Security vendor Symantec thinks it can have the best of both worlds, building a nimble startup atmosphere within a massive, 17,000-employee company.

It's created a new Incubator division to unplug engineers from the company's traditional product development process and give them the freedom of working in a startup atmosphere. Incubator's first project is the Symantec Protection Network (SPN), a hosted software project that the company rolled into the Incubator group when it was formed at the beginning of this year.

Symantec began rolling out the SPN in February, and since then it has given the green light to three other Incubator projects, according to Symantec Chief Technology Officer Mark Bregman.

The idea takes a cue from IBM's Emerging Business Opportunities program, which Bregman worked on in the late 1990s while at IBM. "I've felt for some years we haven't been doing enough to exploit internal innovation," he said. "It's very hard in a large company to start something small."

It turns out that there are very good reasons why it's hard to get small-scale projects off the ground at behemoths like Symantec and IBM. Dollars that could go to a risky startup idea might get a better return when invested in more established areas. And these startup ideas can take time to bear fruit, sometimes too long for business unit managers.

Still, Symantec executives see their Incubator as a critical way to keep the company growing in the long run. Plus, it's a motivator to retain engineers who have ideas that may not fit into the company's current product lines.

Incubator frees staffers from big business restrictions. For example, Incubator employees can ignore human resources guidelines and pay employees whatever they want, and they can veer from company rules that require 24-hour worldwide tech support.

At the same time, they can borrow marketing resources or technology from other parts of the company, Bregman said. "It's a funny balance of being unfettered, but able to borrow and steal and use anything they want."

Early on, Bregman realised that a board of the company's top executives, including Bregman and CEO John Thompson, would need to sign off on Incubator projects if they were to have any chance of success. In part, that's to make sure that other parts of Symantec help out with new project. But it's also necessary to keep in-house entrepreneurs on track.

"The executives on the board have to continually remind them that they have permission to break the rules," Bregman said.

Incubator had been entertaining new ideas mainly via word of mouth, but a few months ago the program was opened to all Symantec employees. Now they can visit a Web site on the company's intranet and submit their own business plan, much as they would to a venture capital firm, said Arthur Wong, senior vice president in charge of Incubator.

At a recent meeting of Symantec's technical staff in Salt Lake City, Bregman told company engineers that the program was getting high marks from Thompson, who told him, "the ideas we're getting through the Incubator are better than the ones we're paying the consultants to give us," Bregman said.

If things work out with the Incubator, it will have successful projects generating a hundred million dollars in annual revenue within the next few years, according to Bregman.

With nearly 100 employees, the Symantec Protection Network is the largest Incubator project, by far. Other efforts employ as few as three staffers.

Symantec isn't offering many details on these other Incubator ideas. One has to do with the health care sector. One of Bregman's favorite projects is building a kind of online identity information broker to help people know who to trust on the Internet.

"If I want to go online and buy wine ... how do I prove I'm over 21? There's no mechanism to do that today," Bregman said. "But we think there are some interesting mechanisms that you can put in place that would provide a service -- a broker -- to validate assertions."

The identity project is like nothing Symantec has done before, but it's representative of the new ideas that Symantec wants to encourage. "It's a completely different business model," Bregman said. "How does it get paid for? We're not sure yet."