We enable a trusted environment
Shivani Shinde in conversation with Symantec's Bill
Robbins, Senior Vice-president, Asia Pacific & Japan; Eric Hoh, VP, Asia
South Sales; and Vishal Dhupar, the company's Managing Director in India.
Is India a substantial blip on Symantecs radar?
Robbins: The sheer size of Indias economic environment
and the rate at which its economy is growing make it a big market. China and
India are always compared with each other; both are big marketplaces for us,
and we see both these markets as one. The explosion of the middle class in India
is resulting in the creation of a whole new class of digital transactions that
create great opportunities for companies but at the same time also create challenges.
Thats where Symantec steps in by building a companys trusted environment
and helping to ensure that its infrastructure, interaction and environment are
secure and compliant while reducing costs at the same time.
As digital technology pervades all corners of our lives,
has the threat scenario changed for the worse?
Robbins: The digital environment is everything that
connects, be it B2B or B2C. With users embracing a digital lifestyle, things
such as digital cameras are becoming a part of everyday life which is leading
to a corresponding rise in their storage requirements. Consumers place a lot
of importance on backing-up their data and keeping it secure.
There has also been a rise in digital transactions with people buying more on
the Web, taking advantage of online banking. We are also seeing greater usage
of wireless capabilities. Mobile devices are being used for transactions rather
than just for communication; we think that this trend will also hit other parts
of Asia, and that people will start using their mobile phones for bank transactions
or purchasing things. In this way these devices become critical, and therefore
securing these devices from traditional as well as fresh virus attacks is crucial.
We are seeing a shift in the landscape in terms of virus attacks; people are
now asking for protection from phishing, identity threats, etc.
The gap between one virus onslaught and the next is getting
shorter day-by-day. How do you intend to tackle this?
Robbins: This is what we have been working on for the
past 18 months. When we talk about the next generation of online security or
security 2.0, this is precisely what we are seeing, and we rolled out our Norton
360 brand of consumer products in response. We are looking beyond stopping viruses
to also protect consumers from phishing, key-logging, malicious spam, etc.
Hoh: Security is all about intelligence and what is
happening outside your environment. Symantec has collected feedback from at
least 350 million users. We have built products based on this feedback, and
have also been tracking vulnerabilities in almost 4,000 software products. Most
of our users subscribe to Symantecs deep site service which is an early
warning system that warns them of any impeding threat.
Should enterprise security be centred on hardware or software
Robbins: Everyone, be it an enterprise, SMB or individual,
uses or has a software solution, but you deploy these solutions on an appliance
or on a server or on a PC. Software-centric solutions are scalable, and they
can be easily updated. For an SMB an appliance-based solution might be applicable,
but it varies from case-to-case. At large enterprises they do have appliances,
but they also go for pure software solutions. An appliance can be a starting
point, but it is just a delivery mechanism for software
its a simplified
way of installing software on a hardware platform. However, we feel that an
appliance solution makes sense for some customers.
Hoh: Choosing between hardware and software is the
first step. One needs to look at a companys needs and how customers can
be protected from threats, rather than just looking at what hardware to run
on and which area to protect. When we move from the consumer to the enterprise
it differs. In a consumer environment if you implement an anti-virus solution
you feel that you are protected, but you have other threats too. It all depends
on how much of protection you really want. Once you procure a solution it has
to be properly implemented. What we often see in the market is that a lot of
people have looked at security in pieces; from Symantecs viewpoint we
encourage customers to look at security holistically. Thats why we came
up with comprehensive threat management. We are talking about protecting the
environment not just from the gateway or perimeter level but all the way to
the data centre.
Although there are solutions for dealing with external
threats, internal threats are another thing altogether. Does Symantec address
Robbins: When we talk of security we take in all the
levels. Internally they start right from e-mail, which means that the organisation
also covers its messaging management solution to keep out hackers and bad elements.
Along with this a CIO also has to see that all the right things reach the relevant
mailbox. We have a solution that allows companies to implement policies for
all the products, and thus it is policy-driven. We have tools like Sygate that
has data ports on the PCs so that one cannot use a thumb drive and use it to
steal internal information.
Will storage and security get integrated?
Robbins: That has been Symantecs vision. Some
time back when we made an announcement about the same it was the beginning of
such a trend, and we saw analysts and our competitors also acknowledge this.
Its true that solutions today arent bundled together, but thats
what we are working towards. We are connecting our technologies so that we can
provide comprehensive solutions. Some things have already started to come together
on the business side, and we have been incorporating these in some of our products.
For example, we have taken our Backup Exec product and combined it with the
technology from our live stage recovery product to develop a new solutionBackup
Exec System Recovery. This in a way integrates legacy Symantec and legacy Veritas
There is a lot of talk about risk-based compliance. What
is your take on this?
