In October we announced the strategic decision to build Forefront Endpoint Protection (FEP) on System Center Configuration Manager, Microsoft’s market-leading change and configuration management product. Part of our Business Ready Security strategy, this approach better aligns with our customers’ desktop management and security solutions, helping them simplify deployment and reduce costs. Chris Christiansen of analyst firm IDC puts it well:
"Converging endpoint security and operations can improve an organization's overall security posture and efficiency. As security management overlaps with other IT functions, Microsoft's integration of Forefront Endpoint Protection and System Center Configuration Manager just makes sense."
We’ve been working to deliver on this strategy and, this week at the Microsoft Management Summit, we demonstrated this convergence for the first time. (You can view corporate vice president Brad Anderson’s keynote speech with a demo here.) We’re planning on releasing a beta of FEP in the third quarter of this year. Learn more about FEP here. We will also be sharing more about FEP at TechEd North America in June.
Separate infrastructure for endpoint protection and management is costly, inefficient and can expose a company to more security risks. Disconnected management consoles and responsibilities, often spread across multiple teams, adds IT costs and can impact the productivity of both IT and business employees. The right approach is to centralize endpoint security information - such as patches, deployment and policy - on a platform that can scale to hundreds of thousands of clients.
This approach will improve security by reducing the attack surface of PCs and accelerating incident response. It will make life much easier for desktop managers and also boost the effectiveness of security administrators, because they can more easily cover endpoint security basics and spend more time on newer capabilities to combat the latest threats.
By building FEP on Configuration Manager, customers will save capital costs on roll-out. They will also reduce training costs, because administrators won’t have to learn yet another management user interface. One of our customers, Kristaps Čudars, Senior System Virtualization Specialist at Rīgas Stradiņa University in Europe, said:
“We like Microsoft’s strategy to integrate Forefront Endpoint Protection with System Center Configuration Manager. We expect this approach of merging endpoint security with overall endpoint management will simplify deployment and management, lowering the total cost of ownership per desktop.”
With this convergence, all the information that the client management team needs to make security decisions is provided in a single pane of glass, enabling them to both mitigate security risks more easily and generate reports about compliance for the security team.
We feel this approach is the future of endpoint security. And Microsoft is driving this convergence for both large and mid-sized organizations. In addition to building FEP on Configuration Manager, the newly introduced Windows Intune solution for mid-sized companies provides a cloud-based solution for PC security and management, using core Forefront and System Center technologies.
As enterprise IT evolves, Microsoft continues to evolve its Forefront security management strategy. In order to best help customers simplify the security experience and manage compliance, we are aligning security management with systems and application management.
As part of this strategy, Forefront Protection Manager (FPM) will not be released to market. Instead, multi-server management for Forefront Protection 2010 for Exchange Server (FPE) and Forefront Protection 2010 for SharePoint (FPSP) will be delivered through a streamlined solution for messaging and collaboration workloads, both on-premises and in the cloud. We will share additional details on this solution in the future.
To address customer needs in the near-term, we will release the following in the second half of 2010 at no additional cost to FPE and FPSP customers:
· A Service Pack release for our established Forefront Server Security Management Console (FSSMC) that will expand support for multi-server management to the latest versions of FPE and FPSP.
· A Forefront Server Security Script Kit that will allow IT administrators to use Remote PowerShell to configure and report on multiple deployments of FPE and FPSP throughout the enterprise.
More about our long term strategy:
We are aligning security management with systems and application management at two levels. The first level will deliver risk management across protection, access, and identity, providing end-to-end visibility into the enterprise and helping enable compliance. The second level will operationalize and simplify security management by building on application workloads and providing a consistent management experience across physical, virtual, and cloud environments.
As part of this strategy, we announced earlier that Forefront Endpoint Protection 2010 will be built on System Center Configuration Manager for centralized deployment, configuration, updating, and reporting. This will allow customers to configure, patch, and protect their desktops and laptops with the same infrastructure, delivering comprehensive security with greater efficiency. This solution is on track for a planned release to market in the second half of 2010.
Next week on Tuesday and Wednesday be sure to visit the Microsoft News Center to view the Microsoft Management Summit executive keynotes live on the web! Don’t miss this opportunity to see our top executives discuss the latest IT Management news, strategies, and solutions from Microsoft, and how to apply them in your organization.
· Tuesday, April 20, 8:30 – 9:45 AM PST: Managing Systems from the Datacenter to the Cloud, Bob Muglia, president, Microsoft Server and Tools
· Wednesday, April 21, 8:30 – 9:45 AM PST: User Centric Client Management, Brad Anderson, corporate vice president, Management and Services Division
Microsoft and RSA, the Security Division of EMC, recently commissioned a Forrester Consulting survey of enterprise security managers about information protection. The results are available in a white paper called "The Value of Corporate Secrets," available here on Microsoft.com (see Technical Resources) and here on RSA.com. We issued a joint press release about it, too, available here. Microsoft and RSA have a strategic partnership around information protection solutions, announced more than a year ago.
The most interesting finding of the survey of 305 security decision makers around the world is that while enterprises are investing heavily in compliance and protection against accidental leaks of custodial data (such as customer information), they are under-investing in protection against theft of trade secrets (intellectual property)....which is much more valuable.
“Nearly 90% of enterprises we surveyed agreed that compliance with PCI-DSS, data privacy laws, data breach regulations, and existing data security policies is the primary driver of their data security programs. Significant percentages of enterprise budgets (39%) are devoted to compliance-related data security programs,” according to Forrester Consulting’s study. “But secrets comprise 62% of the overall information portfolio’s total value while compliance-related custodial data comprises just 38%, a much smaller proportion. This strongly suggests that investments are overweighed toward compliance.”
The survey revealed that while organizations focus on data security incidents related to accidental loss, information theft by employees or trusted outsiders is more costly. For example, based on responses received in the survey, employee theft of sensitive information is ten times costlier than accidental loss on a per-incident basis: hundreds of thousands of dollars versus tens of thousands.
Despite a wide range in security spending, views on the value of information and number of incidents, nearly every company rated its security controls to be equally effective.
“Most enterprises do not actually know whether their data security programs work or not, other than by raw incident counting,” according to Forrester Consulting. “‘Compliance’ in all its forms has helped CISOs buy more gear. But it has distracted IT security from its traditional focus: keeping company secrets secure.”
Read the white paper for recommendations from Forrester, Microsoft and RSA to better ensure your information security strategies are appropriately balanced, including: