'Security for mobile devices represents a great opportunity for us'

Riding on the concept of 'Confidence in the connected world', digital security solutions major Symantec is growing rapidly and expanding aggressively. Symantec is making big investments in India in terms of manpower and intends tapping a larger pie of the Indian security solutions market. The company has recently launched its second R&D facility in India, based out of Chennai. The new innovation center will accommodate 1,000 employees who will compliment the company's existing center of innovation in Pune, which has 2,100 employees. The Chennai center will play a significant role in developing innovative products and services across Symantec's portfolio and focus extensively on developing next-generation Security 2.0 products, including the famed Norton product line.

Symantec's chairman and CEO, John W Thompson, was recently in Chennai to inaugurate the company's Chennai center. Thompson has grown Symantec from a small consumer software entity to a market leader for security and availability solutions aimed at helping customers to manage their digital assets. In September 2002, US President, George W Bush, appointed Thompson to the National Infrastructure Advisory Committee (NIAC) to make recommendations regarding the security of US' critical infrastructure. In an exclusive interaction with Dataquest, Thompsontalks about Symantec's role in enabling customers to proactively manage their digital assets, whether it is desktops, notebooks, servers, storage or mobile devices. Excerpts

How do you feel about visiting India?
Every time I come here, I see incredible growth and vitality. Our company is much about access to talent. In India, our employee size grew by 30%, against the overall company's HR growth of 11%. This speaks of our commitment to the Indian market. Expanding into any country is indeed a challenge, and India is no exception. The first premise is in finding an answer to: How do I get established as a part of the local operating environment? And to attain this, we need access to people who can influence outcomes that will help move our business value. So, we took help of the local government and other partners who made this center possible.

Every time I come here, I see incredible growth and vitality. Our company is much about access to talent. In India, our employee size grew by 30%, against the overall company's HR growth of 11%. This speaks of our commitment to the Indian market. Expanding into any country is indeed a challenge, and India is no exception. The first premise is in finding an answer to: How do I get established as a part of the local operating environment? And to attain this, we need access to people who can influence outcomes that will help move our business value. So, we took help of the local government and other partners who made this center possible.

Managing the end-point has indeed become a challenge today. How is Symantec addressing this issue?
Our idea as a solutions company is to un-bundle the complexity coming out of heterogeneity. For instance, if you take the typical data center, it's populated with a range of devices-Windows, UNIX, Linux and their variants. What we do is to take the complexity out: the end-point, historically, is dominated by Windows. However, what emerges or is clear at the end-point is less about platforms and more about what the user is doing. This represents a huge opportunity for us to deliver different technologies, that runs not just on Windows but on diverse devices and OS. For instance, we have just launched Version 5 of our mobile product that runs on Symbian and Windows Mobile. It's more about small form factor devices getting the same rich features of a PC-based environment. Heterogeneity of IT infrastructure represents a great opportunity for us.

Our idea as a solutions company is to un-bundle the complexity coming out of heterogeneity. For instance, if you take the typical data center, it's populated with a range of devices-Windows, UNIX, Linux and their variants. What we do is to take the complexity out: the end-point, historically, is dominated by Windows. However, what emerges or is clear at the end-point is less about platforms and more about what the user is doing. This represents a huge opportunity for us to deliver different technologies, that runs not just on Windows but on diverse devices and OS. For instance, we have just launched Version 5 of our mobile product that runs on Symbian and Windows Mobile. It's more about small form factor devices getting the same rich features of a PC-based environment. Heterogeneity of IT infrastructure represents a great opportunity for us.

What about Mobile devices and the opportunity for Symantec?
We believe that security for mobile devices represents a great opportunity for us. Today, users are migrating from a typical PC-based to a multi-device usage experience. Even in the context of India, huge mobile subscribers added in millions every quarter represent a huge opportunity.

We believe that security for mobile devices represents a great opportunity for us. Today, users are migrating from a typical PC-based to a multi-device usage experience. Even in the context of India, huge mobile subscribers added in millions every quarter represent a huge opportunity.

