A chat with Thompson

In an exclusive interview, Sean Robson catches up with John W. Thompson, CEO of security and storage major Symantec, to discuss the company’s recent successes, future plans, and how it is working to achieve its global goals.
A chat with Thompson
By Sean Robson
Sun 16 Nov 2008 04:00 AM

In an exclusive interview, Sean Robson catches up with John W. Thompson, CEO of security and storage major Symantec, to discuss the company’s recent successes, future plans, and how it is working to achieve its global goals.

You have gone from being a simple security company to a firm that offers a  range of diverse products and solutions across the board. Do you feel that you may lack an overarching message?

We are quite clear that our business is about helping our customers secure and manage data in an extremely information driven world. As such we have technologies and services that support this theme. Now, do we have solutions and products that do other things? Yes, but we do not try to say, well we secure and manage and do this and do that. It's just too complicated. Do we worry about our fault tolerant, high availability business?

We wanted to be able to aggressively move into the software as a service, or on demand, cloud-based services market and had started that.

Absolutely, it's a half billion dollar business for us but it does not need to be visible in some overarching statement about what we do. However, our sales force needs to be clear about where it fits in the overall strategy and able to articulate its value to customers.

Do you have any plans or strategies going forward as you look to continue your dominance of the market?

We wanted to be able to aggressively move into the software as a service (SaaS) or on demand, cloud-based services markets and we had started down that path with our own organic activity.

By acquiring MessageLabs we are making a real statement of intent, we are putting US $700 million on the line to be a real player in the market and are doing it by acquiring the number one player. If you see anything in this it is not only the strength of our resolve to be in the market but also a continuation of our track record in buying the best property in the space.

Symantec has shown increased revenues and profits over 2008 and the first quarter of 2009. Are you anticipating that this growth will continue at the same rate or even increase, especially given the current state of the global economy?

What we have said is that our long term growth model for the company is in the range of 8-12%. We take half the free cash flow from operations and plough back into share repurchase. Right now that amounts to between $800 and $900 million a year.

We will take the other half of that cash and use it for strategic mergers and acquisitions to drive top-line growth. We would expect to continue to manage cost and expense really very closely particularly during challenging economic times and simultaneously have our margins expand by about 100 basis points a year.

This is the model that we think makes enormous sense for this company given the scale, capability and size of its portfolio, and while there might be some opportunities to grow faster than that in some years, and slower than that in other years, it does not change long term what we think the company should be able to do.

Are there any specific global challenges you have identified as you look ahead?

I think the single most significant challenge for us is making sure the world, our customers and our partners understand what it is we do. Because we have achieved this scale fairly quickly through a series of acquisitions it's still somewhat of a mystery to some people as to exactly what Symantec does.

I am always amazed that people, even four years after we bought Veritas, don't know that we do back-up and recovery. They don't know that we do high availability server management; they don't know that we are the leader in enterprise-level virtualised storage environments.

They don't think about Symantec in that space because they have us in this pigeon hole of ‘that's the anti-virus company'. Even on the security side they don't know that we do data loss prevention, they don't know that we have market leading spam filtering capability and there are many more examples.

So our challenge is to make it very clear and visible as to who we are and what we are capable of and in such a way that our team and our channel partners can sell more of our products and services.

It's about messaging and communicating. As hard as we try and as many times as we say it and think we have said it too many times, we still need to say it again and again.

With the many acquisitions that the company is making, there is a growing belief that Symantec could grow into an unwieldy and inflexible corporate giant, like IBM or CA. How do you prevent this?

Well, firstly, we are already bigger than CA, we are about one and half billion dollars bigger than they are. And we are nowhere near the 100 billion dollar business that IBM is, so I am not worried about catching them anytime soon. I wish I had that problem, however, because I think what our customers want is to do business with a provider that can give them a range of capabilities, that can go both deep and broad.That is the way we have been trying to fashion our company. We want to be deep in certain technology areas and broad enough that we have a legitimate first hand seat at the table as they start to think about how they want to use IT, and how they want to use security and storage management solutions.

I think that these challenging economic times are going to cause some of our customers to pause and say, ‘are there consolidation opportunities for me to standardise my technology with a single provider and reduce the number of providers that I have?'

That bodes well for the bigger more robust software companies as opposed to the small ones so I don't see any issue at all with Symantec becoming bigger because I think that serves the interests of our large customers quite well.

I think the single most significant challenge for us is making sure the world, our customers and our partners understand what it is we do.

Which nascent segments or market spaces do you anticipate will become the next big growth area for Symantec?

We haven't given specific segment guidance or details but we have said that our core businesses like end-point protection, basic back-up, high availability and systems management ought to grow on average at about 6% to 8%.

We have some businesses that are very high growth businesses that we need to scale out. Our archiving business, our data de-duplication business, our compliance business, these are businesses that are growing 25% to 35% or even higher in some cases and so we need to feed more resources to them.

This may mean allocating more people to help sell or install or service the products, or even quite frankly involve more marketing money to get better visibility on those products in the market place.

We have some emerging growth areas that over the three to five year horizon should be able to scale up to become multi-hundred million dollar businesses. These include SaaS and cloud-based services; we would argue, just for clarity's sake, that cloud-based services is about what you do for consumers, while SaaS is about what you do for corporate and government users.

The other possible large growth area is around virtualisation, particularly at the end-point, at the client-side device, and we think that those represent huge opportunities if we execute well, primarily on the organic investment front at this point. By complementing it with a little marketing and advertising we should be able to do well.

In terms of emerging markets and specifically the Middle East, do you have any particular goals and strategies in place?

