Here's how Symantec can dominate the "new" desktop. (Fingers crossed they don't screw it up again!)

Everyone's heard of Symantec. While most of us think of them primarily as an antivirus and endpoint security vendor, others know them for their data backup and protection.

Everyone's heard of Symantec. While most of us think of them primarily as an antivirus and endpoint security vendor, others know them for their data backup and protection. And those of us in the desktop space think of them as Altiris desktop management and maybe SVS and AppStream.

After several fits and starts in the desktop virtualization space, Symantec is once again poised to (possibly) be a major player in our world. They have all the right pieces—they just need to figure out how to position their products, how to get the message out, and how to keep the right people.

Fool me once...

I've been excited and then disappointed more by Symantec than any other vendor in our space. 

Way back in 2008 I wrote about how they were poised to take off. They had just bought Altiris (who themselves bought FSLogic for app virtualization and AppStream for streaming). They bought nSuite for their connection broker and OEMed RTO Software's Virtual Profiles for profile management. By 2009 that was all combined into the Symantec Workspace Virtualization Suite which I viewed as a legitimate player next to Citrix and VMware.

But then the wheels fell off.

In late 2009, the endpoint virtualization group's VP Ken Berryman moved on to take another job within Symantec. (And he'd be out of the company a year later.) Then in 2010 Symantec lost the right to OEM RTO's Virtual Profiles when VMware bought RTO. In 2011, Doug Coombs, the group's director of product management, left the company, and Brad Rowland, the group's director of marketing, moved on to another job within Symantec.

And as if this all wasn't enough, in the midst of this all they decided to kill the nSuite-based connection broker (last called "Symantec Workspace Corporate/Remote"), leaving their "endpoint virtualization" with just app virtualization (Altiris SVS a.k.a. Symantec Workspace Virtualization and app streaming (Symantec Workspace Streaming).

Fool me twice?

Take a look at Symantec's products. A quick count on shows that the company currently sells 138 different products. So while I've written them off several times over the years, it's easy to forget just how big they are. In fact Symantec's annual revenue was $6.7B last year which is substantially bigger than both Citrix and VMware combined!

If you look at the products through the lens of people who visit this website, it's pretty clear that Symantec has all the core components needed to deliver a "Gen Y" desktop, including mobile device and app management, data security, web security, a federated app store, identity, integrity, and Windows system management. In fact in many ways they're already in place to be what Citrix and VMware want to become.

For example, I already mentioned that Symantec's app virtualization and streaming are still going strong. Many people believe that their app virtualization is better than App-V and ThinApp, and in fact Symantec has nabbed customers away from both. They've also announced improvements to the products, including the fact that the next version of app virtualization will allow multiple users to share the same read-only base package, and that base packages will be able to live anywhere. (Home drive, USB stick, Dropbox share, etc.) That really opens up a lot of options for deployment (does Dropbox replace app streaming?) and profile management (keep the source packages in Dropbox and the per-user change layers in home drives).

Symantec has also been on a tear in the mobile space, having bought MDM vendor Odyssey in March and MAM vendor Nukona in April. In speaking with the product folks in that group, they definitely "get" that MAM is the future, and they're focusing on that versus MDM. (If you're confused on what this means, read my primer on the difference between MDM, MAM, and MIM.) Symantec views MDM as a "nice to have" for scenarios where the company wants to have more control over specific devices, but they absolutely understand that the future (and BYO) is about MAM, not MDM.

Another Symantec product which is really interesting in our space is called O3 (that's the letter "O" followed by a 3, as in "Ozone"—the layer above the cloud.) O3 is an access point to the web that does SSO, access control, and content filtering and protection. It's basically a service that runs in the cloud (public or private) that you configure as your access point to the web. So you install the agent on your client devices (laptops, iPhones, Androids, etc.) and login to that app, and then it does all the SSO and identity management to get you into your apps. O3 feels a lot like Citrix CloudGateway and has many SSO similarities to VMware Horizon App Manager. It also offers the same protections like being able to provision web services to users where the end users don't ever know what their passwords are. Moving forward, Symantec has talked about they're working to integrate DLP into this platform to really control what goes where.

