggled to do recently.
Symantec's slimmer profile may help with that aspect, he said, but there's still room to toss out some non-competitive product lines like its SIEM offering, as well as improve on the custom support problems noted in recent Gartner Magic Quadrant entries.
There's also the matter of retaining leadership long enough to deliver on a single, streamlined vision -- Brown became Symantec's third CEO in as many years after the company ousted Steve Bennett earlier this year.
And until Symantec makes those necessary changes, Pescatore advised its enterprise clients closing in on end-of-support contracts to seek reassurances from the company regarding its 2015 roadmap, and to be willing to drive for discounts if they choose to renew services.
"Focusing on security alone isn't going to make Symantec nimble," said Pescatore.
Learn how the endpoint security market is changing to deal with a new threat landscape.
Read why Symantec was searching for a strategy as far back as 2006.