Q&A: Symantec CEO On Company Transformation, How It Will Look To Define Future Of Platform Security

Symantec CEO On The Record

There's a battle emerging in the legacy security market, with top vendors vying to be the platform security vendor of choice. The latest example of that was McAfee's spinout from parent company Intel earlier this year. But, Symantec CEO Greg Clark said he isn't worried about the effect it will have on his own business. Symantec has been going through a transformation of its own over the past few years, he said, and is positioned to win in security with a platform strategy. CRN sat down with Clark to talk about Symantec's transformation and where the company is placing its bets, just as McAfee looks to place its own and startups look to take share from the security giant. Take a look at what Clark had to say, and why he said partners should jump on board with Symantec for the long haul.

Talk about the transformation of Symantec – where do you stand today versus five years ago?

I think if I just hit the headlines on that story, a number of years ago Symantec decided at the board of directors to return the company to a pure-play cyberdefense firm. In order to do that, the storage business under Veritas needed to be divested. That completed a little over a year ago. … Then the board focused on the need to do a strategic transformation to change the game in cyberdefense and looked around for how to do that. Something that resonated with them [was] the transformation to cloud that was happening in the world across midmarket, large enterprise and, of course, even small to medium-sized business. That led to the acquisition of Blue Coat. … [It was a] match made in heaven that we've created. Let's say there were eight products that really mattered to you and your cyberdefense in the enterprise. Symantec is now vending five of them, and of the five, four are the leader in the Gartner Magic Quadrant. That's a very strong position to be in.

How did the Blue Coat acquisition, in particular, position Symantec better in the security market?

When you move in the cloud you care about four things. You care about your users, whether those users are employees, partners or customers. You're responsible for the data no matter where the data lives, whether it's in your data center or a public cloud, or anywhere else. You transact over two dial tones, web and messaging. You frame the cloud generation over users' data applications running over the Web and messaging Symantec's the clear leader. That has really resonated with our customers and all the analysts. If you look at where can you get a good barometer for industrial logic, go to the stock market. When you see a stock increase when you spend almost $5 billion on an acquisition, that's pretty good, especially when it's the large cap stock and requires a lot of investors to support that kind of thing. I think the industrial logic of what we were doing was absolutely applauded by the investment community.

What are other areas of the business that Symantec has invested to transform?

Consumer security matters. It's really important. Enterprise has run into it every day. It would be where BYOD devices show up and firms that are not secure are not good for anybody. We have a very strong consumer business inside Symantec, and for many years all of the folks that were dealing with malware protection for consumers have been hammering away at it, and Symantec had been the best at it and continued to win the awards for doing that best. The AV test awards are still ranking Symantec Norton as No. 1. … We landed on a transformational message for consumer that was around digital safety. … We've repositioned our Norton brand as your digital safety partner for consumers as citizens. That was underscored by the transformational acquisition of LifeLock. [This] really gave us a boost in terms of putting a much bigger annex over the market around digital safety and going to our customers and bringing a value proposition that was fantastic.

What's your pitch about why solution providers should partner with Symantec?

If you were a partner, who do you want to hook your wagon up to long term in this industry? If you think about the cash flow that an organization of our size, $5 billion -- more than two times larger than the cyberdefense entity inside of Cisco and way bigger than the others – has to invest. … If I was a partner I'd want to make sure that I was selling Symantec products because you're going to be doing it for a long time, and I think we're going to make you happy to show up at a customer that's bought our product from you because we've got robust road maps and we're going to be relevant as security . ... Things change every 10 years. We have the capacity and the balance sheet to make sure that we're relevant.

Then I think the other point I was going to make, is track record. If you look at management … we have proven our ability to predict the future well. Our ability to integrate acquisitions, deliver real value to the customer of the integrated cyberdefense mission. … We have a track record of actually being able to do that.

Do you think the spinout of McAfee from Intel will affect Symantec? Do you see it as a competitive threat?

