News Stay informed about the latest enterprise technology news and product updates.

Symantec preps new channel program, reorients toward 'holistic' approach to security

Symantec products to protect identities and content have come thick and fast, and now the company plans to reorient its channel support to encourage a broader approach to security.

Symantec Corp. is trying to change its role in the pantheon of security software providers with a risk-management study showing that misunderstanding is the cause of misaligned security spending, and that its advice is the way to correct the balance.

Aside from the new approach, a refinement of the Symantec Security 2.0 strategy it unveiled in October, the company plans to announce Monday a revamp of its channel program to focus on its new orientation.

More security tools
Penetration testing tools

Hacker techniques to watch

It will also try to expand its services business to as much as $1 billion of the $10 billion annual revenue Symantec CEO John Thompson has predicted the company will generate by 2010. The services will be based on its agent-based security products integrated with both server-based products and services supplied directly from Symantec or its partners.

A consumer implementation of the idea called Norton360 -- which is designed to add online transaction security and automated backup to a customer's Symantec desktop software -- went into Beta test in November.

The practicality of the approach, Symantec's ability to make even a practical plan work, and the question of whether Symantec is the right company to become the center player in an identity protection network are all open to question, according to Mike Rothman, president and principal analyst of SecurityIncite, and a columnist.

"Whether they price and package as a "service," its still an anti-virus agent they are trying to keep on the desktop. I'm skeptical. Symantec's ability to execute has been terrible over the past few years. Consumer has been better, but it's still an open question," Rothman said. "And the $1 billion number is a red herring. What had been traditionally been software revenue may be reclassified as "services," but it's more about whether the pie is growing."

The study is a survey of 528 IT professionals in 37 industries whose responses -- according to Jeremy Ward, service development director for Symantec Global Services -- show that top-level managers and security specialists have wildly differing views on what their risks are, and how well their organizations quash those risks.

The study found that respondents at the highest managerial level and those at the lowest were the most concerned about IT risk, but that respondents at every level tended to overestimate their own ability to mitigate risk and underestimate the ability of others.

IT managers, for example, were far more likely to believe the organization's security technology countered three-quarters of the potential risks than were top-level executives. However, higher-level executives tended to believe changes in process were far more effective in mitigating risk than any other group.

Comparing perceptions of risk and actual security incidents, Ward said, shows that the organizations that were victimized least often were not those who were stars in either security technology or in process controls. Those with moderate levels of response in each of 12 risk areas had the lowest level of actual loss, he said.

The report recommends a five-step policy development process that includes evaluations of both technical and process-oriented risk areas, the creation of a holistic solution that covers both areas of risk, and deployment of a plan that integrates both technology and process-oriented approaches.

Not coincidentally, the next day Symantec CEO John Thompson said in his keynote at the RSA security conference in San Francisco that the computer industry should abandon its one-vendor-supplies-all approach to security in favor of an approach that balances business and technical risks in a coordinated way.

Customers need to store and archive security events and relate them to one another, he said. They have to know if they're in compliance with internal IT policies or federal regulations, train their own people in new processes and hire new people who can create and enforce those policies.

"It will take security companies and customers partnering together to secure customer data," Thompson said. "We're talking about a user-centric approach compared to a technical or device-centric approach. You have to protect the end user and their information, not just the device."

Also not coincidentally, Symantec has announced a rash of acquisitions, new products and product enhancements over the last couple of weeks, including identity managmenet and data security reporting products that provide the kind of end-to-end data and identity security approach Thompson recommended.


The next step is an update to Symantec's channel program, which is expected to include new services and incentives for channel partners offering integrated, multivendor security services, and an update of enhancements to streamline the integration of its channel with that of 2005 acquisition Veritas.

The announcement is due Monday, Feb. 12.

Dig Deeper on MSP channel partner programs

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.