Q&A: McAfee, Symantec CEOs talk security

McAfee CEO David DeWalt and Symantec CEO John Thompson answer tough questions about data protection, consolidation, and the IT security market

There are fewer software companies today than there were a year ago, one year ago there were fewer than five years ago, and five years forward there will be fewer than there are today. The question is, can you evolve a process that is relevant for your customers, and relevant for your company as you think about targets that you bring into the company over time.

DeWalt: It's a myth that companies our size don't innovate. Many products are being made almost one hundred percent in-house. Lots of the work in our new consumer technologies was an organic exercise, as with ePolicy Orchestrator. We didn't acquire anything to build that product, and if there's one product strategic to this company, EPO is that, and the list goes on.

But, we also have to use the balance sheet and acquisitions because we can. It gives us the opportunity to grow. Maybe that looks externally like we don't have to innovate, but we're really doing both and making sure that we augment the strategy. It is a combination and we have to be good at balancing both things. Companies like McAfee have gotten mature because they're good at development and acquisition.

Part of that is at blended shore development, we're moving sustained engineering and quality assurance to offshore locations like India and China. Innovation is coming from Beaverton, Ore., Santa Clara, Calif., and elsewhere where core development and Avert Labs sit.

Those people don't want to do sustaining engineering on Windows 95, so we have to innovate that way so people who want to be working on the newest thing can do that.

In reality the core of this company is focused on nothing but innovation. We do the other stuff in low cost locations, and if we didn't do that we would probably die.

InfoWorld: Over the last several years we've seen many major IT platform providers, including Microsoft, Cisco, Intel, HP, IBM, and EMC make investments in acquiring security technologies and building their own security products.

How has this shift toward the integration of security into the operating system, network and computer hardware, software and storage changed how you will direct your own companies going forward?

Thompson: The reality is that what customers are trying to do in terms of managing access to applications and the ability to share information across the enterprise, both internal and extended, makes it incumbent upon all of us to recognize that securing that content is very important.

 Many of the companies you referenced started their lives thinking that security was something that slowed down the machine, network access, or their sales. They finally came to the realization that security is an enabler and not an inhibitor and that they must embrace it one way or another.

The real question becomes, where do customers think logically about security elements? If you look at what has evolved at Symantec, we have said that it's natural that some security technologies will live and reside in the network.

Networks have become fast enough, deep packet inspection technologies have become good enough, and we assume that as time goes on more of that will occur. And the logical place for companies to do that is with the people providing network equipment, but that's only one place where you have to protect the stream of content, another is where the users interact at a desktop or server, or where it is being managed at the gateway or applications level.