The next version of Symantec Workspace Virtualization (their Windows app virtualization solution) will feature a new capability called "Symantec Workspace App Manager," an end-user portal which is their version of a federated app store (Similar to Citrix CloudGateway or VMware's Horizon App Manager.)

I also like that Symantec has recently been de-emphasizing their NAC/NAP capabilities. As you might recall from an particularly contentious Brian & Gabe LIVE a few months ago, I'm a strong believer that NAC/NAP is worthless, and that you should let anyone and anything on the network and use SSL-VPNs to secure the resources themselves.

In addition to trusting Symantec for the network, we also trust them for encryption on our client devices. Whether that's combining encryption with individual corporate containers (like what their app virtualization can do) or looking at encryption for the "Wild West" that is Android, Symantec can help keep it in the right hands. This is even more critical moving forward as we see everyone bringing their own clouds and consumerization services.

Symantec also has a technology called "Insight" which they use to power their reputation-based security products. In addition to scanning files for known virus signatures, Insight keeps track of which files are downloaded and run on hundreds of millions of devices worldwide, generating a database which is accessed in realtime to help users identify whether a file is safe or not.

Speaking of security, Symantec also has a smart token app—essentially a software version of a SecurID two-factor authentication fob which you run on your smartphone.

And let's not forget their whole Altiris stuff that actually solves the bare metal problem, something that Citrix and VMware have shied away from. (Even VMware's Wanova doesn't really have a story around bare metal. I mean how do the Windows bits get on the device in the first place?)

What should Symantec do next?

Clearly Symantec has all the pieces to be successful in our space. Hell, if they play their cards right, they can flat-out dominate the "next" desktop. So what would it take for that to happen?

First, I'd like to see some integration across these products. Note that this doesn't mean I want all fifty of these things combined into some "Endpoint Suite" that costs $2,000 per user. But it would be nice if these products knew each other existed and we saw some integration—at least on the user side. For example, the upcoming Workspace App Manager with the end user-focused UI for selecting virtual apps to run… why is that a separate client and separate UI from the O3 client which presents web and SaaS apps to the user? And since Symantec now has MDM and MAM products, accessing their app client from a mobile device should also provide links to native iOS or Android apps in addition to the web apps.

Symantec should extend their federated app catalog to deliver remote Windows apps too. I know they don't have their own broker anymore, but that's fine—they can at least integrate with Microsoft RemoteApps. (Though VMware is planning for Horizon to broker connections to Citrix apps too, and Symantec should follow suite.)

While they're at it, why not license Ericom's HTML5 client for RDP. That way users can launch remote Windows apps on whatever platform they're connecting from. (Though it's possible this wouldn't be needed since so many of Symantec's other products require some kind of client agent or software to be installed, so maybe ensuring an RDP client is present isn't that big of a deal.)

Since Symantec is a security company, they should also focus on using their existing endpoint security prowess to secure the files and communication that users do with each other via cloud-based file sync products like Dropbox. Take a look at something like AppSense DataNow which encrypts regular files before sharing them. Or maybe Symantec can do it right and buy Watchdox, one of my favorite companies in our space right now. Watchdox would integrate nicely with Symantec's other products, including user authentication, encryption, DLP, and rights management.

Now if Symantec really wanted to make a make a splash, they'd buy a company like Bromium. That would give them an ultimate security tool for Windows-based systems (VMs or physical), a great solution for BYO, fantastic virus protection, and the ability to throw away changes a process made with the same ease as closing an application. The core Bromium technologies are transferrable to other platforms too, like iOS and Android.

And of course all this is just scratching the surface of what Symantec can build… if they can just get it together to built it!

Can they build it?

The big question for Symantec in our space today is the same question we've had for them for years—can they execute? And that's a two-part challenge. First they have to have the vision that they can execute. I've had one-off conversations with smart people here and there, so the brains are there. But can they get that message out?

Second, they're going to have a sort of Quest problem where Quest had all this great desktop-related IP but it was scattered all around the company, and every group had their own priorities. So you've got one lowly PM in one office standing on a chair saying, "Hey!! Guys??? Come on!! This would be awesome!!!" But how to you put the effort behind this? It has to come from the top.

Will it? Will they? Time will tell.

What do you think? Is Symantec well positioned for our space? Do you love them or hate them? Will they be able to pull it off?



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: