COMPUTER BUSINESS REVIEW

Critical. Authoritative. Strategic.

TECHNEWS

CBR is proudly produced & published
by Technews
www.technews.co.za
Issue Date: August 2000 (es)

Symantec - securing IT assets and your intellectual property

1 August 2000

The annual Computer Faire held in Midrand is becoming larger and more diversified as the Internet and e-commerce revolution continues to make its mark in South Africa. One of the overseas visitors was Dieter Giesbrecht, the Senior Vice President International of IT company Symantec and Hi-Tech Security Systems was offered the privilege of a personal interview with him and his Regional Manager Kevin Isaac.
Symantec is a US-based company which is listed on the NASDAQ, has a revenue in excess of $700 million and employs some 2600 specialists worldwide. While recent events have seen many IT shares take a significant battering, those of Symantec have held amazingly firm, following an 18 month rise from $13 to $60. Symantec established a physical presence in South Africa in 1997 and operates out of offices in Woodmead, Sandton. With headquarters in sunny California, Symantec is truly a global operation, with a physical presence through the Americas, Europe, Japan, the Asia Pacific region and of course South Africa, from where it provides solutions for customers on the rest of this continent and the Middle East.
A short history of Symantec
The Symantec Corporation was actually founded in 1982, being one of the first PC software companies and one of the few that is still thriving today. As was popular at that time the focus was on consumer software (remember even the mighty 'Big Blue', IBM, did not believe that the upstart home computer would make mainframes obsolete). Symantec still is a very powerful player in the consumer 'boxed-product' market (the famed Norton is one of its brand names) but about 18 months ago sage forward thinking saw a shift in focus towards the commercial sphere, where following a strategic review, network security was seen as becoming a major issue. Today Symantec, through continually reinventing itself, has its income stream almost equally divided between corporate and consumer customers with an eventual objective of 60:40. As Symantec intends to retain and grow its existing share of the consumer market, this corporate business is effectively pure growth.
Enterprise security
Enterprise security has, in fact, been transformed since the impact of IT, from the 'guns, gates and guards' of the 80s to the reactive ('find and fix') era of the 90s. Today there is real awareness of the problem, no doubt influenced by the chaos caused in recent years by both hackers and viruses. Y2K has seen a very proactive approach to the problem of IT security, the catch words being 'assess and manage' and this is the field in which Symantec, leveraging its leadership in 'anti-virus' systems, is now playing a major role.
The change in market focus saw Symantec establish its growth into its new market area through acquisitions, a successful tactic being the purchase of highly technically competent companies that benefited through the added complementary power of Symantec's technology and strong sales and marketing infrastructure. These acquisitions are continuing and two of the latest companies to be brought into the fold are L3 Network Security and UR Labs. With its own in-house developments and acquisitions Symantec now sees itself as the 'global leader in security in the connected world'. This new acquisition policy is distinctly contrasted to that used by the company during its initial growth phase where the emphasis was on buying companies which had an established product and revenue stream or just merely taking out some of the more aggressive competitors.
Network security
According to Dieter, network security can be defined in terms of four very distinct areas, these being in no particular order of importance, infrastructure security (firewalls etc), application security (through encryption), operations security and content security. It is in the last two areas that Symantec has focused, realising that it could not be the 'best of breed' in all four.
While operations security addresses the whole area of detection of intrusion and further follow-up and consolidation activities, contents security is all about anti-virus, mobile code, e-mail filtering and URL blocking. Taking anti-virus as just one highly topical example (following our inundation with the 'I Love You' bug) Symantec assumed absolute leadership here following its acquisition of mighty Intel's own anti-virus technologies. This is the main sphere where the Norton tradename is still used and a wide range of products (many yellow-boxed) are available to minimise risk from all possible entry points including e-mail gateways, firewalls and network servers. Symantec offers everything from business enterprise solutions right down to the protection of the individual nonnetworked PC or laptop.
The threat from within
Before launching itself in its new strategic direction Symantec undertook an extensive survey of customers' experiences. In case you think that network security is not a worldwide and growing phenomenon, almost 92% of companies surveyed in the US suffered from unauthorised access intrusion between 1998 and 1999 and the number of companies reporting such intrusion to law enforcement agencies rose from 17% in 1998 to 32% in 1999. The really astonishing statistic is that we all tend to trust our own employees, almost three-quarters of all security threats arose within organisations. While no figures are available for South Africa it is estimated that intellectual property theft is costing corporate America an estimated $250 billion a year and the increasing access to information over the network is making such theft easier that ever before for the unprepared.
Risk management is the goal
Risk management is the goal
Establishing your sweet spot
Symantec is the first to admit that 100% security is virtually impossible as the cost of security increases virtually exponentially when the risk is lowered below certain levels. The solution to this problem is to find the 'sweet spot' where the cost of protecting the assets is acceptable in terms of the remaining risk. The 'sweet spot' is essentially the point where the risk is acceptable and this is achieved at affordable cost. Symantec offer tools that enable companies to look at the risk in terms of the three 'drivers', asset value, potential threat and vulnerability. When these are plotted on a three-axis diagram the volume obtained represents risk and this can be minimised by looking at each of the drivers where possible.
Tactical and strategic risk
Risk is also defined by Symantec as being present at two distinct levels which could require very different types of responses. The lower level is tactical risk where the outcome could just be that sales targets are not met for the year. This could have an impact on the share price of a listed company but this is likely to be only temporary and in any case changes in share price is affected daily by events beyond the control of any company. The highest level of risk is strategic and here the danger is that the company could be put out of business. Using a banking house as an example, a loss in customer confidence could lead to a run on funds which might bring the bank to its knees from lack of liquidity of its assets.
Besides the larger business-related security issues, Symantec has also found that its customer base is increasingly concerned about the softer issues of internal control. These include the misuse of the e-mail facility (which in itself increases the risk of virus attack through chain-letter e-mails), downloading of inappropriate information (access on a need-to-know basis) and controlling web browsing to work-related activities.
While Symantec offers a complete solution to these control issues, Dieter points out that companies must clearly define and manage a policy in this regard. This policy must be one which provides comfort to both the company and its staff and would have to address issues as to what freedom staff will have in noncore work time and the possible additional access required by staff who are furthering their education, often through company-sponsored schemes.
Symantec in South Africa
It was interesting to learn from Kevin Isaac that SA business is not so far behind the rest of the world in its appreciation of the need for adequate security. Being so geographically isolated as we are, the customers demand a very high level of product support and to meet this need Symantec has established a network of certified value-adding partners, who include all the big names in the business consultancy field.
Where this market is somewhat different from the norm is in the large number of SMEs which are making use of Symantec security solutions. While this article may have stressed the value of security for the larger enterprise, it is equally pertinent for even the smallest entrepreneurial company. Symantec offers a completely scalable solution, so that the small-cap SME which could have very valuable intellectual assets can have the same levels of security at a price which is tailored to the size of the network and which is affordable to them.
If you are still not convinced of the need for proactive attention to the security needs of your network then just ask yourself if you were prepared for the recent invasion of the 'I Love You' virus. Like me you probably received it from the address book of a trusted client whose attachments you would normally assume were virus-free and business pertinent. In this case if one of your employees had inadvertently opened the attachment the virus would have been spread on to your most valuable clients. Are they really going to believe that you operate a secure and confidential network? - I doubt it!
For details contact Tanya Pogir of Symantec SA on tel: (011) 804 4670, fax: (011) 804 4676, e-mail: tpogir@symantec.com or visit www.symantec.co.za


Others who read this also read these articles

Search Site





Search Directory

  • Search for:





Subscribe

Previous Issues