International Speedway Corporation (ISC) promotes motorsports events, including NASCAR’s DAYTONA 500. The company operates 13 facilities, representing more than one million grandstand seats and 550 suites. Exceptional customer service for the more than 3.5 million people that attend their events is critical to success.

ISC relies heavily on email communication via Exchange Server 2007 to respond to customers’ needs. “It is not an easy task for us to fill 150,000 grandstand seats at one event, so it is key for us to maintain that customer service relationship,” says Brandon McNulty, Senior Director of Technology at ISC. ”Email is at the heart of that.” (continued below)

“Keeping spam off our email system is critical for both maintaining the integrity of our email security and business productivity,” explains McNulty. However, managing spam must be done intelligently because the company works with legitimate sponsors who can often be the subject of spam messages.

ISC used a third-party service to filter email, but found that spam incidents were steadily on the rise, impacting customer service. In fact, in the final nine months that ISC used the service, the rate of incidents that required intervention from the IT department increased at least four-fold.

So, ISC took advantage of its Microsoft enterprise license agreement and implemented Forefront Online Protection for Exchange, a hosted service that offers layered protection against spam and malicious software.  Within four weeks, the company completely replaced its third-party service and was using Forefront Online across 1,000 employee computers and monitoring a total of 1,300 email accounts, including aliases.

Since implementing Forefront Online Protection for Exchange, ISC has reduced the number of spam incidents on its network by at least 25 percent. “Spam isn’t even a concern for us anymore. It doesn’t require human intervention for us to prevent it as it did before,” explains McNulty.

Instead of manually creating and deleting user accounts, ISC can automatically synchronize its Active Directory and Exchange Server accounts to Forefront Online Protection for Exchange, saving six hours of IT administration time each month.

Because there is no hardware or software to purchase and manage with the hosted service, ISC is saving money compared to an on-premises solution. “By avoiding hardware costs, licensing costs, and manpower to maintain the infrastructure, our savings are easily more than $120,000,” concludes McNulty.

Earlier this month InfoWorld's longtime product reviewer Keith Schultz posted a favorable review of Forefront Identity Manager 2010 and Active Directory Federation Services 2.0.  Here's an excerpt:

Managing user access in businesses today is something like playing traffic cop in an intersection of a thousand roads. From Web-based applications to homegrown programs, from desktop PCs to the latest crop of smartphones, IT has to be able to control access to every sort of resource while allowing users to access them from anywhere and any platform.

A bigger challenge is providing seamless access to applications and systems across corporate or network boundaries. It's no trouble for IT to define and manage user names and passwords on their own network, but it takes more work -- or is nearly impossible -- to extend access to internal systems to numerous external users or to manage local user access to a system outside of their control.

Microsoft has updated Forefront Identity Manager (FIM) 2010 and Active Directory Federation Services (ADFS) to aid IT in applying identity management across domains and business boundaries. Both of these tools are intended to extend user access control across the enterprise; FIM uses a common platform to tie user, certificate, group, and policy management together, while ADFS provides trust accounts between different networks or organizations. Together, they provide a powerful platform for extending user management beyond the company domain or network edge.

As we all know, right now cloud computing holds center stage in the IT industry.  Vendors, service providers, press, analysts and customers are all evaluating and discussing the opportunities presented by the cloud. 

A very important part of the discussion is security.  While the benefits of cloud computing become clearer, it seems almost every day there is a new press article or analyst report indicating that cloud security and privacy are a top concern for customers.   Just one example:  A Microsoft survey revealed that while 86% of senior business leaders are excited about cloud computing, more than 75% are concerned about the security, access and privacy of data.

Customers are right to ask how cloud vendors can work to ensure the security of cloud applications, the protection of data and the privacy of individuals.  Our CEO Steve Ballmer told an audience at the University of Washington in early March that "This is a dimension of the cloud, and it's a dimension of the cloud that needs all of our best work.”

At Microsoft we want to address these concerns and even help customers understand the right questions to ask.  As part of our longstanding Trustworthy Computing efforts, we strive to be more transparent than anyone about how we help enable more secure cloud computing.

In his recent keynote at our TechEd North America conference, Server and Tools Business president Bob Muglia discussed this issue, too, saying, “The data that you have is in your organization is yours.  We’re not confused about that, and it’s incumbent on us to help you protect that information for you. Microsoft’s strategy is to deliver software, services and tools that enable customers to realize the benefits of a cloud-based model with the reliability and security of on-premises software.”

A great place to start learning about Microsoft’s cloud security efforts is on the Microsoft Global Foundations Services (GFS) site. The white papers “Securing Microsoft’s Cloud Infrastructure” and “Microsoft’s Compliance Framework for Online Services” are especially informative. 

GFS drives an exhaustive, centralized Information Security Program for all Microsoft cloud datacenters and the 200+ consumer and commercial services they deliver (which are all built using the Microsoft Security Development Lifecycle.)  This program covers everything from physical security to compliance, including Risk Management Process, Response, and work with law enforcement; Defense-in-Depth Security controls across physical, network, identity & access, host, application and data; A Comprehensive Compliance Framework to address standards and regulations such as PCI, SOX, HIPAA, and the Media Ratings Council; and third party auditing, validation and certification (ISO 27001, SAS 70.) 

