The document discusses identity and security challenges in difficult economic times. New threats and sophisticated cybercrime are on the rise while IT budgets are shrinking. This increases risks from internal attacks, costly data breaches, and non-compliance with regulations. Microsoft's strategy focuses on simplified management, deployment, reporting and compliance through an integrated suite of identity and security products. The strategy and products are aimed at mitigating risks, growing sales, reducing costs, retaining customers, and adapting to change.
2. Today's IT Security challenges
New Threats & Increased Sophistication
• New forms of malware up 750% in 2008
• Profit-based cybercrime $276M in 2008
Rising Internal Attacks Costly Data Breaches
• 75% of companies report insiders responsible
for breaches • Average cost of data breach is $202/record or $6.6M per
Increase breach
• Growing headcount reductions increase risk of
intentional theft of intellectual property Productivity
Mitigate
Grow Sales
Risks
Reduce Retain
Costs Customers
Adapt to
Shrinking IT Budgets Change Need for Increased Access &
• 2009 IT spending flat-to-negative Sharing
• More than 2M US jobs to be shed in 2009 •70% of workforce will connect to corporate networks
via mobile devices within 4 years
Increased Regulatory Pressure
• Requirements for automated controls & new privacy regulations
(SOX, HIPAA, SB1386, etc.)
Sources: Various
3. Microsoft's Strategy for Identity & Security
Strategy Product/Technology Areas
Simplified management,
Identity & Access Security
deployment, reporting and
compliance Management Management
Identity
Comprehensive suite of Layered 3rd Party
Based
products Security Solutions
Access
Integrated with infrastructure, Identity & Security Platform
applications, heterogeneous and
third party products Core Windows Platform
Industry Leadership Broad Partner Ecosystem
World Class Research & Support
• Microsoft Malware Protection Center •3,000+ Security Competency Partners
•Trustworthy Computing • 23,000+ Security Software Advisor Program
• Security Response Center
• Award Winning Protection Technologies Partners
•TechNet Security Center
•$75M invested in partner ecosystem
5. Secure Messaging & Collaboration
Help secure IT infrastructure and information with a family of easy-to-manage
technologies that provide integrated content and email protection, access control,
information protection, and identity management
POLICY
Rights Management Services
PREVENTION
PROTECTION
PROVISION
PUBLISHING
6. Secure Messaging & Collaboration
Solution Benefits Evidence
Comprehensive Protection
Multiple scan engines for faster threat response
Policy-based persistent protection of emails and documents
and instant messages “With Forefront Security for Exchange Server,
Internet-based filtering protection from spam, viruses, our comfort level is higher because the mail
phishing scams and email policy violations server and the security product are tightly
integrated, and they’re both offered by the
Secure access from remote locations
same vendor.”
Integrated Infrastructure
Increased ROI of existing infrastructure (e.g. Active Directory)
Lower deployment costs
Simplified acquisition, support, servicing through vendor
consolidation
Optimized performance through deep integration with
Exchange and SharePoint An AV-Test of consumer antivirus products
revealed:
Simplified Management On average, Forefront engine sets
provided a response in 3.1 hours or less
Reduced IT burden with centralized management Single-engine vendors provided
Lower IT training costs with familiar tools & interfaces responses in 5 days, 4 days, and 6 days
respectively
Better compliance with centralized reporting and notifications
Automatic downloads of signature updates
Sources: avtest.org, West Coast Labs, ICSA, Virus Bulletin
7. Secure Client & Infrastructure
Help secure IT infrastructure and information with a family of easy-to-manage
technologies that provide integrated security, access control, and information
protection
BitLockerTM, Encrypting File System,
Windows Defender
PROTECTION Network Access Protection
Rights Management Services
PREVENTION
8. Secure Client & Infrastructure
Solution Benefits Evidence
In recent tests, Microsoft was rated among the
Comprehensive Protection leaders in antivirus protection
Advanced detection technologies for comprehensive virus
and spyware protection AVComparatives AVTest.org
(Feb 2008) (March 2008)
Rapid and effective responses to threats (backed by MMPC)
AVK (G Data) 99.9%
Protection against theft or loss with drive encryption Kaspersky 98.3%
Policy-based secure access from remote locations & devices Symantec 97.7% Trend Micro 98.7%
McAfee 94.9% Sophos 98.1%
Microsoft 93.9% Microsoft 97.8%
Integrated Infrastructure
Kaspersky 97.2%
VBA32 87.7%
Increased ROI with integration with existing infrastructure F-Secure 96.8%
Received AVComparatives
Lower deployment costs Advanced Certification Norton (Symantec) 95.7%
Consolidated policy management
McAfee 95.6%
Simplified acquisition, support, servicing through vendor
consolidation eTrust / VET (CA) 72.1%
Simplified Management TCO Highlights:
• 85% average reduction in security issues
• 75% average security issue response time reduction
Lower IT training costs with familiar interfaces & tools • $24 average annual TCO savings per desktop
Better compliance with increased visibility and control • BitLockerTM Drive Encryption ships free with
Windows
Reduced IT burden with centralized management
• Network Access Protection (NAP) ships as part of
Automatic downloads of signature updates Windows Server
Source: Microsoft Forefront Client Security TCO Analysis
9. Information Protection
Protect information no matter where it is stored or where it goes, both within and outside
organizational boundaries with a family of easy-to-manage technologies that provide
integrated security, access control, and information protection
Rights Management Services
Federation Services
PREVENTION
BitLockerTM, Encrypting File System
PROTECTION
10. Information Protection
Solution Benefits Evidence
Frost & Sullivan’s Enterprise Rights Management
Comprehensive Protection Market: Competitive Landscape:
Persistent, policy-based protection of information through
rights management, even across organizational boundaries
Strong disk & file system encryption for better data protection
Broad range of partner solutions for broad platform &
application support
Integrated Infrastructure
Increased ROI with integration with existing Microsoft
infrastructure
Elimination of costs associated loss of IP
Seamless integration with common messaging and
collaboration interfaces like Office and SharePoint
Simplified Management
Lower IT training costs with familiar interfaces & tools “Active Directory Rights Management Services,
Windows BitLocker Drive Encryption, Network
Simplified acquisition, support, servicing through vendor Access Protection and Group Policy reduce the
consolidation
risk of intellectual property and customer data
Improved compliance by limiting access and distribution of loss. Caja Madrid’s use of these technologies
data saved it $100K annually.”
Source: Frost & Sullivan
11. Identity Management
Enable integrated identity management across heterogeneous systems and
audiences through the delivery of powerful self-service capabilities for Office end-
users, rich administrative tools and enhanced automation for IT professionals and
extensibility for developers.
PROTECTION
POLICY
Certificate Services
Microsoft Code Name “Geneva”
PROVISION
12. Identity Management
Solution Benefits Evidence
Comprehensive Protection
Estimated Identity Management Cost
Policy-based provisioning and deprovisioning of users Savings:
Strong multifactor smart card based authentication • Automated password reset saves $30/PC/yr
Management of heterogeneous strong authentication • Simplified sign-on via directory synchronization
systems saves $20/PC/yr
• Automated user provisioning reduces IT labor
by $50/PC/yr
Integrated Infrastructure Estimated Smart Card Cost Savings:
• 40 hours per week in IT labor saved by
Improved ROI of existing investments with integration of replacing ID credentials with smart cards
enterprises’ heterogeneous identity infrastructure
Increased end user productivity with powerful self-service
capabilities
Integration with common messaging and collaboration
interfaces like Office and SharePoint
Simplified Management “Administrative costs will be reduced by
automating employee provisioning methods.
Automation of processes previously complex and manual Moving to the Microsoft platform is really going to
Lower IT training costs with familiar interfaces & tools drive down IT costs.”
Stronger compliance with policy management and audit
features
Sources: IDC, Datamonitor
13. Integrated Security
Enable comprehensive, coordinated protection across endpoints, messaging and
collaboration servers, and the network edge with a solution that is easier to manage and
control.
PROTECTION
POLICY
PREVENTION
14. Integrated Security
Solution Benefits Evidence
Comprehensive Protection
Advanced protection against evolving threats through
integration of industry-leading detection technologies
Vulnerability detection and intrusion prevention across
network infrastructure
Industry-leading support via malware research and response “With Forefront, we have the luxury of being
proactive, rather than reactive, about security
threats.”
Integrated Infrastructure
Multi-layered defense-in-depth protection that optimized
performance and resource efficiency
Deep integration with existing Microsoft infrastructure for
greater security and operational efficiency
Improved real-time visibility and security risk assessment via
integration with technology partners
Simplified Management
Single console for management of endpoint, collaboration,
“Installing and configuring the software was a
on-premise and cloud messaging server security
no brainer. Forefront Security for SharePoint is
Enterprise-wide visibility and reporting into threats and very easy to set up. The administrative console
vulnerabilities to enable compliance gives you a complete view of your environment
Prioritized view of threats for easy investigation and auditing at all times.”
15. Solutions that add value
• Reduced threat-response times
Secure Messaging & • Greater ROI from existing investments in Microsoft infrastructure
Collaboration • Faster time-to-deployment
• Average savings of $24 per PC/year in labor costs based on reduced IT
Secure Client & security response time
Infrastructure • Value-added features in platform at no additional cost (e.g. BitLockerTM)
• Lower IT training costs with familiar interfaces & tools
• Elimination of costs associated with data breaches and noncompliance
Information Protection • Greater ROI from existing investments in Microsoft infrastructure
• Lower IT administration and maintenance costs
• Automated password reset saves $30/PC/year
• Simplified sign-on via directory synchronization saves $20/PC/year
Identity Management
• Automated user provisioning saves $50/PC/year
• Replacement of ID credentials with smart cards saves 40 hours/week
• Greater ROI with deep integration with Microsoft infrastructure
Integrated Security • Faster response times to threats
• Increased productivity of IT administrators
16. Identity & Security Roadmap
Rights Management Rights Management
Services Services
ADDS, ADLDS, ADCS, ADFS ADDS, ADLDS, ADCS, ADFS
Microsoft code name "Geneva"
17. Summary
“Threats are not going on holiday during this time, compliance
requirements will probably grow, and businesses will be looking for
security to enable technologies that can reduce costs.” – IDC
Worldwide Security 2009 Top 10 Predictions: Security Trends
Evolving threat landscape in a constrained operating environment is
threatening business continuity
Enterprises must be focused on increasing security while managing
costs and increasing business agility
Microsoft is best positioned to help achieve these benefits with:
The right product vision, strategy and roadmap
A product portfolio that is integrated across the entire stack,
backed by best-in-class research and broadest partner ecosystem
Products and solutions that enable key security scenarios that
deliver value to businesses
18. More Information
Forefront Identity & Access
http://www.microsoft.com/forefront http://www.microsoft.com/ida
Forefront Security for Exchange Server Active Directory Rights Management Services
http://www.microsoft.com/forefront/serversecurity/exc http://technet.microsoft.com/en-
hange/en/us/default.aspx us/library/cc771627.aspx
Forefront Security for SharePoint Identity Lifecycle Manager 2007
http://www.microsoft.com/forefront/sharepoint/en/us/d https://www.microsoft.com/windowsserver2008/en/us/
efault.aspx ida-identity-lifecycle-management.aspx
Forefront Client Security Intelligent Application Gateway 2007
http://www.microsoft.com/forefront/serversecurity/exc https://www.microsoft.com/Forefront/edgesecurity/iag/
hange/en/us/default.aspx en/us/default.aspx
Exchange Hosted Filtering Services Internet Security and Acceleration Server 2006
http://www.microsoft.com/forefront/edgesecurity/isase
http://www.microsoft.com/online/exchange-hosted- rver/en/us/default.aspx
services/filtering.mspx
22. Identity & Security locks up the ECAL and
reduces TCO
Key ECAL Scenarios: for 3
Annual Per User New Acquisition Costs
year Term
Regulatory and legal
compliance 58Summary Costs
ECAL Suite step-up (Platform
EA)
Cost reduction68for ECAL Suite
ECAL Suite step-up (Standard
EA) on
travel/training/audio
Hosted Filtering 12
conferencing 12
Client Security Low Price
Combined point
Intranet-Portal Protection security solutions
Increased productivity and 15
business insight>ECAL Suite
Client Monitoring 20
Secure, well managed and
Email Anti-MalWare Protection 27
naturally familiar desktop
Enterprise IM Each of these
50
Individual135
products
WebEx Web Conferencing > ECAL Suite 324
Increased productivity and
Cisco Unity Unified Messaging
risk mitigation from
theft/loss/breach 150 225 300
0 75
23. Case Study
Astellas Pharma
“With Forefront Security for Exchange Server, our comfort level is higher because the mail
server and the security product are tightly integrated, and they’re both offered by the same
vendor.”
