Janine Milne catches up with Dave DeWalt a year after he took the CEO role at security firm McAfee to see what changes he has made to the company and the big threats on the horizon that CIOs need to be aware of.
Q. You took over the CEO role just over a year ago. What were your aims when you joined the company and how far do you feel you’ve reached those goals?
A. The first 30 days were spent creating a strategic plan for the company and we’ve made a lot of progress over the year. The number one goal was to invigorate growth and our position in the market. We were growing but in the single digit growth range, which was respectable, but we’ve now literally quadrupled that growth rate to 20% – 30% a year.
We also realised that that there were important markets that we weren’t in. Data security was one and we have made acquisitions in that area and now have a major data protection strategy and a large contract with NHS. The other major area we identified was risk and compliance. There isn’t a large company that isn’t looking at what they can do to comply with FSA or other legislation. We’ve acquired a company, ScanAlert, which is focused on website scams and vulnerabilities and PCI compliance.
Q. Your heritage is in anti-virus software, but how important is that to your business today?
A. The marketplace is changing, anti-virus is still critical, but it needs to be augmented by other security products such as identity management. The anti-virus market has been still growing every year for the last 15 years and it will continue to grow. So when we were doing just anti-virus we were growing 6-8%, and it would continue to grow that level every year. But we have morphed from a classic anti-virus company and we’ve created a product that offers higher protection at lower cost and includes anti-virus, firewall, ID theft and so on all in a single all in one suite.
Q. Competitors such as Symantec have diversified outside security into storage. Do you intend to follow suit and expand into new markets?
A. No, we’re going to stick to security. We’re very focused on security and if you’re not focused on it, then you will fall behind and be outgrown by competitors and if you remain too small and don’t diversify then you cannot compete so well or become a global player.
Q. What are the security issues that should be on every CIO’s radar?
A. On top of data and compliance there are three areas companies need to be engaged in. The first is mobile. Ask any company how many mobile devices they have on the network and they’ll simply say ‘a lot’. There’s constant pressure to get the latest model or iPhone and there’s been considerable growth in mobile devices in enterprises. But how do companies protect them? In the past year, taxi cabs have registered 54,000 lost mobile phones, 1,000 USB sticks, 10,000 digital cameras and obviously a few laptops. The reality is that mobile corporate environment needs to be secured and protected.
The second area they should be aware of is virtualisation. There’s high profitability in the virtual environment because you can leverage computing power. But for any complex new environment, guess what, security becomes interesting. Virtualisation can allow the spread of malware in virtually nanoseconds, so there are huge ramifications for security in virtualised environments. We’ve made a few announcements in that area.
The third big area companies need to think about is Web 2.0. Corporates are extending applications to customers outside the traditional firewalls. Threats include an SQL injection – a fake SQL call to the database that looks real and is injected into the database or it uses surveillance code to fish data out of the database. So companies are looking at how to make their websites secure, their identities secure and ensure that their websites aren’t phished.
Q. How much of your business is international and how important is the UK to your business?
A. The UK is a very strategic market for us. We are a full service company in the UK, in other words we have R&D, sales, legal department – everything. About 50% of our business is outside the US with a presence in 70 countries and our European headquarters in Slough. We’ve obviously expanded into other countries in Europe, but the UK is very strategic and important to us. The two fastest growing market segments are Eastern Europe and the Middle East and South East Asia is also a big market.
About 40% of our business is consumer and 60% corporate and our goal is to be the provider for security from families to the largest companies.
Q. Do you think we will see consolidation in the security market?
A. Whenever we see a downturn it precipitates consolidation. But we’ve seen it across the software industry. There’s a trend to reduce the number of vendors and customers are more interested in buying from fewer vendors.