Symantec eyes ID management

CEO John Thompson also lists encryption and services for backups, archiving and e-mail as possible new markets.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
3 min read
SAN FRANCISCO--Looking for further expansion, Symantec is considering delving into identity management, encryption and a range of managed services, the security giant's chief said Monday.

Symantec CEO John Thompson mentioned those fields as areas the company is interested in as it tries to become a single-source supplier for management of data centers and protection of data and of online transactions.

"In a world that is more compliance-oriented, (identity management) is a critical part of the stack," Thompson said during the opening keynote address at the company's annual Vision conference here. "Today we embrace the technologies that other companies bring to the market. We are not at this moment in the identity management business, but it is an area of great interest to our company."

John Thompson

Right now, Symantec is not a player in the identity management market, which is led by companies including CA, IBM, Hewlett-Packard and Oracle and which research firm IDC predicts will grow to almost $4 billion in the next three years. Typically, the software identifies the users of a system and controls their access to resources within that system by associating rights and restrictions with a particular identity.

An advance into that market is a logical step for Symantec, said Andy Buss, an analyst at Canalys in Reading, England. "If you're going to do enterprise security, you need to be able to secure access to your networks and applications," he said.

It also fits nicely with Symantec's stated goal of becoming an IT services management company, Buss added.

The motivation behind offering more encryption capabilities is similar. Symantec's backup products offer limited encryption features, but security breach laws passed by several U.S. states are driving demand for more, Thompson said in response to a question from an audience member.

Thompson said Symantec was considering adding managed services for backups, data archiving and e-mail. The company has recognized the growing popularity of hosted services, he said.

"The success of Salesforce.com delivers to the forefront the notion that users want to subscribe," he said in response to an audience question. "Today we deliver a managed security service. We think there is a logic extension to managed backups, managed archiving and managed mail."

Symantec plans to focus its managed e-mail services on instant messaging and VoIP through its partnership with MX Logic, and will aim its backup and archiving services at small businesses, said Jeremy Burton, a senior vice president of enterprise security and data management for Symantec.

"We will broaden the partnership with MX Logic to incorporate e-mail and managed services, and deliver mail security software over the Web," Burton told Tom Espiner of CNET sister site ZDNet UK. "Delivering backup and archiving solutions we will focus on the SME market," Burton added.

Symantec has expanded significantly over the past years, with eight acquisitions since the start of last year, including those of Veritas Software, Sygate, WholeSecurity, BindView, IM Logic and Relicore. But the Cupertino, Calif.-based company is keeping its options open as it looks to broaden its business, Thompson said.

"You should not interpret those comments (to mean) that we're going go out and buy an identity management or an encryption company," Thompson said in a meeting with reporters after his keynote presentation. Symantec may acquire the technology, but it might also develop it in-house or partner with others, he said.

Still, Thompson said, it is "unlikely that we're going to be very active in all of those spaces in the near term."

Tom Espiner of London-based ZDNet UK contributed to this report.