What is the world beyond firewalls and anti-virus?
The practical answer is in having a larger security strategy. Ultimately, what we are doing is to protect data, and this means a need to move security techniques and technologies closer to where data is managed and manipulated. So encryption technologies-key management technologies-are the ones going to be important, and will assume another layer to the traditional firewall and virus solutions. If you look at the most recent trends, large infrastructure software companies have decided to add security capabilities to their portfolio, which in my mind underscores this notion that security is no longer a watch room, rather it has to be built into the application and the very infrastructure.

The practical answer is in having a larger security strategy. Ultimately, what we are doing is to protect data, and this means a need to move security techniques and technologies closer to where data is managed and manipulated. So encryption technologies-key management technologies-are the ones going to be important, and will assume another layer to the traditional firewall and virus solutions. If you look at the most recent trends, large infrastructure software companies have decided to add security capabilities to their portfolio, which in my mind underscores this notion that security is no longer a watch room, rather it has to be built into the application and the very infrastructure.

Are you saying that enterprises need a risk management strategy?
We certainly think that one should think about IT risk management, and security is one component of that. In the IT risk paradigm the constituents are aspects like security, compliance, performance, and availability risks. Hence, an IT organization must have a strategy to deal with all these risks through a managed strategy. I believe compliance is a very important constituent as industry and the governments' increasingly say that you need to comply with a set of rules and guidelines. So here we enable enterprises to manage security, compliance, and risk.

We certainly think that one should think about IT risk management, and security is one component of that. In the IT risk paradigm the constituents are aspects like security, compliance, performance, and availability risks. Hence, an IT organization must have a strategy to deal with all these risks through a managed strategy. I believe compliance is a very important constituent as industry and the governments' increasingly say that you need to comply with a set of rules and guidelines. So here we enable enterprises to manage security, compliance, and risk.

And, managed security services?
We have a very healthy managed security services business around the world. It's growing at about 20% over the last few years, and our focus here is on monitoring and managing technologies. Our managed services also show the high degree of confidence clients have in our technology and services.

Any product company has to deal with piracy, what are your thoughts here?
I am in favor of any initiative aimed at stopping piracy. Industry and the governments should work together to stop piracy of all digital media. We work closely with an organization called Business Software Alliance (BSA) across the world, and help them and the governments in countries they operate in. BSA is very active in India and I understand that with their initiatives piracy levels in India have come down. My view on piracy is that as long as economies do not have IP-based infrastructure, they do not care about piracy. But India is playing a bigger role in IP creation and working towards stopping piracy.

I am in favor of any initiative aimed at stopping piracy. Industry and the governments should work together to stop piracy of all digital media. We work closely with an organization called Business Software Alliance (BSA) across the world, and help them and the governments in countries they operate in. BSA is very active in India and I understand that with their initiatives piracy levels in India have come down. My view on piracy is that as long as economies do not have IP-based infrastructure, they do not care about piracy. But India is playing a bigger role in IP creation and working towards stopping piracy.

Finally, who creates these viruses?
Well, frankly, I don't have an answer. But what started as kids' games has indeed become big. The point I would like to stress here is the sea change in threat levels. It's no longer just viruses. There are threats like 'phishing' that lead to fraudulent money transfers and identity theft. As a security solutions company, we are providing technologies and services that protect companies' digital assets in all possible ways.

Well, frankly, I don't have an answer. But what started as kids' games has indeed become big. The point I would like to stress here is the sea change in threat levels. It's no longer just viruses. There are threats like 'phishing' that lead to fraudulent money transfers and identity theft. As a security solutions company, we are providing technologies and services that protect companies' digital assets in all possible ways.

Do you think there is a convergence of security, storage, and systems management?
That's the very space we target. We call it infrastructure software opportunity. Systems, security, and storage management-it's a collection of software that sits above the OS and below the application; and customers make huge investments here. And this is the opportunity Symantec is targeting. What we do is take out the complexity and cost out of the IT infrastructure and usher in capabilities to meet compliance also. In the process we are also addressing niche areas like solutions for security threats coming from within. We have recently launched a brand new product called database security that addresses this very important but niche domain. These are extension of our Web-based core security products.