Symantec versus CA

Written by

Two back-to-back events recently saw Quocirca talking to veterans of the software industry: CA and Symantec. The high-level message from both is pretty much to same – we help to secure and manage your data and IT infrastructure. Yet, it is rare to find these two head-to-head; because, in reality, they are more different than they are alike.

True, they are both US headquartered (more or less) pure software companies with annual revenues of a similar order (CA circa $5bn, Symantec circa $7bn) and both with profits of around $1bn. Their current share price and market-cap are similar and their stock market history has followed similar ups and downs over the last decade. Both are now 30-something; CA founded in 1976 and Symantec in 1982. Symantec’s higher revenue is reflected in its head count, 20K employees opposed to CA’s 14K, but that gives them remarkably similar productivity of about $350K per head.

Furthermore, both sit on similar piles of cash of about $13bn. This ability to accumulate cash has been key to the way each has grown, through aggressive acquisition; both have acquired tens of companies over the years, in Symantec’s case almost doubling its size when it merged with Veritas in 2004 to move into the storage market.

So, for two companies appearing so similar, what are the differences that allow them to operate side by side in the IT industry without too many dogfights? The most obvious is their legacy: CA comes from a background of providing software for mainframes (the ultimate in enterprise computing), whilst Symantec’s origin lies in its consumer focused Norton anti-virus technology (probably still a more recognized brand than Symantec itself). The main target market shared by both vendors is supplying software for mid-market and enterprise businesses to manage and secure Windows and Linux-based systems.

Even here, whilst they may still sound similar their products have historically not overlapped much. When it comes to management, Symantec’s main focus is end-points (via its 2007 Altiris acquisition) and storage, whilst CA is listed as one of the big 4 systems management companies (along with BMC, IBM and HP – or 5 if you include Microsoft), focused on broad management of enterprise IT (in CA’s case including those mainframes).

In security, historically the overlap has also been limited. Many still think of Symantec as primarily a security company, but over the years its acquisitions have taken it beyond its roots in anti-virus to include email security, web security, data loss prevention (DLP) and so on. Few think of CA in the first instance as a security company, but it also always operated in this space, more focused on identity and access management (IAM), despite also having its own anti-virus.

However, that is changing – CA has been acquiring more and more security assets, for example it moved in to DLP in 2009 when it acquired Orchestria. And Symantec is now moving into IAM with its new O3 platform that includes single sign-on (SSO) via a partnership with Symplified, secure web access and compliance enforcement/reporting. Whilst Symantec remains by far the bigger of the two in IT security, it can expect to see more and more of CA going forward.

Both vendors are keen to be seen as innovators (or keeping up depending on your viewpoint) with the key IT trends: cloud, mobile, social media, big data etc. However, this week they were both as keen to talk about people as they were products and solutions. Symantec has recently replaced its CEO of the last 3 years, Enrique Salem (whose blood was said to flow yellow, the vendor’s corporate color), with Steve Bennett who joined the board from Intuit in 2010. In a session on strategy, Symantec had little to say except the new CEO’s pronouncements could be expected in early 2013. John Brigden, Symantec’s head of Europe, Middle East and Africa (EMEA) for the last 7 years will be keen to see what that means for his organization.

CA has already shaken up its EMEA operations bringing in a new head, Marco Comastri, just over a year ago from Poste Italiane (he has also worked at IBM and Microsoft). Comastri is bringing new faces and trying to get CA EMEA more focused on solution selling than technology.

Whether it is at the global or European level, these two software juggernauts have a momentum all of their own and management may find it frustrating to change direction. Perhaps they should not try too hard, both have huge legacy customer bases and healthy finances – shareholders will not be happy to see either compromised.

What’s hot on Infosecurity Magazine?