Today we released Forefront Protection 2010 for SharePoint and Active Directory Federation Services 2.0, which makes it a good time to talk about secure business collaboration.
It is clear that collaboration drives the modern enterprise. Sharing documents and applications within the company, from the remote office, with trusted partners and customers, into the cloud, etc. – is crucial for most organizations today.
Collaboration is a key engine for success, regardless of which industry or part of the world you’re in. And, whether its deployed on-premises or as hosted cloud service, the new SharePoint 2010 is the ideal business collaboration platform to connect people within the enterprise and beyond.
Of course, ensuring valuable information is safe against accidental loss, theft and malicious software is no trivial exercise in the world of cloud computing and cross-company collaboration. Information is the lifeblood of any organization and it must be secured. In his blog Gartner vice president Neil MacDonald wrote about this “tearing down of walls between businesses and the opening up of our information, processes and systems to outside parties – whether these are contractors, outsourcers, partners and customers. Nearly every enterprise I speak with is being asked to enable and foster secure collaboration with external entities.”
Working with customers and partners, Microsoft has learned a great deal about secure collaboration. Based on this, we thought we would share our top five recommendations to help companies strike the right balance of risk management and productive collaboration.
· Be a Team Player: Build a virtual team across security, content, identity and business managers for a holistic approach.
· Strive for Defense-in-Depth: Apply strong anti-malware on SharePoint, in addition to anti-malware on PCs and servers.
· Extend the Power of Identity: Identity is at the center of good security. Apply interoperable technologies to manage and federate identities across company boundaries and into the cloud (e.g. Single Sign-On.)
· Go the Extra Mile to Protect Your Information Lifeblood: Use rights management policies and technology to keep sensitive content out of the wrong hands.
· Be Cloud-Ready: Investigate your cloud vendor’s security measures. Choose technologies that bridge in-house and cloud systems.
The new Forefront Protection 2010 for SharePoint and Active Directory Federation Services 2.0 (ADFS 2.0) provide essential building blocks for a Secure Collaboration solution. They also represent great progress for what we call our Business Ready Security strategy to help enterprise customers manage risk and enable productivity.
Forefront Protection 2010 for SharePoint is deeply integrated with SharePoint Server 2010, preventing employees from uploading or downloading infected docs, inappropriate content, or sensitive information.
Active Directory Federation Services 2.0 is a no-cost download for Windows Server. It enables easier, more secure access to applications on-premises and in the cloud, as well as collaboration within the enterprise and across organizational boundaries. ADFS 2.0 lets companies apply their existing on-premises identities to the cloud.
Learn more here.
Microsoft has released the Information Card Issuance Community Technical Preview (CTP.) This will enable IT administrators to easily issue information cards via Active Directory Federation Services 2.0, giving end users a more flexible and secure means of authentication to applications within the enterprise, across company boundaries and into the cloud. Through this CTP, we hope to gain valuable feedback on our Information Card technologies.
The CTP will support the following scenarios:
We have also adding two new mechanisms for interaction and feedback on this topic, a dedicated Information Card Issuance Forum and a monitored e-mail alias email@example.com.
Watch a video from the Office-SharePoint 2010 launch site about how Del Monte uses Forefront to secure its collaboration environments – including comments from Forrester senior analyst Andrew Chiquith. (Click here or on the image below for the video.) A written case study about Del Monte is here.
From the case study:
Benefits By deploying Microsoft Forefront Protection 2010 for SharePoint for protection and Active Directory Domain Services for identity–based access, Del Monte helps increase its collaboration, sharing, and access to information, while better protecting its assets. By strengthening its security capabilities, the company is equipped to aggressively pursue its collaboration strategy, taking full advantage of its investment in Microsoft SharePoint Server 2010.
Enhanced Business Control Without Compromising Flexibility By using Forefront Protection 2010 for SharePoint, Del Monte benefits from tighter control of its business assets, including its intellectual property, through the use of multiple scanning engines and enhanced file filtering capabilities. Because Del Monte can configure the solution to meet its own business rules and changing security needs, the company retains maximum operational flexibility. “The ability to configure the settings at a granular level enables us to optimize our approach over time, so we can ensure rigorous security across all of our portal resources without negatively impacting productivity,” says Wynn.
Improved IT Management Through Real-Time Health Monitoring The centralized Administrator Console and dashboard management tools in Forefront Protection 2010 for SharePoint provide the Del Monte IT team with access to consolidated information and analytics, helping to ease security management tasks.
Through these tools, Wynn and others can quickly evaluate the performance of scanning engines and track malware incidents and responses across the company’s entire server system. “Because I can get a comprehensive security status update in a matter of minutes, I can quickly prioritize the issues I need to address across projects and focus more time on achieving business goals,” says Wynn.
From the Microsoft identity blog:
In the category “Best Innovation”, the European Identity Award went to Microsoft for U-Prove. The U-Prove technology, which enables minimal disclosure of identity-related information is considered to be a pioneering effort in enhancing online privacy and security, by analyst firm Kuppinger-Cole & Partners.
In the category “Best Project”, the University of Washington was honored for its identity federation solution in research and education which was developed together with Microsoft and “Live@Edu”.
The University of Washington is delighted to have its work with Microsoft on federation services honored by Kuppinger Cole, said RL "Bob" Morgan, Identity Architect for UW Information Technology and Shibboleth Project core team member. At UW, we are committed to standards-based federation to extend the value of UW identity to the services our users need. It is great to partner with Microsoft since they too are making a commitment to federation for Windows Live and Live@edu. Live@edu's support of higher-education federations including InCommon is a key differentiator. Making it all work has many challenges, but it's essential so the higher-ed community can collaborate seamlessly and securely in cloud environments.
Nathan Dors, manager of Identity and Access Management for UW Information Technology, added that the partnership with Microsoft has been very positive. We agree with Microsoft on the importance of being both standards-oriented and pragmatic. Choice of federating technology is key and we appreciate Microsoft's striving to reach parity between AD FS 2.0 and Shibboleth solutions.
Also in the category “Best Project” Thomson Reuters was honored for its solution enabling users to easily and securely access various application services, which is based on Microsoft’s Windows Identity Foundation and Active Directory Federation Services (AD FS 2.0).
We are delighted to be acknowledged by international analyst firm Kuppinger Cole & Partners for our identity project with Treasura. Being able to provide a standards-based solution from Microsoft has enhanced application security and offered greater access control for our identity infrastructure project,” said Jason Shantz, Architect, Thomson Reuters.
And finally, in the category “Best Project” BMW was honored for its identity management solution covering more than 100,000 dealerships and other external users, replacing existing legacy systems. The project was a co-development with Omada and Microsoft.
From Vittorio Bertocci on Channel 9:
Today [yesterday] we are announcing the general availability of Active Directory Federation Services 2.0 (ADFS 2.0). In this lightning-fast video, Stuart Kwan, Group Program Manager for the Identity and Security Division, lists the essential facts about this new, exciting release. Tune in!