No, I don't. Of course, we have respect for all of our competitors in the security industry. It's a very vibrant place. McAfee is definitely someone that we definitely think is a viable competitor for sure. There's always challenges when things like that are happening. It's difficult. We think that there's a few headwinds there, but really what I try to focus on is just making sure that our products are the best. … We're the only company that delivers you a complete stack, globally deployed, globally supported, and all the other big guys don't have that. Just go look at McAfee, IBM, Check Point, Palo Alto, FireEye -- none of them have that network. I maintain our share, and we're going to grow our share in some of these [markets]. I think we're also the guys that have got the cloud sorted out, and we've got great technology for the adoption of cloud applications. … I think we're a force over here. We're a profitable cyberdefense firm, 3,500 engineers, and when we get up in the morning we come to work all we do is start a cybersecurity defense. We're the biggest and we're the most profitable.

How important is it to have all the pieces of the security puzzle in your portfolio? McAfee is taking a different approach.

I think if your costs are up for security in a large company and you're faced with, 'Do I pick Vendor A or Vendor B?" if I've got a full integrated set of five products versus an integrated set of two products [I will choose the one with more integrations]. … Then when you look at the Magic Quadrant and you say, 'Who leads the Magic Quadrant?' and you sort it out from who's the leadership position across those things, we win.

I think it's about total cost of ownership or cost of operation, and every time you build your own Frankenstein your 15 guys that did it become very important, very expensive, and turnover's high. Security is about customers because there's not enough staff in the world. … You need architectures and you need pre-integrated technology. I think we've got a good track record of getting ISVs to code to our APIs, and we have a very good starting point with a bunch of technology that's already working.

What do you say to partners about balancing platform versus best-of-breed technology?

I think when you're a buyer, or a reseller, or a partner, consulting or services, you want to be proud of the recommendation you've made two or three years back. What gets you long-term commitment from your customer is you didn't sell them something that they have to replace. That's very difficult. I think the core products that we're onto here you're not going to have to replace them, you're going to be proud of them, and we're going to deliver feature set for a long time.

That's the message I really am trying to get through to the partner community. Sometimes they have to sell a best-of-breed point product. Often that's good. Often the point product – the best-of-breed product -- will give them a better discount so they'll actually put more money on the initial product sale when they want it. That's shortsighted if that company isn't there two years from now. Then you go back to that customer, you are not going to be popular. We say we're a safe bet on a whole bunch of that stuff, and not only that we're the leader and we're going to continue to innovate.

How do you think the balance of power will shake out between big, legacy security vendors and up-and-coming startups?

History always repeats. You go back to 2000 or 2003, venture capital was overzealous and pumped up some of these companies that have an interesting idea but don't make any money. They end up with these huge -- what's now called unicorn valuations -- which poisons them. Then as your 10-year life cycle of funds starts to run out, it's like musical chairs and each year there's less chairs. Then it turns out that one of the companies makes it, the other two don't, and it all resets and happens again. That's going to happen in a bunch of this very startup unicorns.

Be careful with companies that become large trying to build a sales force, can't get there, and it ends badly. I think we've seen one end badly recently and just be careful of that. The marketing hype eventually has to pay the bills, and eventually venture capital runs out. Where's the safe haven in cyberdefense? Symantec's a very large company, profitable, solid cash flows and growing. When you find a company like that that has the best products anyway, it's often good to not take that necessary risk.

How does that tie into acquisitions? What is Symantec's strategy or benefit there?

I think we've demonstrated to the industry over the last number of years that we're a good acquirer of the next generation. … We take long-term platforms. We invest in them. When new things come up that are important, we're usually there.

What do you think the security vendor landscape will look like in five years? Who will be at the top?

It consolidates. … Who are the consolidators these days? That's a good question. I think the big multiproduct, multinational security firms are trying to become [relevant] again, sort of what's been happening at Hewlett-Packard and IBM and stuff like that. There's a new guard now, put it that way. I think the consolidators are Symantec and maybe just a couple of others. … I think you need the profitability and the balance sheet heft to be able to do it. … Outside of Cisco, we're really the only one that's got it. If we really took a step back and we were really honest with that discussion about who could do that -- Who's got the balance sheet, and the cash flow, and the critical mass, and the global sales force, and the channel? Very few. … The channel is extremely important. Companies don't have security professionals in the midmarket. They can't retain them. They've got a couple. They need a vibrant channel to make it work. We understand that. We're very supportive of that.