Securing data in a shifting landscape

As computing delves deeper into territories such as the cloud and sophisticated mobile devices, Symantec tries to ensure its safety

FOR SYMANTEC chief executive Enrique Salem, running one of the world’s largest security companies has brought him in a full career circle.

As a young computer science graduate from Dartmouth, his first job was with Peter Norton Computing, a firm that was acquired by Symantec in 1990, bringing him indirectly to work for the company. Eventually, he became Symantec’s first chief technology officer.

He left the company to pursue a number of other opportunities, including as a stint as vice-president of technology and operations at search site Ask Jeeves and, more recently, as chief executive of Brightmail, the anti-spam software company.

When Brightmail was acquired by Symantec in 2004, Salem was brought back into the fold of the company he initially joined almost a quarter of a century previously.

Before succeeding John Thompson as chief executive in 2009, he had most recently held the role of chief operations officer. That in itself was unusual in corporate America: Thompson, one of the few black chief executives leading a major corporation, was followed by an Hispanic chief executive.

In Ireland this week to announce 60 new jobs (“to start with” he says) in authentication services at Symantec’s Dublin headquarters, Salem needs no prompting to launch into a discussion of developments in technology and security issues.

By any measure, it’s a good moment for Symantec. In between the recent spate of high-profile hacking attempts at the International Monetary Fund, Citigroup, RSA, Lockheed, and Sony (to name only a few), and serious concern about identity theft and financial fraud for the average computer user, the company can only benefit from a justified security paranoia.

Salem highlights several “big trends” in computing, all of which have security elements. Cloud computing – the move towards accessing services, software and data through remote data centres, rather then holding them on in-house servers – is one of the biggest developments, he says.

“With the cloud, the real concern is, if I put data into a data centre, how do I know it’s secure?

“Companies are not so worried about the connection between the end-user and the service, but instead, it’s ‘is my data secure, and who has access to it?’.”

Governance is also an issue, with companies concerned about whether they will be able to report accurately on what is happening in someone else’s data centre, as opposed to data held on their own servers. And companies worry about the availability of data, especially after the recent high-profile outage of cloud services from one of the biggest providers, Amazon.

Symantec has a corporate interest in cloud computing that goes beyond providing some of the tools that enable people to secure data.

Salem says the company delivers 16 global services from the cloud and so it needs to manage the same elements as its customers.

Another major trend is what Salem calls “consumerisation” – the huge growth in personal devices such as smartphones and tablet computers that people want to connect to their corporate network. The corporate landscape has turned into one of “bring your own devices”, Salem says.

Until recently, the company had not focused much on security in the mobile area, mainly because initial concerns about viruses and other threats failed to materialise. But research at Symantec’s security centre in Dublin has picked up mobile phone malware “in the wild” – on decoy devices on actual networks. That has helped moved mobile security to a priority.

The reason mobiles have suddenly become of interest to fraudsters is simple – far more people have more complex mobiles such as smartphones, which have Internet access and therefore are more open to worms, viruses, and other malware.

“Until a system has critical mass, it doesn’t become a target.

“The tipping point is usually about 15 per cent utilisation. By 2014, analysts are predicting there will be 10 billion smart devices connected to the network. That makes a better target for criminals,” Salem says.

The area is so important to Symantec that Salem says it will be making acquisitions of mobile security companies to more quickly broaden security offerings for mobile devices.

Finding solutions means balancing privacy against security to manage devices in some way that does not require controlling or having access to people’s personal information on the device. Instead, the solution will lie in policing the way in which it connects to corporate networks.

Other “tipping point” systems include tablet computers – “This year, they’re predicting 80 million tablets will be sold and that makes them a target” – and Apple Mac computers, which for years had virtually no major virus threats because hackers preferred the richer pickings of the much larger PC user base.

Macs have been growing in market share too and are now of greater interest to hackers.

Salem is also concerned with the developing area of cyber threats and cyber warfare, which he considers a very serious security problem.

Seen as a theoretical issue for a long time, cyber threats are now real, he says, noting the success of the recent attack on an Iranian nuclear plant using the Stuxnet worm, which shut down its uranium enrichment programme.

“Clearly whoever did it was very calculated, sophisticated, and well-funded.” He says he talks to many governments who can point to more data that show such threats “are real” and not science fiction.

Although Symantec reduced jobs at its Dublin operations by 138 last year to its current 725 headcount, Salem says Ireland has been a good place for Symantec to run a business.

“We came to Dublin in 1991. The IDA made Ireland the place where it was easy to come in and build big companies. There’s just tremendous access to talent here.”

Is he concerned about European attempts to force Ireland to give up its 12.5 per cent corporate tax rate? He chooses his words carefully.

“I’m pretty bullish on the prospects here. While there are temporary disruptions, I think the economy will recover quickly. As for imposing external pressure, I’d hate to see changes made for a temporary economic situation,” he says.

“Frankly, I’d like to see other countries make that effort to support companies. Ireland does that really well.”

As for his own job, he is clearly enjoying running a company that was pivotal to his early career path.

“I started here in 1990 when I was 24. It’s very satisfying to see a company go from a thousand to 20,000 people. And quite frankly, this is a fabulous job. We have such an opportunity to make an impact.”