Here's how Symantec can dominate the "new" desktop. (Fingers crossed they don't screw it up again!)

Everyone's heard of Symantec. While most of us think of them primarily as an antivirus and endpoint security vendor, others know them for their data backup and protection.

Everyone's heard of Symantec. While most of us think of them primarily as an antivirus and endpoint security vendor, others know them for their data backup and protection. And those of us in the desktop space think of them as Altiris desktop management and maybe SVS and AppStream.

After several fits and starts in the desktop virtualization space, Symantec is once again poised to (possibly) be a major player in our world. They have all the right pieces—they just need to figure out how to position their products, how to get the message out, and how to keep the right people.

Fool me once...

I've been excited and then disappointed more by Symantec than any other vendor in our space. 

Way back in 2008 I wrote about how they were poised to take off. They had just bought Altiris (who themselves bought FSLogic for app virtualization and AppStream for streaming). They bought nSuite for their connection broker and OEMed RTO Software's Virtual Profiles for profile management. By 2009 that was all combined into the Symantec Workspace Virtualization Suite which I viewed as a legitimate player next to Citrix and VMware.

But then the wheels fell off.

In late 2009, the endpoint virtualization group's VP Ken Berryman moved on to take another job within Symantec. (And he'd be out of the company a year later.) Then in 2010 Symantec lost the right to OEM RTO's Virtual Profiles when VMware bought RTO. In 2011, Doug Coombs, the group's director of product management, left the company, and Brad Rowland, the group's director of marketing, moved on to another job within Symantec.

And as if this all wasn't enough, in the midst of this all they decided to kill the nSuite-based connection broker (last called "Symantec Workspace Corporate/Remote"), leaving their "endpoint virtualization" with just app virtualization (Altiris SVS a.k.a. Symantec Workspace Virtualization and app streaming (Symantec Workspace Streaming).

Fool me twice?

Take a look at Symantec's products. A quick count on shows that the company currently sells 138 different products. So while I've written them off several times over the years, it's easy to forget just how big they are. In fact Symantec's annual revenue was $6.7B last year which is substantially bigger than both Citrix and VMware combined!

If you look at the products through the lens of people who visit this website, it's pretty clear that Symantec has all the core components needed to deliver a "Gen Y" desktop, including mobile device and app management, data security, web security, a federated app store, identity, integrity, and Windows system management. In fact in many ways they're already in place to be what Citrix and VMware want to become.

For example, I already mentioned that Symantec's app virtualization and streaming are still going strong. Many people believe that their app virtualization is better than App-V and ThinApp, and in fact Symantec has nabbed customers away from both. They've also announced improvements to the products, including the fact that the next version of app virtualization will allow multiple users to share the same read-only base package, and that base packages will be able to live anywhere. (Home drive, USB stick, Dropbox share, etc.) That really opens up a lot of options for deployment (does Dropbox replace app streaming?) and profile management (keep the source packages in Dropbox and the per-user change layers in home drives).

Symantec has also been on a tear in the mobile space, having bought MDM vendor Odyssey in March and MAM vendor Nukona in April. In speaking with the product folks in that group, they definitely "get" that MAM is the future, and they're focusing on that versus MDM. (If you're confused on what this means, read my primer on the difference between MDM, MAM, and MIM.) Symantec views MDM as a "nice to have" for scenarios where the company wants to have more control over specific devices, but they absolutely understand that the future (and BYO) is about MAM, not MDM.

Another Symantec product which is really interesting in our space is called O3 (that's the letter "O" followed by a 3, as in "Ozone"—the layer above the cloud.) O3 is an access point to the web that does SSO, access control, and content filtering and protection. It's basically a service that runs in the cloud (public or private) that you configure as your access point to the web. So you install the agent on your client devices (laptops, iPhones, Androids, etc.) and login to that app, and then it does all the SSO and identity management to get you into your apps. O3 feels a lot like Citrix CloudGateway and has many SSO similarities to VMware Horizon App Manager. It also offers the same protections like being able to provision web services to users where the end users don't ever know what their passwords are. Moving forward, Symantec has talked about they're working to integrate DLP into this platform to really control what goes where.

The next version of Symantec Workspace Virtualization (their Windows app virtualization solution) will feature a new capability called "Symantec Workspace App Manager," an end-user portal which is their version of a federated app store (Similar to Citrix CloudGateway or VMware's Horizon App Manager.)

