April 08, 2009, 3:55 PM — Enrique Salem, who this week took the reigns of Symantec Corp., spoke to a packed hall at Storage Networking World about his company's plans to focus on technologies like thin provisioning and data deduplication, which can help companies better utilize the assets they have in order to stave off purchasing more hardware. Computerworld Editor-in-Chief Scot Finnie and Storage Editor Lucas Mearian sat down with CEO Salem at SNW to ask him about his vision for Symantec, what IT security threats may lie ahead and how the recession is affecting the high tech industry.
How is the economy affecting demand for security products and services? How are enterprise customers prioritizing their security spending in this economic climate? Security is something you need all the time, independent of the economic environment. We found people continue to buy security because they need to protect their information. So we think security continues to do well or better than other sectors in tech spending. What we're hearing about budgets, though, is that they're going to be flat to down in this fiscal year, but we do think security will be more resilient.
Does that make your business or parts of it recession proof? I don't want to go that far, but I will say that security will absolutely do better in a recession.
What do you see as the most important trends in IT this year? Virtualization continues to be a hot topic. I know we've been talking about virtualization for several years, but it's not just server virtualization but it's also storage virtualization, [and] end-point virtualization because you can drive real efficiencies. Another trend is software as a service. We absolutely believe that people are going to think about their core competencies. What are the things they have to be good at and what can they allow other third parties to take advantage of. We expect at Symantec that 20% of our business over the next five yearswill be delivered as a service.
Another important trend we see is something we refer to as the consumerization of IT. The workforce is changing and the people coming to work every day are bringing new devices. I think IT has to start thinking about how to embrace these new technologies. Everything from your iPhone to social networking technologies that I think will start changing what we do inside of organizations.
What are Symantec's biggest enterprise challenges over the next year or so? Symantec has grown through acquisitions. We went from being a $600 million company in 1999 to a $6 billion company today and we've done that through about 30 acquisitions. What we need to do is continue to drive the integration of those technologies because our customers don't want point products. They want integrated security suites. We need to do a better job of continuing to integrate our technologies.
The other thing I think is important is in this environment everybody is interested in how do you get very quick ROI. So from a business perspective we have to be able to show our customers how any investment they make they gets a return during the same fiscal year. The notion of a multi-year return is out the window.
Same question about your consumer business -- what are your biggest challenges? I think our consumer business has shown an incredible ability to be resilient. Consumers need to be able to protect their PCs, and one of the things that has happened is people are worrying about the disconnect between the price of the hardware and the price of security software. People will continue to pay for security. When you go online, you want to be able to protect your identity. When your kids go onto a social networking site, you want to protect them there.
What opportunities, if any, do SaaS, cloud computing and open source offer Symantec? When you think about cloud computing and software as a service -- we define them very specifically. Cloud computing is renting infrastructure -- MIPS storage and so forth -- and we think software as a service is delivering an application into an environment. Our focus is more on software as a service. How do we help our customers do a whole range of things - everything from filtering their e-mail, to archiving ... to encryption that has to be delivered as a service? Customers will absolutely say I don't want to have to have a staff that's trained on managing this infrastructure. I don't want to worry about adding more storage infrastructure. I just want somebody else to take care of it for me and allow me to focus on my core competencies.
What do you see as the biggest threats facing enterprises and end-users over the next 5 years? It's absolutely threats to stealing confidential information. Most security professionals have known for a long time that the real threat, while hackers are a danger, is insiders. It's people who have credentials to access confidential information.
From a consumer perspective, it's everything from how do I protect my identity online, to how do I backup my data because I'm creating more digital content.
Gartner has said that companies that deliver antivirus, antispam, antiphishing and intrusion-detection products could be in trouble in years to come because of increasing commoditization. Do you agree?
They're wrong. The threats continue to change. Last year, 650 breaches, 35.5 million records, $200 per record that gets stolen. A lot of that's coming through malware. A lot of threats live on machines that are going undetected. I think as long as there are bad people with criminal intent, there'll be a need for new and innovative ways to protect against those threats.
