After 27 years at IBM, where he had risen to be general manager of the industry giant's Americas division, John Thompson took a bold step. As the 1990s closed, he left to join a company less than 1% the size of IBM and, at that time, a specialist in the niche world of security software: Symantec.
"Here was an opportunity to take on the responsibility of turning a very good company into a great company, essentially by rethinking business strategies to meet the new and ever-changing demands of a connected world," he said at the time.
Shortly afterwards, as the ‘Code Red' and ‘I love you' email viruses ravaged corporate networks, Thompson began to transform the consumer-oriented company into an enterprise security giant. In December 2000, Symantec bought Axent Technologies, a firewall and VPN supplier, a move which for several years Thompson would consider the most significant of his career.
However, the catastrophic spread of the Slammer worm in early 2003 proved a "game-changing event" for Symantec and the network world in general.
Thompson sat his team down and identified five enterprise trends which continue to guide his strategy to this day: the need for customers to reduce the complexity of their infrastructure and do business with fewer, bigger vendors; a skills shortage in planning and deploying security; Linux's growing acceptance in the data centre and its potential spread onto the desktop; securing and managing mobile devices of increasing sophistication; and industry consolidation.
Noting that much of Slammer's damage could have been limited by simple process or management changes, Thompson concluded that Symantec was no longer simply in the security business: "We were in the business of helping customers keep their information up and available no matter what." In other words, businesses would no longer choose to tie best-of-breed security applications together: they needed a complete suite.
This prompted two acquisitions unrelated to security – systems management company ON Technologies and back-up and recovery provider PowerQuest.
Taking notes from his old boss Lou Gerstner's turnaround of IBM in the 1990s, when plans to break up the company were supplanted by a strategy that emphasised the importance of scale, Thompson set about growing Symantec the fast way, through acquisition.
The spending spree accelerated in 2004 to encompass anti-spam and consulting services before culminating in December with the purchase of storage software giant Veritas for $13.5 billion. This took Symantec's management toolset into ‘availability management', says Thompson. "Information that is secure but not available is useless for decision making. Information that is available but not secure probably underpins bad decisions." Only together could Veritas and Symantec provide both, he argues.
But size matters too. "We will be one of the few software companies that spans from individual users all the way up to the largest corporate and government users," says Thompson. "I would argue that the prototype of a successful software company of the future is one that has that level of diversity in both its customer base and its product portfolio."
Helming Symantec through a dozen company purchases in two years, Thompson, alongside Larry Ellison of Oracle and Joe Tucci of EMC, is one of the architects of the consolidation sweeping through the enterprise IT market – a realignment which some consider to be more significant than the technologies these companies are producing as a result.
Consolidation amongst financial services and pharmaceutical companies has proven "acquired innovation" can benefit customers and investors, says Thompson. "It's very evident now that [M&A] is a way to deliver more of the component parts that help customers deal with the complexity and cost management challenges in the technology space."
In spite of Wall Street's frosty response to the Veritas deal – Symantec's shares are still trading a third below their December 2004 high – Thompson has since pressed ahead with several smaller acquisitions. Getting products shipped quickly is "everything", he says. Around 15% of Symantec's revenues are spent on R&D, but only 30% of that goes towards developing new ideas, leaving Thompson set to continue down the acquisition trail.
"Our customers cannot sustain thousands of software companies. The industry advantage will increasingly go to players with scale," he predicts.