Robbins: IT risk management is the next big step for
organisations. Companies have financial risk in place, which means that they
have policies and processes in place to protect financial assets. But they have
no processes or policies for managing their intellectual property. Risk-based
compliance means managing your information and making sure that it is not susceptible
to loss through fire, flood, hardware failure and the like. You have the business
continuity in place, and then manage the compliance aspect around it to make
sure that you dont have risk. Thus, it is about having a comprehensive
security structure with availability. It matters to Indian companies that have
been listed on Nasdaq as they need to comply with all the related regulations.
Has this concept been accepted by organisations?
Robbins: Its a rapidly growing market, and IT
spend, particularly in the security and storage software segment, outstrips
any other spend. IT spend growth in India last year was 19 percent in comparison
to China, which clocked 12 percent. If you look at the expenditure on security
and storage, it is growing faster than the overall IT figure as companies realise
that it is important to protect information since it has become the lifeblood
Companies are going from I have to comply because these regulations are
mandatory to If I have to do this and if I am investing a lot of
money and resources in this process how do I then get business value out of
it? They are now looking at mining this information and using it for competitive
advantage. We see companies going from this is a necessary evil
to lets get a tangible share value out of it.
Within organisations the thought process usually runs
that compliance is a CIO problem. How does Symantec assist them?
Robbins: Some companies have point solutions, and
through these they can address archiving compliance or end-point compliance
issues. However, they cannot address all the compliance issues across the spectrum
that a CIO faces today. We enable a trusted environment.
A business requires a trusted environment to deal with its supply chain, customers
and distributors, and IT has to deliver this trusted environment. Symantec enables
CIOs to deliver the environment in a way that is cost-effective, reliable and
drives complexity out of the business.
This is especially significant in India as companies here are looking to grow
exponentially. They are looking to grow at 40 percent a yearor double
that. These are grand dreams, but to realise them you need scale, and for that
you need to minimise complexity and maximise consistency. We are focussed on
the compliance side, and have policy management products such as Bindview, Sygate
for end-point, and products like Enterprise Vault for archiving and e-mail policy.
Companies can leverage our intellectual property through our consulting partners.
We have over 1,000 consulting partners worldwide, with 150 in APJ alone, and
we are hiring rapidly as companies are coming to us and saying that this is
not their core competency. We can do this through products or turnkey consulting,
or in some instances we are also doing strategic outsourcing where we take some
functions on a contract basis.
Is compliance providing a boost for security vendors?
Robbins: It is, but it varies by region. In Japan,
for instance, the market is driven by JSox, and hence compliance is a huge issue.
In India too compliance is becoming an issue, but because India is not as regulated
as some other markets the impact isnt quite as huge. Companies that do
business in Europe need to comply with Basel II; if they are doing business
in the US they need to comply with Sarbanes Oxley. If Indian companies want
to grow they need to manage growth for which they have to make sure that investors
retain confidence in them for which they need to comply with regulations.
Piracy levels of Symantec products are among the highest.
Would you like to comment on this?
Robbins: Symantec has been one of the worst affected
by piracy. We have been regularly taking steps with customers and governments
to bring down the rate. We believe that the only way to achieve this is through
a sustained and meaningfully-invested or funded model that just continuously
drives the market down and puts reasonable controls in place. We also acknowledge
that if someone wants to be unreasonable he would anyway continue to pirate
the software. Most people buy a pirated copy without knowing about its origin.
We try to educate the public about how a legal box looks like, and so on. The
figure has dropped but progress is slow.
Dhupar: Most people are not aware that piracy is an
issue. For a company there is a given dictum that they need to use legal software.
But end-users dont know whether the copy of the software they have procured
from a friend is legal or illegal. We need to spend time with consumers in educating
them. But to deal with organised pirates we need to work with the legal authorities,
which we are doing.
Arent the downloadable trial versions hosted on your
site easily accessible to hackers?
Robbins: It is a fine balance between trying to make
product available to the average user and yet making it inaccessible to those
who want to make illegal use of it. You can have software keys to protect the
download, but then it becomes difficult for an honest user to evaluate the product.
The only answer to this is education.
Microsoft is entering the security space with Vista. Your
Robbins: Microsofts entry into this market is
leading to increased buyer awareness which will stimulate demand; the market
will expand. We take Microsoft seriously, and in the past we have appreciated
their efforts to put security features into their operating systems and fix
problems. However, we are a bit concerned as most independent software companies
as well as regulatory bodies have been about Microsoft not granting access to
its upcoming Vista OS to third-parties such as Symantec, as they have done in
the past. This is the biggest concern. We believe that this move on their part
is going to stifle competition and give consumers less choice. We are keeping
a close watch on this and how the issue takes shape.