‘‘We enable a trusted environment’’

Shivani Shinde in conversation with Symantec's Bill Robbins, Senior Vice-president, Asia Pacific & Japan; Eric Hoh, VP, Asia South Sales; and Vishal Dhupar, the company's Managing Director in India.

Is India a substantial blip on Symantec’s radar?

Bill Robbins

Robbins: The sheer size of India’s economic environment and the rate at which its economy is growing make it a big market. China and India are always compared with each other; both are big marketplaces for us, and we see both these markets as one. The explosion of the middle class in India is resulting in the creation of a whole new class of digital transactions that create great opportunities for companies but at the same time also create challenges. That’s where Symantec steps in by building a company’s trusted environment and helping to ensure that its infrastructure, interaction and environment are secure and compliant while reducing costs at the same time.

As digital technology pervades all corners of our lives, has the threat scenario changed for the worse?

Robbins: The digital environment is everything that connects, be it B2B or B2C. With users embracing a digital lifestyle, things such as digital cameras are becoming a part of everyday life which is leading to a corresponding rise in their storage requirements. Consumers place a lot of importance on backing-up their data and keeping it secure.

There has also been a rise in digital transactions with people buying more on the Web, taking advantage of online banking. We are also seeing greater usage of wireless capabilities. Mobile devices are being used for transactions rather than just for communication; we think that this trend will also hit other parts of Asia, and that people will start using their mobile phones for bank transactions or purchasing things. In this way these devices become critical, and therefore securing these devices from traditional as well as fresh virus attacks is crucial. We are seeing a shift in the landscape in terms of virus attacks; people are now asking for protection from phishing, identity threats, etc.

The gap between one virus onslaught and the next is getting shorter day-by-day. How do you intend to tackle this?

Eric Hoh

Robbins: This is what we have been working on for the past 18 months. When we talk about the next generation of online security or security 2.0, this is precisely what we are seeing, and we rolled out our Norton 360 brand of consumer products in response. We are looking beyond stopping viruses to also protect consumers from phishing, key-logging, malicious spam, etc.

Hoh: Security is all about intelligence and what is happening outside your environment. Symantec has collected feedback from at least 350 million users. We have built products based on this feedback, and have also been tracking vulnerabilities in almost 4,000 software products. Most of our users subscribe to Symantec’s deep site service which is an early warning system that warns them of any impeding threat.

Should enterprise security be centred on hardware or software solutions?

Robbins: Everyone, be it an enterprise, SMB or individual, uses or has a software solution, but you deploy these solutions on an appliance or on a server or on a PC. Software-centric solutions are scalable, and they can be easily updated. For an SMB an appliance-based solution might be applicable, but it varies from case-to-case. At large enterprises they do have appliances, but they also go for pure software solutions. An appliance can be a starting point, but it is just a delivery mechanism for software…it’s a simplified way of installing software on a hardware platform. However, we feel that an appliance solution makes sense for some customers.

Hoh: Choosing between hardware and software is the first step. One needs to look at a company’s needs and how customers can be protected from threats, rather than just looking at what hardware to run on and which area to protect. When we move from the consumer to the enterprise it differs. In a consumer environment if you implement an anti-virus solution you feel that you are protected, but you have other threats too. It all depends on how much of protection you really want. Once you procure a solution it has to be properly implemented. What we often see in the market is that a lot of people have looked at security in pieces; from Symantec’s viewpoint we encourage customers to look at security holistically. That’s why we came up with comprehensive threat management. We are talking about protecting the environment not just from the gateway or perimeter level but all the way to the data centre.

Although there are solutions for dealing with external threats, internal threats are another thing altogether. Does Symantec address this issue?

Robbins: When we talk of security we take in all the levels. Internally they start right from e-mail, which means that the organisation also covers its messaging management solution to keep out hackers and bad elements. Along with this a CIO also has to see that all the right things reach the relevant mailbox. We have a solution that allows companies to implement policies for all the products, and thus it is policy-driven. We have tools like Sygate that has data ports on the PCs so that one cannot use a thumb drive and use it to steal internal information.

Will storage and security get integrated?

Robbins: That has been Symantec’s vision. Some time back when we made an announcement about the same it was the beginning of such a trend, and we saw analysts and our competitors also acknowledge this. It’s true that solutions today aren’t bundled together, but that’s what we are working towards. We are connecting our technologies so that we can provide comprehensive solutions. Some things have already started to come together on the business side, and we have been incorporating these in some of our products. For example, we have taken our Backup Exec product and combined it with the technology from our live stage recovery product to develop a new solution—Backup Exec System Recovery. This in a way integrates legacy Symantec and legacy Veritas functionality.

