Symantec CIO David Thompson talks ERP, security

Enterprise resource planning implementations are never easy. In fact, it's the equivalent of corporate open heart surgery. And often there's a financial hit if things don't go well.

Symantec recently discussed a few hiccups in its ERP deployment that hurt the company's quarter. The company was combining two instances of Oracle 11i, rolling out a new product line and asking all customers to verify their license code online at the same time. The lesson: Don't do too many things at once.

To its credit, Symantec has been open about the issues, which have been resolved. ZDNet spoke with Symantec CIO David Thompson, about the lessons learned about ERP. And he has a few since Thompson had been the CIO at Oracle and PeopleSoft before coming to Symantec. Here are some of the highlights (the full interview is the podcast):

Thompson on the ERP project: When he joined Symantec he inherited a planned ERP consolidation of the systems acquired from Veritas. The good news: Both Veritas and Symantec ran on Oracle 11i. The bad news: Both systems were customized. Why? Turns out ERP systems generally don't handle software licensing well without customization. Thompson said most of the heavy lifting revolved around customizing the system to handle licensing. That fact isn't too surprising to anyone that has tried to compare various licensing agreements from software vendors--no two licensing models are the same. "We had light to moderate customization," says Thompson. "ERP is geared toward distribution."

Thompson on business processes: The ERP system went live Nov. 7, which was a few days ahead of schedule. "From an IT technology perspective we were pleased with results," says Thompson. However, business processes designed to have all customers--mainly from the Veritas side of the business--input licensing codes online caused problems. Generally, Symantec requires licensing codes to verify compliance with agreements and prevent counterfeiting.

At the same time, Symantec upgraded its licensing portal and rolled out new Net backup products. "A portion of customers were not used to having license codes. We also distributed upgrade to customer base," says Thompson. "That led to increased call volumes."

The lesson learned: "When you have a business process change don't throw out upgrade at same time," says Thompson.

Thompson on reducing risk: It wasn't like Thompson never consolidated ERP applications. He did it at both PeopleSoft and Oracle. Given that experience, he knew risk management was critical and so called "big bang" projects are a myth. As a result, Thompson broke a year-long ERP implementation project into seven phases. "My focus was to reduce risk," says Thompson.

In general, that approach meant that any part of the project that touched customers came last. The phases, which began a year ago, were:

• Upgrade infrastructure and hardware.
• Deploy trade compliance. Symantec products face regulations over where they can be sold.
• Simplify and cut SKUs from both companies internally. These were reduced from 6 million to 400,000.
• Consolidate infrastructure and create one instance of Oracle 11i.
• Launch a new portal for partners to get product information.
• Roll out new license code system and new buying programs for customers so they could purchase applications across Symantec.
• Help smaller channel partners that didn't have the IT heft to update the new Symantec SKUs. "We simplified the business, but our partners and distributors have to take new SKUs. (Smaller partners) didn't have the IT skills." The solution: Symantec deployed its staff and contractors to help. 

Thompson on returns: Symantec has cut costs on trade compliance and garnered better performance from new infrastructure and decommissioning older hardware. Other benefits were better data sharing with partners. No hard figures yet.

Thompson on services oriented architecture (SOA): Symantec sees SOA as part of the plan in the future, but it isn't ready for prime time. "It looks promising in the future, but it's not a core thing today," says Thompson. 

Thompson on security: What keeps Symantec's CIO up at night? "Staying ahead of zero day vulnerabilities," says Thompson. Symantec uses its own security software and Thompson knows the reputation hit that would ensue if the company had a big security issue. Big worries include protecting customer data and the threat of mobile devices on the corporate network.