I also like that Symantec has recently been de-emphasizing their NAC/NAP capabilities. As you might recall from an particularly contentious Brian & Gabe LIVE a few months ago, I'm a strong believer that NAC/NAP is worthless, and that you should let anyone and anything on the network and use SSL-VPNs to secure the resources themselves.

In addition to trusting Symantec for the network, we also trust them for encryption on our client devices. Whether that's combining encryption with individual corporate containers (like what their app virtualization can do) or looking at encryption for the "Wild West" that is Android, Symantec can help keep it in the right hands. This is even more critical moving forward as we see everyone bringing their own clouds and consumerization services.

Symantec also has a technology called "Insight" which they use to power their reputation-based security products. In addition to scanning files for known virus signatures, Insight keeps track of which files are downloaded and run on hundreds of millions of devices worldwide, generating a database which is accessed in realtime to help users identify whether a file is safe or not.

Speaking of security, Symantec also has a smart token app—essentially a software version of a SecurID two-factor authentication fob which you run on your smartphone.

And let's not forget their whole Altiris stuff that actually solves the bare metal problem, something that Citrix and VMware have shied away from. (Even VMware's Wanova doesn't really have a story around bare metal. I mean how do the Windows bits get on the device in the first place?)

What should Symantec do next?

Clearly Symantec has all the pieces to be successful in our space. Hell, if they play their cards right, they can flat-out dominate the "next" desktop. So what would it take for that to happen?

First, I'd like to see some integration across these products. Note that this doesn't mean I want all fifty of these things combined into some "Endpoint Suite" that costs $2,000 per user. But it would be nice if these products knew each other existed and we saw some integration—at least on the user side. For example, the upcoming Workspace App Manager with the end user-focused UI for selecting virtual apps to run… why is that a separate client and separate UI from the O3 client which presents web and SaaS apps to the user? And since Symantec now has MDM and MAM products, accessing their app client from a mobile device should also provide links to native iOS or Android apps in addition to the web apps.

Symantec should extend their federated app catalog to deliver remote Windows apps too. I know they don't have their own broker anymore, but that's fine—they can at least integrate with Microsoft RemoteApps. (Though VMware is planning for Horizon to broker connections to Citrix apps too, and Symantec should follow suite.)

While they're at it, why not license Ericom's HTML5 client for RDP. That way users can launch remote Windows apps on whatever platform they're connecting from. (Though it's possible this wouldn't be needed since so many of Symantec's other products require some kind of client agent or software to be installed, so maybe ensuring an RDP client is present isn't that big of a deal.)

Since Symantec is a security company, they should also focus on using their existing endpoint security prowess to secure the files and communication that users do with each other via cloud-based file sync products like Dropbox. Take a look at something like AppSense DataNow which encrypts regular files before sharing them. Or maybe Symantec can do it right and buy Watchdox, one of my favorite companies in our space right now. Watchdox would integrate nicely with Symantec's other products, including user authentication, encryption, DLP, and rights management.

Now if Symantec really wanted to make a make a splash, they'd buy a company like Bromium. That would give them an ultimate security tool for Windows-based systems (VMs or physical), a great solution for BYO, fantastic virus protection, and the ability to throw away changes a process made with the same ease as closing an application. The core Bromium technologies are transferrable to other platforms too, like iOS and Android.

And of course all this is just scratching the surface of what Symantec can build… if they can just get it together to built it!

Can they build it?

The big question for Symantec in our space today is the same question we've had for them for years—can they execute? And that's a two-part challenge. First they have to have the vision that they can execute. I've had one-off conversations with smart people here and there, so the brains are there. But can they get that message out?

Second, they're going to have a sort of Quest problem where Quest had all this great desktop-related IP but it was scattered all around the company, and every group had their own priorities. So you've got one lowly PM in one office standing on a chair saying, "Hey!! Guys??? Come on!! This would be awesome!!!" But how to you put the effort behind this? It has to come from the top.

Will it? Will they? Time will tell.

What do you think? Is Symantec well positioned for our space? Do you love them or hate them? Will they be able to pull it off?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Out of 138 products, which ones create the biggest revenue streams for Symantec?

