Symantec’s Strategic Merry-Go-Round: Questionable Short-Term Moves Hinder Long-Term Objectives

E. Parizo

Summary Bullets:

• Symantec’s moves to buy LifeLock and sue Zscaler will offer little effective support for Symantec’s stated strategic objectives.
• Symantec instead should seek small, tuck-in acquisitions and find new niches in which to foster innovation.

Symantec has long been a company searching for a strategy, or at least a good strategy. Over the years, it has suffered through several failed reinventions that sought to address an ongoing dearth of disparate products, a lack of organizational cohesion and focus, and an inability to foster competitive momentum through innovation.

Its most recent transformation began earlier this year with the divestiture of Veritas, the storage software maker it merged with in 2005, and subsequent acquisition of well-regarded web security vendor Blue Coat Systems. The newly combined company’s strengths are a sizable endpoint install base, market-leading e-mail security and web proxy products, and competitive complementary products in areas such as cloud application security and data protection. On its face, the existing product portfolio would seem to offer a solid foundation on which to build.

Yet, Symantec is under pressure from shareholders because its revenue position is increasingly dire. Both its enterprise and consumer divisions have seen declines in net revenue for three straight years; the consumer-based numbers are particularly grim, dropping from $2.11 billion in fiscal 2013 to just $1.67 billion this year.

Investors believe the top priority for Symantec’s new executive team is to stop the bleeding, and that no doubt was a driver behind CEO Greg Clark’s first two high-profile tactical moves. Those moves, however, offer little long-term support for Symantec’s strategic objectives.

First, Symantec announced last month its intent to acquire consumer antifraud provider LifeLock for $2.3 billion. Symantec believes it can package LifeLock’s services with its own consumer security offerings to broaden their appeal, positioning itself as a provider of digital safety products and services. However, LifeLock has long exaggerated both the risk of consumer fraud liability and its own capabilities in handling identity theft, receiving a $100 million FTC fine last December for, among other charges, falsely advertising that it sends alerts “as soon as” it receives any indication that a subscriber may be a victim of identity theft. LifeLock is little more than an overpriced, minimally effective fraud notification service, and Symantec is vastly overestimating the effect adding LifeLock will have on its fortunes.

Second, Symantec announced last week that it had filed a patent infringement lawsuit against Zscaler, claiming the cloud and web security provider had violated more than a half-dozen Symantec patents. While Symantec may have valid claims, the suit is not only a distraction with unclear prospects for producing a monetary return; it also is likely to sew discontent among its vendor and solution provider partners which may fear increased difficulty in selling and supporting integrated solutions. Considering Symantec has already roiled its channel organization recently, this is not the way to get partners on its side.

In some ways, Symantec’s history is repeating itself. Back in 2001, longtime IBM executive-turned-Symantec CEO John W. Thompson sought to create an enterprise security platform play but was undermined by a market rapidly transformed by the Internet, undercutting the revenue base of the company’s cornerstone consumer security software. In response, Thompson executed Symantec’s $11 billion merger with Veritas, but the synergies never materialized and served as little more than a decade-long distraction.

Symantec still has a long way to go. It must develop a forward-leaning strategy that involves more than integrating its existing products and look for small, tuck-in acquisitions that complement its products and strategy; worthy examples include EDR vendor Cybereason, IoT security startup Senrio, distributed authentication startup MIRACL, or midmarket NGFW vendor WatchGuard. It desperately needs to find new niches in which it can innovate and potentially foster new product markets. It is imperative that it demonstrate industry leadership again.

Upon review, the acquisition of LifeLock and patent suit against Zscaler will prove to be missteps that do little to advance its strategic objectives, but will hopefully serve as early lessons for Symantec leadership.