Microsoft’s approach to securing and managing infrastructure
By Doug Leland, General Manager Identity and Access Business Group
As general manager for the identity and access group, in my day-to-day work I speak with a broad range of customers – from small businesses to very large enterprises and across the broad range of industries and organization types. Consistently, they talk about the problems of keeping costs down while trying to secure and manage their environments. They’ve deployed IT security products, identity management products, information protection products, remote access products, and systems management products. Yet they still have the same challenges - problems with malware, regulatory compliance, loss of sensitive information as well as high business enablement costs. This clearly hits the bottom line through high IT costs, customer dissatisfaction, damage to the brand, legal issues, and loss of business.
Why do they continue to have the same challenges? It’s because point products often add to the problem. Best-of-breed point products tend to operate in their own silos with no central policy, which makes it difficult to coordinate responses to threats or issues or to efficiently enforce security & compliance audits. Additionally, since each of these point products has to be individually configured and managed, it can make them expensive to operate and maintain. Having to manage all these products also risks mis-configuration, which can leave an organization even more vulnerable.
At Microsoft, we’re focused on delivering integrated solutions from the platform to the applications that sit on top of it -- spanning identity infrastructure, data access, threat mitigation and systems management. This helps customers save time, reduce costs, capitalize on existing technology investments, and protect their environments.
Let’s look at one example. Imagine a large enterprise who wants to securely collaborate with its partners and vendors that are outside its network.
With Windows Server 2008, they have everything they need. Active Directory Federation Services (ADFS) in Windows Server 2008 enables organizations to share a user's identity information across partners. Meantime, Rights Management Services (RMS), which is also in Windows Server 2008, helps safeguard digital information from unauthorized use — both online and offline and inside and outside the enterprise. As a result, employees of both companies can transmit sensitive information, defining who has rights to view across the relationship. Additionally, the provisioning or de-provisioning of this takes minutes — with reduced complexity, improved management, and better security. This saves time and lowers costs. And they can build on this through other Microsoft solutions that integrate easily with it — Forefront’s Internet Security & Acceleration Server for pre-authenticating RMS and ADFS functionality; Microsoft’s Identity Lifecycle Manager 2007 for managing user identities across their lifecycle and heterogeneous environments; and so on.
With point products, it’s another story. This enterprise — and its partners — each need to buy the identity infrastructure from a 3rd party, and also buy an information protection/leak prevention system from yet another 3rd party. Then they need to set up these point products and configure them across organizations, while also trying to get these solutions to scale. At a minimum, the process takes many hours, if not days, to provision the service. This delay could lead to sensitive information being left unintentionally exposed.
We have a great roadmap for products that further expand these benefits. For example, the public beta 1 of Forefront code name “Stirling” — released at the RSA Conference — is an integrated security system that combines next-generation Forefront endpoint, messaging & collaboration, and network protection with a central management console. As an integrated security system, Stirling protection technologies share and use security information – responding to new and existing threats automatically, compared to the hours it takes today with point products and manual investigation. Stirling also integrates with existing infrastructure – Active Directory, System Center, Network Access Protection – so that customers can be more efficient and maximize the value of their existing investments.
We are also making it easier to gain the benefits of these integrated solutions. Through Microsoft’s Core Infrastructure Optimization model, we provide prescriptive guidance for how customers can work with and build on their existing investments. And through Microsoft’s Enterprise CAL suite – which includes Forefront, Identity & Access, System Center, and Windows Server solutions – we provide a simplified, cost-effective way to purchase these integrated solutions.
To sum up, our objective is to help lower the total cost of ownership for our customers’ IT infrastructure. Through an integrated approach to IT security, identity & access, and management, we’re looking to do just that. You can learn more about our integrated solutions through the links below and the benefits they can deliver.
Forefront: www.microsoft.com/forefront
Identity & Access: www.microsoft.com/ida
System Center: www.microsoft.com/systemcenter
Windows Server: www.microsoft.com/windowsserver
Windows Client: www.microsoft.com/vista
Core IO Model: www.microsoft.com/business/peopleready/coreinfra
Enterprise CAL: www.microsoft.com/calsuites/enterprise
Doug Leland, General Manager Identity and Access Business Group