My guess would be: Endpoint Protection (piece of poo), Backup Exec (Meh), Veritas "Stuff" (NetBackup, Cluster FS ...), Enterprise Vault, MessageLabs and ... Altiris.

Out of those products, the only relevant products for the desktop are WebMarshall and Altiris. And we all know what happened to Altiris after Symantec bought it. They f***ed it up. Plain and simply. Altiris 7.0 ajd 7.1 were the worst products ever released by Altiris and SCCM 2012 is shitting all over Altiris these days. I had Altiris engineers tell me that they wouldn't touch 7.x with a yardstick and rather stick with the good old 6.9 ... which is not something a customer likes to hear ... hence the multitude of customers ripping out Altiris and replacing it with SCCM .....

I just have no faith whatsoever in any of Symantec's "desktop" products. None of them integrate with each other (ever tried setting up EndPoint Protection through a MessageLabs cloud proxy ..... it simply doesn't work .....)

And there is no such thing as a 'strategy' behind any of the recent acquisitions ....


Agreed Chris, when I saw Symantec scooping up such disparate products as Backup Exec/NetBackup, MessageLabs, Altiris and others, I knew they were going to be the next CA.  Just some huge conglomerate that has a bunch of products they keep promising will be integrated at some point in the future.  While they're somehow building that "integration" they let all the individual products either get buggy as hell or rest on their "market leader" status.  I once had a Symantec rep try to describe it to me as a big "pizza pie" strategy, but even he had a hard time keeping a straight face while doing it.  At my current company, we run Backup Exec and SEP, but are trying to extract ourselves as best as possible to other solutions.  SEP can happen eventually, but Backup Exec is definitely more difficult...


I don't think Symantec is much of a desktop management player either. I'm a longtime Altiris customer and have been really disappointed with it as a product since the Symantec acquisition.  The Altiris product has little to no changes since 2009, with the exception of the recent addition of MDM, MAM, and MIM.

When they first launched Symantec Management Platform (the new Altiris) they talked of it being the future management console for all of their other products.  There was talk of plugging in Backup Exec, Endpoint, (oddly not NetBackup) and others so that all could be managed through one pane of glass....and they the n you could easily use their Workflow product to create custom automated solutions that would tie different parts from each of the products…. I admit I drank the kool-aid and it tasted great.

They talked about how they were going to stop having hardware vendors’ utilities to manage the hardware in your environment, because they slowed their customers from advancing in the Altiris releases.   They said that they would instead provide this management natively within SMP so that you could always run the newest version without the fear losing your ability to use the hardware management tool... three years now, still waiting.

They talked of rolling in the Altiris Wise Package Studio intelligence into SMP to give you more insight of the software in your environment. They did some of this, but then they killed off Wise instead of adding many new features. They are now OEMing the InstallShield AdminStudio product from Flexera instead which has ability to export packages into App-V, ThinApp, or XenApp, but this not integrated in to SMP in anyway.

I wasn't aware they killed off the nSuite, but I'm not surprised either.  I my opinion they should have offered/bundled  it along with the AppStream technology as part of the Symantec Workspace Virtualization package instead making them ala cart feature add-ons.

Back in 2010 I really hoping they would buy Neocleus and roll it into Altiris as a replacement for their automation partition used when deploying images to desktops, and the same time providing a underlying system security..... but then Intel nabbed them up.

It also really boggles my mind that to date they still haven't released a VDI endpoint product to compete against McAfee MOVE or TrandMicro Deep Security. Do they think people want to run an Antivirus in every virtual desktop and kill their performance?

I really believe Symantec has a lack of focus currently. I used to go to the Altiris ManageFusion conference every year and found great value, and heard great announcements, but then it turn to Symantec Vision and they stopped have the Symantec Developers and sometimes Product Managers present.  With this and then little no big announcements made the conference pretty much worthless in my opinion to the point I skipped on attending the last two.

They have a lot of great technologies in the company and smart people, and I keep my fingers crossed thinking they'll be coming back... maybe they will someday, but meanwhile I’m seriously looking at replacing them with other competitors that seem to have a future "Vision."


Symantec = Where good software goes to die.


@ Tony... so true it made me laugh.

@ Brian... Wanova - OS Provision - Machines from best buy or Dell already have windows on them, install wanova agent (register) and you are done.... no need for baremetal.