Well, in Europe we have organised ourselves up to the point where we have a leader whose sole job is to focus on Russia, the Middle East and the classical emerging market countries, if you will, in EMEA. We have been investing pretty heavily in the Middle East of late. As a matter of fact, if you were to look at it from a ratio basis of expense to bookings then it's a bit behind but we are doing that because we want to invest in order to prime the pump, so to speak.

I was just with one of our very important Middle East partners today, and he was very complimentary of all the investment we have made, but now I am anxious to start seeing the results.

Are you anticipating that sometime in the future revenues from emerging markets could catch up with and even exceed the revenues from more established markets?

There is no reason why that, at some point in time, we should not have revenues from the Middle East that exceed the revenues from the more established smaller countries here in Europe. Revenue from India or China could even grow to exceed some of the larger countries in Europe. That will however only be achieved by staying focused and so it's as much about finding the right people to help us represent ourselves in those markets as about anything else.

Last year, you discussed the trends that would dominate security in 2008. Have these trends played out and what effect has it had on Symantec's role in the market?

We think the model where the attackers are trying to steal personal, sensitive and confidential information is real and is here to stay. Organisations, therefore, should not ignore device protection or network protection but supplement that with better information protection.

We think that as they contemplate  how they want to do that, they will want to do it with a company that lives in both worlds. Symantec lives in both worlds, in the world of device and network protection as well as in the world of data or information protection.

We probably bring a stronger view to the table than anyone else in the industry. It has been interesting to watch quite frankly how EMC, one of the largest storage firms in the world, conclude that they need to get into the security business. We were the largest security firm in the world when we concluded that we needed to get in the storage business.

So there is this inevitable collision likely to occur between the two companies as we appear to be executing strategies that are very similar. What are the trends you expect will affect the global market in the near future?

I don't know that trends change all that dramatically. I talked a little on some new global trends during my key note speech. Some of the major ones among them include the change in the threat landscape towards information and devices, the ‘consumerisation' of information technology, the trend of moving back-up tape to disk easing a number of administrative burdens for enterprises, and finally, the movement towards green IT.

These are all new global trends that we believe you can see playing out. Some are further developed and are starting to gain traction in the marketplace at a quicker pace, like the movement of the back-up process from tape to disk.

But then you get a broad trend like the ‘consumerisation' of IT; it is going to take quite some time for it to unfold. The conundrum is you will know that you are there when you get there, but you don't know how far you are from where you sit.

Following the Veritas acquisition, many employees in the established markets began to fear for their jobs, and still do if one looks at the plethora of websites devoted to the subject. Is this fear prevalent worldwide? How did Symantec allow this situation to develop to this point? What are you doing in order to address this?

You can't keep everyone happy. In an organisation with between 17000 and 18000 people invariably there will be someone that is not happy about something I have done or something that we are doing. Quite frankly, as we brought these two companies together we had to be,  and continue to remain, ever vigilant especially regarding our performance.

If you are in a unit and the unit is performing well and you are performing well then you should reasonably expect that you will always have a job here. However, if you are in a unit that is not performing well and at the same time you are not performing well you should also expect that you will not have a job here.

It has been interesting in having to raise the awareness of people by saying, ‘look what you are doing is important but maybe not as important as some other things that are going on in the company'. As we look to manage our cost structure in a way that is more responsible towards investors we may not need you to do what you are doing. That is candidly just good management and not about people being unhappy or whining, but what we have to do to run the company.

In terms of the newest trend, green IT, are you seeing significant traction?

We think that there is a lot of interest amongst our customers on how they can become more responsible corporate stewards. How can they do things within their infrastructure that as an aggregate end-result reduces their carbon footprint? But in the near term, right now they are asking, how to do things that essentially lower the costs of running the datacentre. The power costs, the cooling costs and all of those things related to datacentre management.

I think we have a great toolset to help customers with that. It's a great entry call. The point is that green IT is a great opportunity to spend a lot of time with customers talking to them about something that is top of mind, not just because it's the right socially responsible thing to do, but also because it can help them take costs out of running their operations day in and day out.

We have been very aggressive in publishing our own aims and goals around reducing our carbon footprint. What we have said is that we would like to reduce our carbon footprint by 15% by 2011. We have not seen another company as aggressive about reducing its footprint.

We are using our products and technologies to drive us towards that as it relates to the IT environment at minimum. So in that there is a significant opportunity for us to share those experiences and successes with our clients.

Symantec launched a host of products over the course of its Vision conference. What are your thoughts on these new solutions and the value they bring to the market?

Each of the products we have released this week is in its own right a great follow-on product to a successful prior release. Brightmail 8.0 follows a very successful Symantec mail security 8300 appliance. Vantu 9 follows a very successful Vantu 8 and it integrates some of the client management capabilities from Altiris and other acquisitions.

It takes advantage of some of the things our customers wanted to see us do in the product so that we cannot only do data loss prevention when you are online but also do it offline; so that you eliminate the ability to cut and paste and copy and fax and all the other things that allow data to be moved from your device to some other medium.

We have already announced our plan to integrate our Symantec endpoint protection capabilities with our Altiris management suite. It's called the Symantec protection and management solution. We announced the brand new release of our clustering technology, Veritas cluster server one which is focused on how you manage both the physical and virtual environments around VMware and Xen and what have you.

It's just a great set of product releases that are leveraging the strength of our installed base to deliver to our customers even more value, and hopefully have them continue to pay us more and more each year. We are very positive about these products.

For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Subscribe to our Newsletter

Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.