Why is it that Symantec's Peter Norton line has left so many users dissatisfied? If you look at the Norton products today, we have 56 million active customers. We have done a number of things to make sure we'll continue to serve their needs. The things that customers have told us historically are they were worried about the performance the security software had on their computers. They believe they need security, but they were worried about the tax. In the last version of Norton Internet Security 2009, we made 300 improvements. We've done a phenomenal job. It installs in less than one minute, and uses less than 10MB of memory and 100MB of disk space. Customers are very happy because we are listening to the big issue they had.
Does Symantec have any intention to upgrade Partition Magic? We do a lot of work with technology we call our Backup Exec system recovery technology, but as far as managing partitions that's probably not one of the biggest priorities for the company. I think where the market it headed is system recovery.
Microsoft is promoting the idea that vulnerabilities are mostly in third party code, not its code. Is that how Symantec sees it? Microsoft puts out patches once a month - patch Tuesday. And that hasn't slowed. So I think any piece of software is as susceptible as another piece of software.
But wouldn't it make more sense for people just to move to Linux or a Mac? Every operating system will have some vulnerability. [With] Linux all the source code is public. That cuts both ways. One way it cuts is a big community can fix the problems, but then hackers can look at the code and try to identify the vulnerabilities. It's much easier to find the vulnerabilities when you have access to the source code. I do see both of them are continuing to gain market share and I think both Linux and the Mac will become bigger targets. We're already starting to see the Mac platform as something that needs to be as protected as the PC platform.
Symantec purchased Revivio, then later Mendocino, for continuous data protection IP. Since those purchases, what have you done with the IP, and perhaps more importantly what's your strategy around heterogeneous data replication in general? Given that data volumes are growing so rapidly, people are not able to complete their backups during their backup windows. So you have to change your approach. Two technologies are being rapidly adopted: one is the idea of deduplication and going to disk. The other is continuous data protection. NetBackup 6.5 allows you to support continuous data protection and also the move from tape to disk. We also think that you should be able to back up to disparate types of storage hardware. The ability to work across platforms is very important to our underlying backup strategy.
Your products traditionally have been focused on tape. With disk-to-disk backup becoming so popular, what's your plan to automate the movement of data off those virtual tape libraries and secondary disk arrays to tape? NetBackup is a core platform for backup and recovery. We've created an API called OST. It's an interface that allows us to work with virtual tape library vendors to integrate our backup technology with their VTLs. So we'll continue to extend that interface.
When do you expect to offer deduplication through your PureDisk procut to the SMB market in Backup Exec? We've integrated the deduplication technology into our NetBackup platform and we're expecting to do the same with our Backup Exec technology which should be available later this year.
How is Symantec addressing thin provisioning in its backup technologies? While Veritas Volume Manger addresses that in part, how are you addressing the larger issue of reallocating storage once thin-provisioned volumes have been moved off to tape or secondary disk? We created in Storage Foundation the smart move functionality that allows us to move the utilized blocks more efficiently without any knowledge to the applications. The second thing we've done is we created what we call the thin reclamation API. As applications delete information, you want to make sure the underlying hardware, the arrays, know that storage is available.
Is that just a matter of Symantec getting third party software and hardware vendors to write to that API? We work closely with companies like 3Par and we've also been working with all the various hardware vendors on how to use the thin reclamation APIs.
Have any of the large vendors signed onto that? We haven't made any announcements yet, but we see a couple forthcoming.
Do you plan to fully integrate NetBackup so that it can handle disk arrays, clusters, virtual environments and tape backups in the future? The different types of storage media are critical for us to work with, and so we will continue to extend the types of targets where data can be backed up to. It's a matter of time and priority. It's all driven by what our customers are telling us. Expect to see Symantec invest in more types of media.
One problem with creating a data retention policy is that without a good data classification tools, companies can only base policies on crude metrics. Does a good data classification scheme rely on software and automation, or on business executives who determine what gets saved? Success here is through automation. So we're investing in improving that classification. We're working with a range of people both on the infrastructure side and with the folks who've done work with data classification. In the interim some user involvement is required.