Good news everybody, Symantec is breaking up. The company will separate their storage and security groups into two distinct companies beginning next year. The full details of Symantec’s break up are here or read Symantec’s site here.
The reaction to this news among analysts and customers has been mostly positive. Now, whether this actually improves Symantec or not remains to be seen. However, the break-up trend is gaining momentum. Symantec’s break-up comes mere hours after HP announced it too would break up into two companies. These two break ups have the potential (and it is just potential since even the broken up HP and Symantec are still very big companies) to make these firms more focused, agile and innovative.
Symantec’s acquisition of Veritas as well as Altiris and Bindview a few years ago were all based upon a faulty premise. Symantec, like HP and others, believed that security, storage, and IT operations are all on the same technology continuum. The vision was that these products can be brought together in one universal offering (a sort of Grand Unified Console Theory for the tech world.) This seemed logical on paper. However, in practice it does not work. Security, storage, and IT operations technologies are all sold very differently. This leads to divergent goals and visions among sales, operations, and engineering groups.
However, Symantec was not alone in this faulty reason. When we look around at the industry, there are a few other overweight companies that have accumulated some security properties. They too may benefit from break ups.
Cisco is the epitome of a massive behemoth that lacks agility. To their credit, Cisco has managed to stay relevant in the security field, but that is only because they keep acquiring innovative companies like Ironport and Sourcefire. Still, in time Cisco will drive away the talented people and the technology will devolve into market-share gasping mediocrity. There is a good reason Cisco, like Symantec, has been called a place where “good technologies go to die.”
However, Cisco has a few things in their favor that Symantec lacks. Cisco has a deeply loyal channel which will do and sell whatever Cisco tells them to. Moreover, they have a very strong corporate culture, that rewards teams and groups that carve out new niches (either through innovation or acquisition.)
Cisco could spin off all their security products and put it in the hands of Martin Roesch. Martin is a smart guy with some solid business acumen. Armed with Cisco’s resources, and the freedom to innovate, he would likely produce great things.
However, this breakup seems pretty unlikely, since acquisition and consumption of outsiders seems so engrained in Cisco’s culture.
Intel / McAfee
McAfee was on the precipice of greatness in 2011. They were acquiring novel companies and building a unified ecosystem of products. Then two horrible things happened: Intel bought them and John McAfee got Internet access.
At first Intel’s whole idea of security on a chip seemed fascinating and plausible. Everybody liked the concept so they cheered on the acquisition. It is two years later and so far Intel really has nothing to show for this.
However, it was the very public rants of the insane but utterly hilarious John McAfee that did the real damage. Intel tried to distance themselves from McAfee and his name, but the damage was done. In the minds of many people, McAfee was a grizzled, has-been on the run from sanity. John McAfee was out of his mind as well.
Intel, here is some free advice: Buy another security firm. It does not matter who. Just buy one with a respected name, like BlueCoat (I am sure Thoma Bravo will take your money). Now, spin the whole thing off under the new name and throw away McAfee’s name for good. Do not be shy about this and try to make it all seem like some pleasant transition of synergies or other such nonsense. Just face the reality that the McAfee brand is just as washed up as its namesake.
Dell / SecureWorks / SonicWall / Quest
Dell is not a security company. Their core expertise has always been selling hardware. So what is this PC company doing with properties like SecureWorks, Quest and SonicWall?
Dell made the very smart move a few years ago to go private. As a private firm, they can invest in innovative ideas without having soul-sucking lizard-brained accountants tell them they cannot do it because they might lose a dime. The problem is that Dell let the soul-sucking lizards continue to run the show after going private. None of their acquisitions have become anything more than just part of the Dell theme park. A park that is tired and losing riders with each passing day.
Dell is equipment company trying to be a security company. It is difficult, if not impossible, to apply the same metrics to selling PowerEdge servers as it is security controls. Moreover, Dell has utterly botched their whole channel strategy. Many SonicWall partners are abandoning them for the greener pastures of Fortinet, Palo Alto, or Cisco.
Spinning off their security properties into a stand-alone company would allow these security properties to be freed of the shackles of hardware. This issue also applies to the last company on our list.
EMC / RSA
Now here is a break up that is inevitable. Rumor has it that EMC has been hard-shopping RSA to suitors for while. The thinking was that RSA would open new markets and opportunities for them when they acquired them a few years back. However, EMC and RSA have never really gelled.
Similar to Dell’s issues, storage and security are very different businesses. Security is a business of innovation and insight, whereas storage is a business of performance and reliability. Storage is sold to different IT people than security. Furthermore, storage is a fairly static, commodity technology with limited recent innovation, whereas security is constantly evolving. Ultimately, these differences led EMC sales people to cannibalize RSA opportunities, which frustrated customers and partners.
However, RSA’s problems run deeper into the organization. RSA lacks soul. Once upon a time, RSA was widely respected and had brilliant solutions. Today, their products are equal parts competent and confounding. RSA’s GRC platform, Archer, is a grandiose vision with catastrophically bad execution. RSA’s Security Analytics is innovative, but lacks cohesiveness and is losing mindshare to the likes of IBM and Splunk.
The EMC acquisition of RSA was built upon the same false premises that made Symantec acquire Veritas and Dell acquire SonicWall. These companies mistakenly believed that storage (and IT operations) were on the same market continuum as information security. They are at an operations perspective, but not in a sales and marketing point of view. As such, there is a perpetual tension between selling equipment and selling security.
RSA needs to be a dedicated security firm. They also need an owner who understands how to make technology sexy and can play to their strengths. Palo Alto Networks would be an excellent place for them. Ironically, Symantec’s security division could benefit from acquiring RSA. However, the sad truth is that Cisco will probably buy them because they can.
New beginnings are a good thing. Sometimes the only way to fix a broken company is to take it completely apart and rebuild it in a different location.
Information security demands focus to be successful. Without the storage industry holding them back, Symantec may return to relevance and innovation. However, it is worth noting that Symantec (as well as HP) has failed at all their big strategic initiatives over the past five years. Since, past performance is the best indicator of future performance, there is a decent chance these new beginnings could also be the beginning of the end. Nevertheless, we remain positive on Symantec’s future and their leadership’s ability to make this break up work.