Symantec: Achieving Growth in Enterprise Software

Stanford University
Course Lectures
  • Returning to talk at Stanford after two years, John Thompson, chairman of the board of directors and chief executive officer of Symantec Corporation, talks about the changes in the technology sector and the enterprise software space.

  • Slow down in capital spending has had a profound effect on the enterprise software companies, says Thompson. Symantec has made tremendous investments to retool infrastructure of the company in the last 2 years to scale the business. This story is being replayed time and time again in the valley, he says. With capital spending decreasing, companies are adopting new models - software as a service. There is no right answer and model; it is a function of the nature of the business you are in, he notes.

  • Thompson talks about customers being the main driving force behind the business and business model. He gives examples from Symantec about the need to be close to customers. He also focuses on the need to concentrate on the business needs over the business model.

  • Thompson stresses the need for customer diversity. Software companies that were dependent on Fortune 1000 companies for their business suffered when their niche clients also suffered in the economic downturn. If a company is to survive challenging economic times, companies must have a diverse customer base, he says. Symantec brings stability to its business by serving individual customers as well as the largest governments and corporations. It brings essential geographic diversity by deriving 51% of its business from outside the US.

  • Thompson states that a company must never stop spending, even in challenging times. As Symantec entered the challenging 2001, the problem was about the cost of owning and operating the security infrastructure that customers had deployed around the world, he says. Customers had no way to measure the effectiveness of the technology they deployed so Symantec spent 15-16% of revenues to build a portofolio of tools that are now the model for how security ought to be done.

  • Thompson talks about how the most significant event for the security space was not 9/11 but it was 9/18. That is the day a dangerous virus, nimda, hit.

  • We don't use hedging, says Thompson. We have a typical planning process; we assume when we exit a quarter that the dollar will be same in the next quarter, he adds.

  • Thompson talks about how the cheapest form of growth is organic growth. We will be in the market again soon, he adds.

  • Thompson talks about how security is a broad domain of technology, including everything from anti-virus to sophisticated authentication authorization technology. Mid to small businesses pose a vast opportunity if security companies can package technology simple enough for these companies, he notes.

  • Intrusion detection is the next big opportunity, says Thompson. However, it is 10% the size of the antivirus market, and is therefore relatively small. First generation intrusion detection technology was very difficult to deploy and manage he notes. Now these customers, especially those in the financial space, want intrusion prevention technology. Migration from software to hardware is first driven by desire to improve line speed. Thompson talks about ways in which many companies are adopting this model. Symantec chose an alternate model because it is primarily a software company.

  • Thompson talks about the #1 driver at Symantec - focus.This involved purging products that were not core to the network centric vision, and made hiring and partner relationships, among other things, much easier, he notes.

  • Amateur hackers are mainly knowledgeable about the windows environment, says Thompson. But professional hackers can hack into anything. Symantec welcomes the giants like Intel and Microsoft into the space. According to Thompson, the Netscape phenomenon was a product of the arrogance of youth that is not prevalent in the country boys at Symantec.

  • Going back to 1998, Symantec was best known for Norton utilities and Norton anti-virus, says Thompson. When he arrived in 1999, right after windows 1998 was launched. Symantec had had a bad series of quarter. In his first 100 days, he looked at the company product portfolio and found products that were not of strategic value. The brightest star was Norton anti-virus. Symantec had viewed itself as a consumer oriented desktop software company. Coming from IBM, Thompson decided that Symantec would be an enterprise security company. He went about acquiring technologies around the security theme. Symantec used these acquisitions to retool the company. However, the market was not mixed enough and they couldn't get the enterprise multiple. At this point, Symantec decided to do a billion dollar transaction that became the catalyst for changing all the business processes. It finally moved to being an enterprise focused security company.

  • Thompson talks about how Symantec was looking at changing from a software business to a content business. He shares the history about the marriage between Symantec and other companies that they have acquired over the years.

  • On Network Association as competition, Thompson thinks that the final chapter on both the companies is not written. However, he does believe that execution at Symantec is better and the customer base is more diverse. While Network Association was capturing the enterprise market, Symantec were concentrating on diversifying their customers. Now Symantec is doing better in the enterprise and consumer space. That said, Thompson stresses that one can never count a company out.

  • Thompson says that is possible to include transaction-based security products, but it is not probable because this would mean working in the domain of the big giants like MS .NET, Sun, Cisco etc. Part of the problem is that security has been an after-thought. In the future, they will become more a part of application design. Many web server based and platform based companies will have to integrate that more tightly into their solution set. Thompson would rather focus on infrastructure and let them focus on transaction.

  • Thompson says that at Symantec, they measure what matters. Every one at Symantec knows what is being measured and managed and how they should behave in the contest. He stresses that in today's environment, it is not about managing results but about leading teams across a company. Managing implies you know what the outcome is that you want, and leading implies that you are going to inspire people to do things that they didn't think they could do, he says. In conclusion, Thompson reiterates that a company should measure what matters and reward people handsomely for the results.