It's not uncommon for CIOs of large enterprises to manage big changes associated with mergers and acquisitions. But what is a CIO to do when she’s tasked with building new infrastructure for a standalone company in 12 months? That's the question Symantec CIO Sheila Jordan faced after the board decided to divest Veritas, the storage software maker it purchased in 2005, to focus squarely on its core security business.
Jordan knew she had to reduce the risk associated with divesting a large company. And she believed that earlier decisions she made to insource dated data center, network and applications architecture to newer cloud technologies would lend themselves well to this task. Symantec was building a data center with a private cloud and software-defined infrastructure. This one-two punch would automate Symantec's data center infrastructure, while partitioning it into several parts that would enable line of business managers to access their own compute and networking systems.
She was halfway through the insourcing process when, in October 2014, the board opted to split off Veritas in 12 months. It was a daunting task, even for Jordan, who joined Symantec in February 2014 after roles managing change and business transformations at Cisco Systems and Disney.
Cloud, SDN make for a cleaner divestiture
Jordan decided to strip out the Veritas assets and move them to their own portion of the cloud and software-defined network (SDN), which she likened to a big apartment complex, where multiple tenants are subdivided into units but share the same underlying infrastructure. "Why can't Veritas be a tenant on this infrastructure until they want to go out on their own?" she thought. Symantec's board and auditors quickly approved the plan, setting up a temporary service agreement between the two entities.
Jordan knew she needed to execute flawlessly if she was to extend Symantec's strategy, an evolution from perimeter-oriented defenses and malware detection toward more proactive protection, including analytics to detect advanced persistent threats. CIOs, including Jordan, cobble together best-of-breed solutions to meet their corporate needs. Symantec is building a unified security strategy designed to give CIOs and CISOs holistic protection and visibility into their IT environments. Gartner says that global spending on cybersecurity will rise 8 percent this year to $83.6 billion.
Jordan's infrastructure team worked feverishly to build a data center, private cloud and SDN from scratch, using technology and help from Cisco, Network Appliance and Verizon. The application development group eliminated many of its 600 applications, many of which were poorly integrated. They pared three ERP systems down to one, consolidating go-to-market, channel, sales and marketing data. They moved 85 apps into the private cloud and the rest into software-as-a-service solutions from Box, Salesforce.com, Oracle's Eloqua, Workday, Cisco's WebEx and other third parties.
The work was fraught with challenges, apart from the technical intricacies of cleaving off a partially integrated company. Symantec had never composed an adequate change management database, essentially a master roadmap of how business services are connected to applications, and how those apps are connected to data. Healthy tensions surfaced as the application development team was pushing the infrastructure team to move faster so that they had stable data center environments with which to test their software.
IT, business convene in war rooms
To mediate concerns, IT and business staff conducted "war room" discussions, allowing management and the rank-and-file to construct an efficient feedback loop for the separation. Symantec staff used large whiteboards to display the dependencies between sales, marketing and other business processes to applications. Employees would "walk the wall" to see how their workflow was progressing and could identify gaps. Initially, the meetings happened monthly, but were then held weekly as the deadline got closer. "It is important to understand the upstream and downstream," of business processes, Jordan says.
The private cloud and SDN were implemented in about four and a half months, while the app rationalization totaled about nine months, both well before the October deadline. "It was a Herculean effort for my team," Jordan says. But "we delivered to Veritas a much cleaner, less complex, scaled environment."
On Jan. 29, private equity firm Carlyle Group closed a $7.4 billion purchase of Veritas, which it initiated last August. Symantec said earlier this month that it's getting a $500 million investment from Silver Lake Management and will return $5.5 billion to shareholders after the Veritas sale.
This experience taught Jordan that you can never over-communicate, even in IT where communication is not always a strong suit. The reason for this, she says, is that her team saw every step in the change-management process, identifying gaps and redundancies that the business should be aware of. "You can't underestimate change management," Jordan says. "We did a good job but we could have taken it to another level," in terms of mitigating the impact on customers and partners.