Microsoft discloses ambitious security strategy

Microsoft Thursday began detailing a security strategy that will see it combine its identity management efforts with its Forefront security products built for clients, servers and the network edge.

The company plans to integrate its security and identity products under the Forefront brand, offer software-as-a-service versions and present it all as a layered defense of access and control for its corporate infrastructure software.

The resulting security layer also will incorporate third-party tools linked to a common control panel Microsoft is developing called Stirling. Thursday, the company released Beta 2 of Sterling and plans to ship the final version early in 2010. Microsoft will further dissect the plan, which uses Active Directory as its foundation, at next week's RSA Conference under the marketing banner Business Ready Security.

But while the story will be told at RSA, the work integrating, refining and releasing all the moving parts will be no short-term task.

"It is a bit much to bring together into a coherent technology architecture," said Earl Perkins, an analyst with Gartner. "This is an attempt to bring everything together with a common theme and message because Microsoft is convinced that identity is a part of security. On the positive side, they are trying to bring together relevant resources under one organizational arm, but the rest of it could be hit and miss."

Perkins characterized Microsoft's pronouncements Thursday as an organizational and marketing announcement.

Microsoft officials say the identity and security message is a natural outgrowth of last year's corporate reorganization that merged two business groups -- Identity/Access and Security/Access -- into the Identity and Security Business Group.

As part of the introduction of the new strategy, Microsoft Thursday introduced the first of a slate of online security services: an email offering called Forefront Online Security for Exchange.

The service, which works with Active Directory, includes spam and virus protection, policy enforcement, real-time message trace and reporting, and despite the name, supports any e-mail system. The service also provides archiving, encryption, and disaster recovery.

Microsoft plans to turn all its Forefront security tools into online services. The lineup is made up of Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, Forefront Security for Office Communications Server, and Forefront Threat Management Gateway.

Microsoft also will brand all its identity products, except, AD, with the Forefront name. The next version of Identity Lifecycle Manager (ILM), which is now delayed until early 2010, will be called Forefront Identity Manager.

ILM is Microsoft's platform for identity synchronization, certificate and password management, and user provisioning.

A forthcoming identity platform code-named Geneva, which pushes Microsoft's claims-based identity platform into the cloud, also will fall into the Forefront portfolio.

Microsoft will front it all with Stirling, its centralized management console for all the Forefront products.

Stirling also will tie in with System Center management tools, including Operations Manager and Configuration Manager. And Microsoft said third-party partners would develop for Stirling, including Brocade, Juniper Networks, Kaspersky, Tipping Point and RSA.

It's a heady slate of software and services, all built or acquired by Microsoft, that needs to come together into a logical whole.

"Microsoft has taken on a substantial challenge," says Scott Crawford, an analyst with Enterprise Management Associates. "But don't overlook that Microsoft already has one of the most widely deployed identity management resources in the industry: Active Directory. Identity is definitely a factor in a successful security strategy."

Crawford says Microsoft's challenge is to bring the complete product portfolio to market, which has been an ongoing problem evidenced by delays in Stirling and ILM. Microsoft also needs to overcome setbacks in the security arena, such as its panned OneCare Live service that will give way this year to Morro, a free service.

"This is not a short-term strategy, nor is it something that either Microsoft -- or their customers -- can expect to realize overnight, or even in a short period of time," Crawford says.

He says Microsoft will have to "execute credibly on bringing these products to market and making them readily deployable, if this ambitious strategy is to succeed. Still, one should not overlook the successes the company has had in systems management, for example, considering where they started from there."

For Microsoft's part, it says the new security strategy is a layered approach starting with Active Directory and its ability to manage identities and credentials and to integrate with the cloud via Geneva when it ships near the end of this year.

The layer on top of Active Directory includes policies and privileges that extend to the edge of the network and are managed by ILM.

On top of that is the protection layer that includes among other tools anti-virus and anti-malware capabilities housed in the Forefront products.

The last piece is Stirling, which ensures all the tiers are integrated and combined with security assessment data from third-party products.

"Customers are asking us to protect everywhere and access anywhere," says JG Chirapurath, director of the identity and security business group at Microsoft. "The protection is across multiple layers and on cloud, physical or virtual platforms."

Chirapurath says his business group was put together last year to address this identity and security structure.

"There are very good security players and very good identity providers, but the two don't seem to meet. We are on a mission to solve this," says Chirapurath.

Follow John on Twitter

This story, "Microsoft discloses ambitious security strategy" was originally published by Network World.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies