Symantec Focuses On Policy Management, Compliance

The need for companies to develop infrastructure policies to protect against threats originating from inside the corporate network is growing, Jeremy Burton, Symantec’s senior vice president of enterprise security and data management, said Tuesday at the vendor's Partner Engage 2006 event in Palm Desert, Calif.

"The risk of attack from within is a new area of [concern] for organizations," he said. "We have to get more into the business of security of inclusion, protecting [networks] from the inside out."

Companies also face a risk from not having clear-cut policies to ensure compliance with regulatory measures such as Sarbanes-Oxley, according to Burton. "Even if we are stopping hackers, we have to change the game from endpoint protection to endpoint compliance. We're getting much more proactive about managing the endpoints on the network," he said.

Symantec's 2005 acquisitions of Sygate and Bindview brought endpoint compliance and policy compliance into the Symantec portfolio, and their technology will help solve a huge part of the IT compliance puzzle, Burton noted.

"If you don’t have a compliance story, learn how to tell one," he said. Another key area of focus for Symantec is enterprise messaging management, and the Cupertino, Calif.-based company expects it to be the next billion-dollar opportunity, he added.

Brian Okun, director of marketing at Chips Computer Consulting, a solution provider in Lake Success, N.Y., said he hasn't had much experience in IT risk management, but it's an area he will soon be focusing on.

"The whole IT risk story is new to solution providers in the midmarket,” Okun said. “But the best practices Symantec is outlining in corporate compliance and messaging management will eventually filter down [to the midmarket]."

On the services front, Symantec plans to provide consulting services that will include training partners to deliver services and technical support to customers on behalf of the vendor, according to Greg Hughes, executive vice president of worldwide services and support. Symantec's services business now accounts for 4 percent of its revenue, and "that should probably be in the neighborhood of 10 percent," he said.

There’s a "significant opportunity" for partners in providing services around Symantec's Enterprise Vault product, Hughes noted. For example, partners can develop and fine-tune policies for customers and help them handle situations in which they need to find and produce information for use in an audit, he said.

"What's interesting about Enterprise Vault is that the services opportunities are going to be much higher than any other infrastructure areas we are involved in," Hughes said.

Okun said he plans to emulate Symantec's approach in shaping his own services business. "It's not about just sending someone to a class. You need to understand the scenarios and best practices," he said.