Akihiro Shiotani | Section Chief of the Infrastructure Group | Astellas Pharma Information Systems
Department
CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER
BUSINESS CHALLENGE
BUSINESS CHALLENGE SOLUTION
SOLUTION RESULTS/BENEFITS
RESULTS/BENEFITS
• Protecting its enterprise • Upgraded its enterprise • Strengthened security
messaging system from messaging system to • Simplified IT
spam, viruses, and other Microsoft Exchange management
threats. Server 2007 and also
deployed Microsoft • Achieved higher
• Ensuring high availability performance with fewer
of mailing system while Forefront Security for
Exchange Server servers
scanning it for protection
from viruses • Gained more flexible
options for future
enhancements
24. Case Study
Guardian Management LLC
“I’ve used many security products over the years, and the reporting in Forefront products is light-
years ahead of anything else I’ve seen.”
Will Wilson | Director of Information Systems | Guardian Management LLC
CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER
BUSINESS CHALLENGE
BUSINESS CHALLENGE SOLUTION
SOLUTION RESULTS/BENEFITS
RESULTS/BENEFITS
• Managing existing • Simplified and integrated • Improved security and
security solutions from its IT environment by reliability
multiple vendors more deploying the Microsoft • Simplified deployment,
effectively Forefront line of monitoring, and
• Allowing employees to business security reporting
exchange e-mail from products and the
Microsoft System Center • Increased user and IT
outside the office more productivity
easily family of IT management
solutions • Simplified publishing and
• Improving monitoring pre-authenticated
and reporting access to the servers
capabilities of the that run Outlook Web
security infrastructure Access
25. Case Study
Egyptian Ministry of Education
“With multiple scan engines in Forefront Security for Exchange Server, even when one engine is
being updated, others continue to scan. As a result, we don’t have e-mail messages queuing up.”
Salah Elewa | Director of Technology Development & Decision Support Center | Egyptian Ministry of Education
CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER
BUSINESS CHALLENGE
BUSINESS CHALLENGE SOLUTION
SOLUTION RESULTS/BENEFITS
RESULTS/BENEFITS
• Protecting information • Deployed several • Increased efficiency of
as per company policies Microsoft Forefront security management
• Making encryption and business security • Gained comprehensive,
other security-related products to gain layered protection
technologies easier to integrated protection
against a variety of • Achieved higher
use performance
Internet-based threats
• Protecting content while • Improved support and
sharing information with increased frequency of
partners updates
• Built strong foundation
for future enhancements
26. Case Study
Del Monte Foods
“Forefront Security for SharePoint is very easy to set up. The administrative console
gives you a complete view of your environment at all times. You just choose the scan
engines and a few other parameters, and you’re ready to rock and roll.”
