Coming off a good quarter for Symantec's consumer businesses, CEO John Thompson warns against viewing Windows Vista as a solution to security woes.
Symantec ended 2006 with three months in which revenue for its consumer business grew 24 percent year over year. The company is planning to release its new flagship security tool, Norton 360, in the coming weeks and has a new identity management product, Norton Identity Manager, lined up as well.
On the enterprise side the news isn't that rosy. Symantec has also revisited its plans to enter the identity management space and ceded to the many players already on the market. Identity management software identifies users of a system and controls their access to resources by associating rights and restrictions with a particular identity.
There are vultures in the sky over Symantec. Along with Microsoft, technology giants including EMC, IBM, Oracle and Cisco Systems are eying parts of Symantec's business. Thompson, however, in a recent interview with CNET News.com, said his company is fearless, though it may need to execute better on its strategies.
Q: Have you installed Vista?
Thompson: No, I have not. I see no need for it for what I do online today. The machine that I use is the one provided by our company, and we have not made a commitment to migrate to Vista and therefore there is no reason for me to use Vista.
Microsoft says you have to buy Vista because it makes you much safer online than XP, or any of its previous operating systems. Do you believe that?
Thompson: Consumers should not be confused. Vista is not a security solution. Vista is an operating system, and Vista provides some very important advances from Microsoft's perspective and for the industry's point of view on building a more stable, more reliable, more secure operating platform, but people still need the efficacy that comes with the products that Symantec and others in the industry build, and so we should not be confused by the marketing rhetoric with what Vista is. It's a hopefully much better product than XP or any of its predecessors, but it's not a security solution.
Antivirus and firewall products, which you sell--they're considered a first line of defense, but they're also considered outdated. Are you keeping up with the times?
Thompson: It would be naive to say they're outdated. Locks were invented for doors in the homes that we live in many, many years ago. They're no longer the last line of defense, they are the first line of defense, and people still buy more advanced locks, hence more antivirus, more firewalls. As the value of the assets that you have in the physical world goes up, so does the need to change the protection that you put around those devices, or those assets. And that is clearly the case in the digital world as well, and so antivirus and firewalls will continue to be the first line of defense. We'll have to be smarter about delivering new capabilities and new functions there for proactive defense as opposed to reactive defense, but you'll also have to layer other kinds of technologies on to deal with new threats around fraud and identity management and all of those.
You've said that managing user identities is one of the most pressing challenges that face enterprises today. You've said that identity management is in an area where Symantec might acquire a company. Where are you at when it comes to that?
Thompson: Identity management has to be parsed based upon whose identity you are trying to protect. At the corporate level, there is no shortage of solutions that corporations have tried to deploy for years to solve this identity management problem, so I just don't think that's an area where Symantec should expend its resources.
However, on the consumer side, I think there is more that Symantec can do with its broad consumer client footprint that would allow us to deliver an identity management solution that would give consumers confidence in their online experience. So we'll concentrate there.
It seems that your position on identity management has changed.
Thompson: Yes, a year or so ago we were really studying the opportunity, and we looked long and hard at what our entry point would be. And we looked at a number of technologies that we had in our own portfolio or things that we could acquire, and when we kind of stepped away from it and did the customer validation side, what customers said was, look, we already have something, we haven't fully deployed it, we haven't deployed it because the management of the key infrastructure around identities is so complex, and so we don't need help there at all.
Yet when you go and you ask consumers: "What are you worried about?" They're worried about phishing, identity theft, online fraud, all things that are undermining their confidence in doing more and more online. So we think there's a place where we can make a difference.
At the Demo conference recently you showed off an early version of a product called Norton Identity Manager. What is the purpose of that product?
Thompson: The Norton Identity Client is focused on the idea of helping a consumer have, let's say, single-use credit card numbers where they can go to an online site, facilitate a transaction, but not have to worry about having their credentials visible to the world at large. It's a one-time use phenomenon. Or being able to validate a site as being a legitimate site, knowing that the bank or the e-tailer that I'm interacting with is who I thought I was interacting with.
When I read some of the description of Norton Identity Manager it also made me think of Microsoft Passport. You suggest people use their Norton accounts to pay for online shopping, for example. Passport failed. Is Norton Identity Manager different?
Thompson: Well, there may be some techniques and technologies that are similar, but I think there are two fundamental things that are different. One, it's a different moment in time. When Microsoft attempted Passport the market wasn't quite ready for that. People didn't perceive that there was a problem that needed to be solved by Microsoft. Two, and perhaps more important, they didn't trust the company that wanted to offer the solution. So technology without trust is going to flounder, and that's what essentially happened with Passport.
You just ended a disappointing quarter, yet your consumer business appears to be very strong. How come that's going gangbusters?
Thompson: We've always had a view that it's always difficult to compete with Microsoft's marketing. It's much easier to compete with their products, and I think that's reflected in the performance of Norton Internet Security in the marketplace right now. It's a terrific product and it's cleaning Microsoft's clock around the world as well as others in the industry as well.
You've mentioned Microsoft as one of the big guns and you've also said Oracle, IBM, EMC, Cisco have all awoken to the reality that security is an essential element of today's business. Do you have any fear that any of these big guys are going to take your business?
Thompson: Fear? We are fearless at Symantec! The notion that somebody who doesn't have the same experience that we have, that doesn't have the same human capital invested in the security world that we do, doesn't have the strength of its relationship with customers and partners around the world, or doesn't have the technology portfolio that we do, can come in and take this away from us--I don't think that's the case, and therefore there's no reason for us to be fearful of anyone. If anything, we need to sharpen our own execution to make sure that our missteps don't create openings or opportunities for competitors that we created as opposed to they created.