Inside Symantec’s bid to build the Amazon of cybersecurity tools

By:  Clint Boulton

If Sheila Jordan and the rest of Symantec’s senior leadership team complete their vision they will transform the company into the of cybersecurity, essentially a one-stop shop where CIOs and consumers alike can buy digital tools to protect their data assets. The Symantec CIO is deploying her IT department’s resources to help build out a software subscription platform for SaaS applications, part of a broader strategy to deliver solutions that are more in line with the evolving purchasing preferences of CIOs and CISOs.

“We want it to be like an Amazon experience where with a handful of clicks you can book your cloud security subscription,” Jordan tells

The idea isn’t so far-fetched. Although CIOs have been implementing third-party cybersecurity tools on-premises for decades, the trend has increasingly skewed toward SaaS. Spending on global cloud security solutions is expected to top $3.4 billion by 2021, a compound annual growth rate of 28 percent over the next five years, according to new data from Forrester Research.

The commercial move marks a surprising turn for Jordan, whom Symantec lured away from Cisco in 2014 to help insource the software maker’s IT systems. Then Symantec, sensing seismic shifts in cybersecurity, began a radical overhaul of its business. It sold off Veritas to Carlyle Group for $8 billion and purchased Internet gateway security company Blue Coat Systems in August 2016 and identity theft protection firm LifeLock earlier this year.

Symantec CIO Sheila Jordan Symantec
Symantec CIO Sheila Jordan.

From best-of-breed to integrated platform

Jordan, who built her reputation as a change agent in IT roles at Cisco Systems and Walt Disney World, went from divesting one large business to integrating two large organizations, working with the business to tuck Blue Coat into Symantec’s enterprise security unit and LifeLock into the company’s consumer product group.

Symantec remains the top security software vendor, generating roughly $3.4 billion in sales last year, according to a recent Gartner report. To maintain and boost its lead over Intel, IBM and others Symantec needs to update its portfolio to offer cloud services and machine learning software to anticipate threats. Symantec’s senior leadership believes offering CIOs a unified defense platform to blanket the corporate network is the best play.

Cybersecurity vendors have traditionally sold point solutions to enterprises, confusing CIOs with a fragmented, best-of-breed approach to their markets. This strategy leaves gaps in corporate networks, Jordan says, adding that an integrated platform protecting corporate IT from the Internet gateway out to endpoint devices is a safer play for CIOs and their CISOs.

“When you have an integrated platform approach you’re eliminating the white spaces and the opportunity for bad guys to come in and hang out for awhile,” Jordan says.

In pursuit of its singular platform, Symantec is streamlining its market strategy, reducing the number of SKUs to simplify pricing, creating consistent channel contracts and consolidating the salesforce. “We want to clean house and make sure that we’re integrating and transforming our business processes,” Jordan says.

A cornerstone of Symantec’s unified defense strategy is the Symantec Subscription Platform, through which the company offers cloud subscriptions in per user, per virtual machine, per license and per seat options, thanks to its integration with SaaS subscription vendor Zuora. Symantec’s Endpoint Protection Cloud and Cloud Workload Protection SaaS products are already live on the platform, with additional products coming over the course of the year, Jordan says.

Symantec is also using APIs to sell its software through other channels. For example, Symantec just launched Cloud Workload Protection on AWS Marketplace. Customers can initiate a CWP subscription from AWS, register with Symantec through the global subscription platform and then get billed through a consolidated AWS invoice based on their CWP hourly usage.

Symantec believes its platform has great potential for cross-selling opportunities. By analyzing information about application usage, customer purchase history and other behaviors, Symantec can ascertain intent and make product recommendations to customers. The potential to emulate the highly successful recommendations Amazon and Netflix offer for their Internet services isn’t lost on Jordan. “We are very bullish and excited about the subscription platform,” Jordan says.

Symantec dependency whiteboard


Symantec’s IT and business staffs used large whiteboards to display the dependencies between sales, marketing and other business processes to applications.

Symantec’s strategic path

The strategic path to fulfilling the vision isn’t an easy one. To build the integrated unified defense platform, Jordan must work closely with product units to ensure that each product and solution is seamlessly stitched together so that the products properly share data.

Jordan says the challenge is hewing to the strategic plan without disrupting the business. She says the key lies in “chunking up” integrations for certain business units, then moving on to the next project. It’s a path Jordan says she’s comfortable with because, as a CIO with a broad view of the business, she can anticipate how a change to one aspect of the business will impact another.

“It’s a juggling act but if we do this effectively and we can take out some of the inefficiencies in the business processes and just get it done as smooth and as fast as we can it’s going to become a competitive advantage for the company,” Jordan says. “We’re in a position to help the business reach its strategic goals.”

Jordan laid the foundation for these commercial efforts over the past few years, building a private cloud and software-defined data center using technology from Cisco, Network Appliance and Verizon. These systems automate and partition operations into several parts to allow business managers to access their own compute and networking systems.

IT also eliminated 400 legacy applications and shuttered 3,000 servers. And it moved 85 apps into the private cloud and the rest into software-as-a-service solutions from Box,, Oracle’s Eloqua, Workday, Cisco’s WebEx and other vendors.