There is a lot of talk about risk-based compliance. What is your take on this?

Robbins: IT risk management is the next big step for organisations. Companies have financial risk in place, which means that they have policies and processes in place to protect financial assets. But they have no processes or policies for managing their intellectual property. Risk-based compliance means managing your information and making sure that it is not susceptible to loss through fire, flood, hardware failure and the like. You have the business continuity in place, and then manage the compliance aspect around it to make sure that you don’t have risk. Thus, it is about having a comprehensive security structure with availability. It matters to Indian companies that have been listed on Nasdaq as they need to comply with all the related regulations.

Has this concept been accepted by organisations?

Robbins: It’s a rapidly growing market, and IT spend, particularly in the security and storage software segment, outstrips any other spend. IT spend growth in India last year was 19 percent in comparison to China, which clocked 12 percent. If you look at the expenditure on security and storage, it is growing faster than the overall IT figure as companies realise that it is important to protect information since it has become the lifeblood of organisations.

Companies are going from ‘I have to comply because these regulations are mandatory’ to ‘If I have to do this and if I am investing a lot of money and resources in this process how do I then get business value out of it?’ They are now looking at mining this information and using it for competitive advantage. We see companies going from ‘this is a necessary evil’ to ‘let’s get a tangible share value out of it.’

Within organisations the thought process usually runs that compliance is a CIO problem. How does Symantec assist them?

Robbins: Some companies have point solutions, and through these they can address archiving compliance or end-point compliance issues. However, they cannot address all the compliance issues across the spectrum that a CIO faces today. We enable a trusted environment.

A business requires a trusted environment to deal with its supply chain, customers and distributors, and IT has to deliver this trusted environment. Symantec enables CIOs to deliver the environment in a way that is cost-effective, reliable and drives complexity out of the business.

This is especially significant in India as companies here are looking to grow exponentially. They are looking to grow at 40 percent a year—or double that. These are grand dreams, but to realise them you need scale, and for that you need to minimise complexity and maximise consistency. We are focussed on the compliance side, and have policy management products such as Bindview, Sygate for end-point, and products like Enterprise Vault for archiving and e-mail policy.

Companies can leverage our intellectual property through our consulting partners. We have over 1,000 consulting partners worldwide, with 150 in APJ alone, and we are hiring rapidly as companies are coming to us and saying that this is not their core competency. We can do this through products or turnkey consulting, or in some instances we are also doing strategic outsourcing where we take some functions on a contract basis.

Is compliance providing a boost for security vendors?

Robbins: It is, but it varies by region. In Japan, for instance, the market is driven by JSox, and hence compliance is a huge issue. In India too compliance is becoming an issue, but because India is not as regulated as some other markets the impact isn’t quite as huge. Companies that do business in Europe need to comply with Basel II; if they are doing business in the US they need to comply with Sarbanes Oxley. If Indian companies want to grow they need to manage growth for which they have to make sure that investors retain confidence in them for which they need to comply with regulations.

Piracy levels of Symantec products are among the highest. Would you like to comment on this?

Robbins: Symantec has been one of the worst affected by piracy. We have been regularly taking steps with customers and governments to bring down the rate. We believe that the only way to achieve this is through a sustained and meaningfully-invested or funded model that just continuously drives the market down and puts reasonable controls in place. We also acknowledge that if someone wants to be unreasonable he would anyway continue to pirate the software. Most people buy a pirated copy without knowing about its origin. We try to educate the public about how a legal box looks like, and so on. The figure has dropped but progress is slow.

Vishal Dhupar

Dhupar: Most people are not aware that piracy is an issue. For a company there is a given dictum that they need to use legal software. But end-users don’t know whether the copy of the software they have procured from a friend is legal or illegal. We need to spend time with consumers in educating them. But to deal with organised pirates we need to work with the legal authorities, which we are doing.

Aren’t the downloadable trial versions hosted on your site easily accessible to hackers?

Robbins: It is a fine balance between trying to make product available to the average user and yet making it inaccessible to those who want to make illegal use of it. You can have software keys to protect the download, but then it becomes difficult for an honest user to evaluate the product. The only answer to this is education.

Microsoft is entering the security space with Vista. Your comments.

Robbins: Microsoft’s entry into this market is leading to increased buyer awareness which will stimulate demand; the market will expand. We take Microsoft seriously, and in the past we have appreciated their efforts to put security features into their operating systems and fix problems. However, we are a bit concerned as most independent software companies as well as regulatory bodies have been about Microsoft not granting access to its upcoming Vista OS to third-parties such as Symantec, as they have done in the past. This is the biggest concern. We believe that this move on their part is going to stifle competition and give consumers less choice. We are keeping a close watch on this and how the issue takes shape.