Symantec’s “Information Risk Management” Is Too Fuzzy

Symantec has a cluster of valuable products and technologies that encompass:

  • Spam, virus, and malware control
  • Personal firewalls, applying mainly IP-level controls
  • Email archiving
  • File backup
  • Instant messaging filtering and control
  • E-discovery analysis and review
  • Content control; for example, to search for bank account numbers being accessed by unauthorized people

Symantec wants to roll these up into a neat conceptual bundle. To this end, it uses the phrase "information risk management."

A clean positioning statement makes sense:

  • It helps customers and prospective customers understand what Symantec does.
  • It helps Symantec staff understand what Symantec does, so they all pull in the same direction.

However, "information risk management" doesn't quite do the job. Granted, the products can fall under this heading. However:

  • Plenty of the products are not naturally described in this way. For example, e-discovery software is primarily used to find information and make sense of it. Spam control technology cuts out spam; there's not much risk here. Virus control software does deal with the risk of malware attacks, but it hardly can be said to handle information. And email archiving software keeps a copy of your past emails for a variety of purposes, only some of which have to do with risk.
  • "Information risk management" can be used to cover almost anything. It's too all-encompassing. For example, it might just as well include disaster recovery tools, ID badges for employees, point-of-sale terminals, network management systems, and database management systems.

It's not clear that any better positioning phrases can be found. Perhaps this is just what happens to successful, large companies with lots of products. Perhaps Symantec should accept that it won't find a neat way of describing what it does.

...David Ferris

Post a comment

You must be logged in to post a comment. To comment, first join our community.