Q&A: Symantec’s acquisitions and the future

Francis deSouza is senior vice president of the Enterprise Security Group at Symantec. In this interview he discusses Symantec’s recent acquisitions, how they mitigate cloud computing and social networking threats, as well as Symantec’s plans for the near future.

Symantec has undoubtedly redefined their market position with the acquisition of VeriSign’s Security Business, PGP and GuardianEdge. What are the most significant benefits for Symantec’s customers?
The proposed combination of Symantec and VeriSign’s security business sets the foundation for a future world of computing that revolves around people and provides them with simple yet secure access to information and confidence in their online transactions.

Through this acquisition, Symantec will be able to help businesses incorporate identity security into a comprehensive framework so that IT can confidently and securely adopt new computing models – from cloud computing to social networking to mobile computing to user-owned devices – that promise tremendous operational efficiencies and freedom of choice for their employees and customers. Symantec’s current portfolio and assets from VeriSign will provide the depth and breadth of technologies to make identity-based security of information more universal and part of a comprehensive security solution.

A few specific examples:
By combining VeriSign’s SSL Certificate Services with Symantec Critical System Protection or Symantec Protection Suite for Servers, Symantec will help organizations ensure a higher level of security on their web servers as well as verify that security, providing users with the trust and confidence necessary to do business online. Symantec also can expand the VIP ecosystem by incorporating user certificates into its Norton-branded consumer products providing a channel through which consumers can easily create secure identities that can be authenticated when they do business online.

In addition, the combination of the information classification capabilities of Symantec’s Data Loss Prevention solution and Data Insight technology along with VeriSign’s identity security services, will allow us to help ensure customers that only authorized users have access to specific information.

VeriSign’s hosted public key infrastructure (PKI) solution also complements the premier on-premise PKI solution from Symantec’s pending acquisition of PGP, providing customers with the encryption choice that best suits their unique requirements.

Are your clients worried about security issues related to cloud computing and social networking? What can you do to mitigate those risks?
Cloud computing represents a major shift within IT – moving from traditional IT delivery to a service-provider/service-consumer model. Despite the benefits, there is real concern around information privacy and security when it comes to cloud computing.

Symantec believes the success of the model hinges on the level of trust and confidence between service providers and service consumers. Security is the key to enabling that trust and confidence that will make this model succeed.

Symantec recommends that companies assess what specific, proactive steps they should take to protect sensitive information stored in the cloud. Recommendations to implement include:

• Ensure that policies and procedures clearly state the importance of protecting sensitive information stored in the cloud. The policy should outline what information is considered sensitive and proprietary.
• Evaluate the security posture of third parties before sharing confidential or sensitive information. As part of the process, corporate IT and/or IT security experts should conduct a thorough review and audit of the vendor’s security qualifications.
• Prior to deploying cloud technology, companies should formally train employees how to mitigate the security risks specific to the new technology to make sure sensitive and confidential information is not threatened.

You may not be aware, but it’s also important to note that Symantec delivers unmatched choice and flexibility in the adoption of market-leading solutions to secure and manage information in the cloud. Symantec is helping customers capitalize on the promise of cloud computing.

For example, Symantec is a leader in infrastructure SaaS. We provide hosted messaging security, web security and email archiving to more than nine million business users in more than 100 countries through Symantec Hosted Services. We also have more than nine million online backup consumer customers.

Not only do we provide services but, Symantec currently deploys Symantec storage and management software to run its own cloud services; with more than 50 petabytes of online storage for more than nine million active users, it is the largest SaaS storage environment in the world.

What are your general plans for the near future? What kind of product and service focus can we expect?
We will provide details on product roadmap after the close of the acquisition. However, in the future, we see the benefits of combining VeriSign’s SSL Certificate Services with Critical System Protection and Symantec Protection Suite for Servers. By bringing these offerings together Symantec will be positioned to help organizations both ensure a higher level of security on their web servers as well as verify that security, providing users with the trust and confidence necessary to do business online.

Through Symantec’s worldwide distribution network and footprint on more than 1 billion systems – including end-user devices such as laptops, desktops and smart devices, as well as servers – Symantec is positioned to facilitate the ubiquity of identity security through digital certificates for both individuals and companies. This is critical to creating mutually trusted interactions online. With this ubiquity, merchants would have added incentive to join the VIP network if user certificates are widely distributed. More merchants in the VIP network means a more secure and convenient experience for customers moving among member sites. Merchants benefit as well from knowing their customers are also trusted and secure.

Symantec is also positioned to expand the VIP ecosystem in the future by incorporating user certificates into its Norton-branded consumer products providing a channel through which consumers can easily create secure identities that can be authenticated when they do business online. In addition, the combination of the information classification capabilities of Symantec’s Data Loss Prevention solutions and Data Insight technology along with VeriSign’s identity security services, will allow Symantec to help customers ensure that only authorized users have access to specific information.