Jonathan Wynn | Business Lead for Strategic and Capacity Planning | Del Monte
CUSTOMER CUSTOMER CUSTOMER
BUSINESS CHALLENGE SOLUTION RESULTS/BENEFITS
• Protecting SharePoint • Deployed Microsoft • Improved content
document libraries from Forefront Security for protection from viruses
viruses SharePoint, which helps • Simple, straightforward
• Guarding against protect SharePoint deployment
viruses entering from Server 2007 and
Windows® SharePoint® • Easy management with
outside the network as centralized management
partners are allowed to Services environments
against the latest console
access SharePoint
viruses, worms, and • Integration with existing
inappropriate content Microsoft environment
27. Case Study
Amsta Zorginstelling
“Before we installed IAG 2007, we would regularly receive close to 60 help-desk calls a
day from remote users. I only receive a few calls each day now. This solution has made
my job much easier.”
Shahab Davoudi | Head of IT | Amsta
CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER
BUSINESS CHALLENGE
BUSINESS CHALLENGE SOLUTION
SOLUTION RESULTS/BENEFITS
RESULTS/BENEFITS
• Improving the security of • Adopted Microsoft • Seamless integration
the primary healthcare Intelligent Application with applications
application Gateway 2007 to simplify • Strong security
• Protecting patient remote access while
optimizing application • Time and cost savings
information to follow
compliance policies security and policy • Easy access for remote
control workers
• Providing remote access
to employees while • Deployed Integrated
protecting sensitive Security and Acceleration
information Server 2006 as an
integrated network edge
security and access
gateway
28. Case Study
Dow Corning
“Through integration with Microsoft Office programs that people already know and use,
Active Directory Rights Management Services will put compliance with IP-protection
policies at employees’ fingertips.“
Mark Gandy | Enterprise Architect | Dow Corning
CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER CUSTOMER
CUSTOMER
BUSINESS CHALLENGE
BUSINESS CHALLENGE SOLUTION
SOLUTION RESULTS/BENEFITS
RESULTS/BENEFITS
• Protecting information • Met all requirements • Ease of use
as per company policies with Active Directory® • Minimal added
• Making encryption and Rights Management infrastructure and
other security-related Services in the Windows complexity
technologies more user Server® 2008 operating
system, which provides • Extensibility to business
friendly partners
identity-based
• Protecting content while information protection to • Full corporate control
sharing information with help safeguard and auditability
partners information from • Ease of management
unauthorized access
• Low total cost of
and use
ownership
29. Case Study
Allina Hospitals & Clinics
“When we first deployed Forefront Client Security, we discovered that we had at least four times as
many infections as we thought. Since then, we have seen a downward trend in the number of
computers infected.”
Andrew Julian | Lead Operating Systems Programmer | Allina Hospitals & Clinics
CUSTOMER CUSTOMER
CUSTOMER SOLUTION
BUSINESS CHALLENGE RESULTS/BENEFITS
• Improving protection of • Deployed Forefront • Simplified and
its critical electronic Client Security to protect centralized management
medical record system computers and server • Improved integration
• Integrating a security operating systems with the existing
solution more effectively against spyware, Windows-based IT
with the IT environment viruses, and other environment
malware
• Improving reporting • Increased IT visibility
capabilities • Deployed Forefront
Client Security • Improved and unified
Enterprise Manager to protection
centrally manage
multiple Forefront Client
Security deployments
30. Case Study
Phillip Capital
“Our IT environment is based primarily on Microsoft software, and Forefront Client Security works
seamlessly with our core infrastructure components, as a result, we have reduced the cost of
administering our security infrastructure by 60 percent.”
Thomas Thiew | IT Manager | PhillipCapital
CUSTOMER CUSTOMER
CUSTOMER SOLUTION
BUSINESS CHALLENGE RESULTS/BENEFITS
• Effectively managing • Deployed Microsoft • Improved integration
existing security Forefront Client and simplified IT
products from many Security, which guards management
vendors individual computers and • Reduced IT security
• Improving product server operating administration costs by
integration with other systems against a 60 percent
products and with the variety of threats
• Gained rich reporting
overall IT environment • Integrated Forefront and high visibility into IT
• Ensuring that Client Security with systems
employees’ computers Internet Security and
Acceleration Server, • Improved efficiency of
are always up and time and labor, and
running Active Directory, and
other Microsoft expects lower costs
infrastructure