Symantec shakeup creates fresh opening to shift security strategies

Steve McNamara is Regional Vice President Sales for VMware Carbon Black and a former vice president at Symantec.

Information technology is always changing and so is the industry behind it. But recent developments surrounding the fate of one of the world’s most widely relied-upon suppliers of enterprise security products have created a significant “disturbance in the force.”

In an odd twist on the perils of vendor lock-in, enterprise CIOs who rely on Symantec enterprise security products have found themselves in lock-out, following the decision late last year by Symantec’s new owner, Broadcom, to abandon support for all but 2,000 of Symantec’s most profitable enterprise security customers. Some reports since then suggest that number is closer to 700 accounts.

Steve McNamara, Regional VP Sales, VMware Carbon Black

When Broadcom completed its $10.7 billion acquisition of Symantec Enterprise Security in November of last year, it came with all the fanfare of one tech giant acquiring another in the name of “building out one of the world’s leading infrastructure technology companies,”

Broadcom officials crowed. But as a pre-acquisition presentation deck to investors made clear, the real appeal of the deal was the opportunity to “rationalize” Symantec’s salesforce, reduce product development costs and focus instead on the highest ROI opportunities, all to drive up returns for shareholders.

That’s left CIOs at more than 100,000 Symantec enterprise accounts scrambling to regroup and ultimately replace an array of endpoint security, cloud security and data loss prevention products, among 270 different products Symantec sells, along with their web security services.

The bright side of all this for many organizations, both in the private and public sectors, is the opportunity this affords to move to newer generation cloud-based solutions capable of delivering greater security.

Just as importantly, it also gives CIOs and CISOs a fresh reason to finally shift to a more “intrinsic security” approach to their IT operations — and begin to address three fundamental obstacles that continue to hobble enterprisewide security:

Security that’s bolted-on vs. built-in: On average, enterprises use as many as 80 different security products, mostly because security teams are brought on after the infrastructure has been built and applications already deployed, which only leads to added security problems down the road.

Security that’s siloed vs. unified: Infosec teams typically spearhead security within, rather than across business and program units, resulting in siloed solutions. And they tend to rely on toolsets that are just as siloed. That inevitably leads to endless backlogs of security patches and hidden vulnerabilities. Moving to a more unified security model would reduce workloads and the associated security risks.

 Security that’s threat-centric vs. environment-focused. The security industry has sold enterprises on detecting threats. What’s needed instead is a thorough understanding of your environment and the ability to align and adjust security controls dynamically.

Intrinsic security is all about building in security controls across your infrastructure — from your endpoints to your clouds. And those controls need to evolve dynamically, just as your endpoints and your multi-cloud environments evolve dynamically.

That’s one reason VMware acquired Carbon Black last year. VMware Carbon Black’s cloud-native endpoint protection platform (EPP) will soon be embedded in VMware’s vSphere operating system. Among other advantages, it will eliminate the need to install agents on users’ endpoint devices. For organizations with thousands, or tens of thousands of employees, that’s a massive and ground-breaking time-saver. Having those and other security capabilities working throughout VMware’s virtual operating environments represents just another reason why it’s time enterprise CIOs start unplugging all those miscellaneous security boxes.

But the acquisition also reflects VMware’s larger strategy, not so much to add another brand or revenue stream to its portfolio — but to double down on its efforts to build a powerful security division aimed ultimately at helping enterprise customers operate more securely across their virtual domains.

And it points to a larger issue — one of the many CIOs and CISOs need to keep their eye on: The security products market is ripe for further mergers and acquisitions. Trying to decide which players will still be there to support your organization three years from now, and to what extent — depending on whose corporate umbrella they come under — is likely to get a little dicey for enterprise IT buyers.

But it’s a good bet that the long-term survivors will be those vendors which truly understand their enterprise IT customers’ needs — and have the tools, the expertise, and yes, the financial staying power, to meet those needs.

Find out more how VMware Carbon Black can help your agency operate more securely from endpoint to cloud.