Symantec's Top Exec Outlines IT Challenges As Users Merge Personal And Business Tech

Shifting Focus

Enrique Salem, Symantec president and CEO, told CRN editors in advance of this week's Symantec PartnerEngage conference that new technology is making it possible to merge the personal and business digital lives of users in a single smart device such as Apple's Tablet PC.

That merging of business and personal digital personnas, however, is causing problems for corporate IT departments which have to design new ways to store and protect the business data their users will increasingly be able to access from wherever they are.

As a result, Salem said, Symantec has had to shift its focus from solving point storage and security problems to looking at how these problems interconnect with how users' IT habits are changing.

And that, he said, means basing future strategies on the consumerization of IT and the "IT-ization" of consumers.

The Consumerization of IT

One primary megatrend driving Symantec's worldview is the consumerization of IT, where consumer adoption of new products like Apple's iPad put pressure on IT departments ill-equipped to control the flow of corporate data through personal devices. Salem said analysts expect between 11 million and 14 million tablet PCs to ship this year, with many being used for both business and personal activities.

"IT shops of all sizes are saying, 'How do I manage all these new technologies?'" he said.

Symantec is also watching what Salem called the "IT-ization" of consumers who, despite their lack of IT skills, are adding more smart devices to their homes and often using them to access corporate data. "Home users don't have the technical sophistication," he said. "We need to think about what we are going to do as a company to help."

Mobility And The Business Side Of Social Media

Salem said users merging their business and personal digital lives are also increasingly mobile, adding to the complexity of protecting and securing their data.

Citing IDC estimates, Salem said there are 1.4 billion PCs and 1 billion smart devices connected to the Internet this year, and that next year there will be more Web-connected smart devices than PCs. In addition, Salem said, American Express estimates there will be 10 billion smart devices connected to the Internet by 2014.

The traditional mobile phone was not an intelligent device, and will be replaced by smart devices, he said. "Every handset going forward will have Internet capability, will have smart interconnects."

Businesses are also looking to social media for alternatives to communicating by e-mail, Salem said. "Before you know it, hundreds of e-mails have been generated to get one simple answer," he said. "We think that that model is fundamentally broken."

What The New World Of Merged Digital Personnas Will Look Like

Salem illustrated these trends with a story about a hypothetical employee who wakes up in the morning via an alarm clock app on her smart device, and then uses the device to check her business and personal calendars. She then gets an alert from her boss after which she sends out queries via the company's social network for more information.

The employee then goes to the office and places her smart device on any open desk where she is automatically logged on and gets the answers from her queries. As she is walking into a meeting with her boss, she collides with a colleague and drops and breaks her device. However, her boss logs out of her device and hands it to the employee who then logs back into her information to do a presentation.

In this situation, Salem said, a lot of things are happening in the data center which are invisible to the user. For instance, if there is a problem in the data center, operations seamlessly switch over to a backup data center.

New Technology To Focus On People, Not Just Devices

To meet new challenges posed by the merging of end users' personal and business lives, Symantec will focus on the user, and not on some point-solution to a specific problem, Salem said.

Identity security or technology which ensures that a user is really who he or she says they are, will be an important part of any solution, Salem said. Symantec has already started moving in that direction with the acquisition in August of VeriSign's identity and authentication business, but there is a lot of work to be done to ensure privacy, Salem said.

"Think about it this way," he said. "I have this device in California, and somebody tries to log in from New York as me. If you geo-locate a computer in New York and a device in California, now you know there's a problem."

People And Information Protection

Just as important is information protection, which includes keeping people from stealing information, whether from inside or outside the company, and recovering information in a disaster, Salem said.

Focusing on the context and relevance of data will be just as important as the data itself, especially with the continued fast growth of unstructured data, Salem said.

"There's too much data," he said. "We need to have better ways of classifying it. Every account that I deal with is looking at how to organize unstructured data in a way that they know what they need to keep, what they need to deduplicate, what they need to back up, what they need to charge who for the usage of that information. We have to have a better way of characterizing our structured and unstructured data, because otherwise it's overwhelming."

The Importance Of Classifying Information

Not all information needs the same level of protection, Salem said.

A CIO recently told Salem he classifies his company's data as restricted, confidential, and open. About 20 percent is in the restricted category, which includes customer data that must be tightly controlled. Another 20 percent to 30 percent is confidential data, which is data that is important to the company and which the company prefers does not get out into the open. The remainder, about 50 percent, is open data which is protected by such technologies as firewalls but which if it gets outside the company is not a major issue.

"That 20 percent that's restricted? They said that's a huge liability for our company to have that information leave our hands," he said.

Policies And The "Three i's"

Symantec sees a fundamental shift towards attributes being associated with a company's people and information that allows companies to start writing policies to tie the two together to meet what Salem called the "three i's."

The first is invincibility, which includes such functions as availability and disaster recovery along with the level the protection needed for a specific applications.

The second is invisibility of the infrastructure to end users so that they are not required to change the way they work in the name of security and availability. "IT shouldn't force you to change because they need to do something," he said.

The third "i" is inexpensive, which Salem said comes from finding efficiencies from both the acquisition and the operation of new technology. For instance, he said, security which is set too high can cause a false positive, which requires assigning personnel to check on too many problems.

Living In The Stacks

While a lot of vendors are trying to build complete hardware and/or software stacks to become a one-stop IT provider, Symantec feels that data protection and security must transcend the stack and be available regardless of who runs a customer's data center, Salem said.

"We have a very specific point of view, that is, an information-centric view," he said. "And that information you're looking at, some is related to Oracle, some is related to SAP, some is related to Microsoft. But it's about the information for us. And the information will not live in any one stack."

Salem also said that the stack vendors have yet to look beyond the large enterprise customers into the SMB. "But even there, they need companies like us to say, I know what intellectual property you need to worry about," he said. "I know what ideas you need to protect. And I know how to do that."