Accenture acquires Symantec’s Cyber Security Services division
Two months after the close of its acquisition by Broadcom for US$10.7 billion, Symantec’s Cyber Security Services (CSS) division has been sold to Accenture for an undisclosed sum. The news comes at a time of great uncertainty for Symantec’s channel and its customers and will ring further alarm bells. Questions must be asked about both Broadcom’s strategy for the remaining Symantec product business and Accenture’s ability to serve Symantec’s existing customers, who have experienced a significant decline in support since the previous acquisition.
The acquisition, which is expected to close in March 2020, includes all six of Symantec’s security operations centers (SOCs), based in Australia, India, Japan, Singapore, the UK and the US. Accenture will also acquire Symantec’s threat monitoring, analysis and intelligence tools, delivered on its own cloud platform, as well as all related telemetry. CSS employs around 300 people with significant industry and technology expertise; they will move across to Accenture as part of the deal.
Accenture has been investing heavily in its security business in recent years, acquiring security companies around the world. The latest, Déjà vu, based in Seattle, focuses on IoT and security testing for enterprise software platforms. Accenture claims to have surpassed US$2 billion in annual run rate in its security services revenue. Symantec has not disclosed how much its services business generated, but its latest annual report for FY2019 (to 31 March 2019) showed revenue from its email security, managed security and consulting business fell 0.5% year on year to US$548 million. A significant portion of this would have come from its email security products.
Accenture does not sell specific security software products but rather uses its acquired capabilities and technologies to provide security consulting and architecture for its enterprise customers. The acquisition allows Accenture to position itself far more credibly as a key partner to enterprises that need highly complex managed security capabilities. Central to this offering will be the cloud-native dashboard that Symantec developed, allowing it (and its customers) to monitor and respond in real-time to security threats tracked by its AI technology. Customers will be able to deploy and manage security on this platform, while Accenture can tailor the information for its customers on the platform by vertical. Therefore, the latest vertical-specific threat analysis and intelligence from global trends will be available to customers, which is an important addition to its value proposition.
This move was vital to remain relevant to companies in the Fortune 500 and beyond, which are consistently under threat and demand ever-greater levels of investment from their key suppliers. Accenture’s share price seems to have been largely unaffected by the move. On a year-on-year basis, its shares are up over 40% as of 9 January 2020.
Broadcom has retained Symantec’s commercial software products business as well as the consulting, premium support and education services. This includes the Customer Success Manager (CSM) and Technical Account Manager (TAM) roles within the premium support packages, which will have been resold by partners or used as an extension to the partners’ managed services practices. But the Symantec channel business has undergone major turmoil since it completed the split from Veritas in 2016. With the acquisition by Broadcom, support levels for customers and partners, as well as product roadmap commitments for large customers, have fallen. At a time when security continues to see strong growth through the channel, particularly in endpoint, email and web threat technologies (in which Symantec specializes) the Broadcom acquisition appears to have done nothing to repair an already damaged relationship with its channel ecosystem.
The CEO of Broadcom, Hock Tan, told investors in August 2019 that the priority was to invest in the more margin-rich endpoint, web and data-loss prevention business while pulling back from less profitable areas. How this translates to channel investment and support for customers is uncertain, though the current picture is not encouraging, and raises questions about how Symantec will continue to support customers that are moving to Accenture. For example, Accenture will now be providing enterprise services to customers that may also have Symantec products in their technology stacks. How does it maintain the value of its service to those customers if parts of Symantec’s product business are not seeing the kind of investment they would previously because Broadcom deems them to be less margin-rich? This is a key issue when investors see value in binary terms.
Symantec also has large public sector and defense department contracts, particularly in the US. The data from its Global Intelligence Network will have fed into its SOCs which are now part of the Accenture deal. So, where do these contracts now sit, with Accenture or Symantec? In 2019, the previous Secretary of the US Navy, Richard Spencer, told the House Armed Services Committee that greater scrutiny was needed in its contractor security practices. Given the depth of its partnership with the US government and the sensitivity of the data it will have been working with, it is a question for the regulators.
As a global systems integrator, Accenture’s acquisition of the CSS business makes sense and helps it to get ahead of its competitors and join other enterprise security services providers, such as IBM, Secureworks (majority owned by Dell Technologies) and Trustwave (owned by Singtel). For Broadcom, it needs to understand that the channel is central to any success (and value) it is trying to extract from the remaining business. Investment in security is growing, but so is the sector’s attractiveness to private equity companies. The headlines regarding acquisitions of both globally recognized names and smaller specialists are growing. But as private equity money flows in, their definition of value must be met with a far better understanding of technology business models if their investments are not to be more of a risk than a return.