At the end of 2004, Symantec Corp. and Veritas announced that they would merge, bringing together the leaders in independent security and storage software. Today, Mark Schlack, vice president of editorial for TechTarget's Storage Media Group, got a chance to sit down with John W. Thompson, chairman and CEO of Symantec, at Storage Networking World, to talk about the implications of that merger for storage managers.
Storage Media Group: Looking at Veritas' history and where you might go with them, is there an opportunity you see that perhaps they didn't see before the merger?
Thompson: We had a similar view that data is the critical asset that a business has today. And as such, you need to not just store it, but protect it, ensure its availability, ensure its integrity. Hence, marrying security and storage management technologies are a natural evolution of both of our businesses.
I think there are some things that we have in our portfolio that could be helpful and complementary to Veritas, particularly around our alerting infrastructure. We have an enormous asset base around vulnerabilities and network attacks. You can think about the notion of using that to trigger real-time or dynamic backup, to trigger storage or server provisioning or reprovisioning actions. Those are all things that would be a wonderful bolt on or addition to the Backup Exec/NetBackup suite of products.
Storage Media Group: How strong a proposition is this idea of integrating storage and security management?
Thompson: We obviously think it's a damn good idea!
Storage Media Group: Let me ask it a different way. Is this merger about creating a company with a broader portfolio or do you really expect this integration to occur at the customer level?
Thompson: The answer to both questions is yes. Let's be clear: The resulting company will be a $5 billion company growing at more than twice the rate of any software company above $3 billion. It'll have global operations in 40+ countries around the world. It'll have 4,000 engineers, almost 4,000 people in sales and systems engineering. So it will be a company of some scale and hence, oh by the way, has leadership positions in both storage and security. So we start from a platform position that's pretty damn strong.
The question becomes, what do we do with it from there?
I do believe that in today's environment, where information must be more accessible to those who have to have it, the security problems are more paramount than ever before. The fact that companies opened their electronic doors and the Internet became a business tool, that's not a proposition that the economy around the world is going to go back on...How do we manage, in a controlled and disciplined way, access to the most important asset any business has, and that is its information.
What are the two fastest growing segments of the IT industry? Security and storage management.
What are the two items that CIOs say are their highest priority? Security and storage management.
So it's inevitable that these things will come together.
Storage Media Group: Who are the two groups of people in IT who have never even met each other?
There are inflection points in markets around the world that have to be dealt with -- some driven by technology, some driven by user demand. I argue that this is a convergence that's driven by both. In many instances, the users on neither side recognize the opportunity. They see the problem…but they're so siloed they haven't quite stepped up to "Gee, I have to think differently about this."
Slammer was the "Aha!" event for us. Slammer changed the way we did IT inside Symantec. We moved our CISO [chief information security officer] from worrying about operating the firewalls to worrying about security policy and security practices and security compliance. We asked the operations staff to worry about how well deployed, and how well managed the firewalls were…We moved the operational things around security to operations staff where it belongs and forced them to become more security conscious, and elevated the role of the CISO to be much more focused on risk management and policy compliance. That's an issue that I think financial service institutions, in particular, have come to grips with. I don't think many others, unless they are very, very data-intensive businesses, have reached that "Aha!" point yet.
Storage Media Group: Close the loop for me here. In doing this at your own company, where did the storage part come in?
Thompson: Storage was managed by operations all along. We collect enormous amounts of data about online transactions and customer buying behavior, and so on. We never really thought about it in the context of it being married to security, but we did start to think, gee if that data got compromised in some way, we could find ourselves, the trusted security company, being not so well trusted. It would be an enormous, enormous impact to our brand.
So this notion of operations being responsible for security is a critical part of how we control the information access of our company.