If you watch the short video clip above, you’ll note Bob also calls out our focus on identity, saying “As you move to cloud services you will have a number of vendors, and you will need a common identity system.”  Identity is a cornerstone of security, in general, and especially cloud security.  Microsoft already provides technologies with Windows Server and our cloud offerings that customers can use to extend their existing investment in identity infrastructure (such as Active Directory) for simpler, more secure access to cloud services.  There is a good TechNet article about this here, part of a whole package of cloud security guidance here.

Of course, Microsoft is not working on cloud security alone.  As our chief privacy strategist Peter Cullen said in his keynote at the Computers, Freedom and Privacy (CFP) conference:  "These truly are issues that no one company, industry or sector can tackle in isolation. So it is important to start these dialogs in earnest and include a diverse range of stakeholders from every corner of the globe.”   Microsoft is working with customers, governments, law enforcement, partners and industry organizations, such as the Cloud Security Alliance, to collaborate on the best strategies and technologies to ensure more trustworthy cloud computing. 

We encourage you to explore some of the information provided via links above, and to let us know your comments! 

Joel

I thought I would share this entertaining and thought provoking session about cybercrime - from our TechEd North America conference last week.  Andy Malone is a lively, humorous presenter!

Description:  With the dark forces of Cybercrime continuing to grow, it’s critical that individuals and businesses are fully aware that doing business in the “wild west” of the 21st century can be potentially disastrous. The sophistication of the latest generation of attacks is simply mind boggling. In this hard hitting 75min session Andy Malone spills the beans on the latest tools and tactics used by the bad guys. Packed with stories, demos, tips and tricks, this is a security session you will not want to miss.

Jeffrey Schwartz of Redmond Magazine published an in-depth story discussing how the new Active Directory Federation Services 2.0 for Windows Server simplifies secure access to applications and services in the cloud. 

The article is a good read, providing perspective from a variety of companies – most highly supportive of ADFS 2.0, some slightly critical.  Overall, Schwartz says, “Numerous Windows IT pros and security experts are bullish” on the new technology and what it can do.   In the article, Kevin von Keyserling of Certified Security Solutions does a good job of summing up ADFS 2.0’s benefits:

"The end user can have the same experience in the cloud as if they were inside their own network; that's one of the advantages or drivers for these large enterprises looking at taking up the Federation Services and extending it. It provides cloud services without having to stop and deal with password resets and credential management, and allows [companies] to focus on the execution of their business strategy versus the day-to-day nuances of dealing with security issues."

Patrick Harding, CTO of Ping Identity, says "ADFS 2.0 is a big deal because it validates that federated identity management is important; it's going to become a must-have for cloud computing and SaaS computing."

"The bottom line is we're streamlining how access should work and how things like single sign-on should work from on-premises to the cloud."
John Chirapurath, Senior Director, Microsoft

A real-world example of ADFS 2.0 in action (not in the article) is Thomson Reuter’s Treasura web service to help professional treasurers handle cash and liquidity management, forecasting, payments and compliance.

Using Windows Identity Foundation - an extension to the Microsoft .NET Framework – and ADFS 2.0, Thomson Reuters was able to provide single sign on access to Treasura and related software through identity federation with its customers.  Customers can log on to their computers once and navigate to the Treasura site and among Treasura applications without having to sign in again. They can manage and control their own authentication and access policies just once, on their own networks. The Treasura team also provided SSO access to other Thomson Reuters products, even ones that are built using Sun OpenSSO or other third-party technologies instead of Active Directory.

Because Windows Identity Foundation provides their application developers with the same familiar Windows development tools to provide single sign on without having to write custom authentication code, Thomson Reuters expects to save an average of three months of development time.

And offering one shared authentication infrastructure improves security, because developers can focus their efforts on making applications and services the best they can be, without worrying about creating authentication silos in each application that must be managed separately.

Hi all – I thought I would share another Forefront customer story.  This one is tied to our recent posts on secure collaboration.

Founded in 1824, Medical University of South Carolina (MUSC) is a leading health-sciences center with one of the top 10 cardiovascular centers in the United States. MUSC comprises a 700-bed medical center and six colleges with 13,000 full-time employees, including physicians, researchers, professors, and administrative staff – as well as 2,600 medical students. (More below.)

Like many large organizations, MUSC relies heavily on Exchange for email and SharePoint for collaboration. For example, the entire medical university uses SharePoint to share critical information: the IT department manages work schedules, project documentation, and its knowledge base; colleges use it to post classroom resources, such as syllabi; and researchers use it to share the latest medical research that benefits the greater medical community and, in the end, plays a part in saving people’s lives.

Security challenges were impeding the benefits of collaboration, however, and increasing IT costs and inefficiencies.  Approximately 30 weekly malware incidents were taking up as much as 120 IT hours each week.  Worse, they could leave physicians and nurses without the critical equipment they use to improve patients’ health.

The IT team at MUSC needed to replace its existing security solution to better protect its collaboration and messaging environment from malware and other threats.  In particular, it wanted to prevent specific content or file types from being uploaded and spread across its network.

MUSC moved to Forefront, taking advantage of an Enterprise Client Access License (CAL) to implement Forefront Client Security and the new Forefront Protection 2010 for Exchange and SharePoint – saving $200,000 on licensing costs. 

“Even though Forefront products are included in our CAL agreement, it really goes beyond money and comes down to ‘does it work?’” explains Clay Taylor, Endpoint Security Engineer at MUSC. “After seeing Forefront in action, the answer is ‘yes it does.’

MUSC also uses Active Directory Domain Services to control identity-based access to SharePoint sites.  In addition, Forefront Threat Management Gateway serves as a web proxy for Exchange and SharePoint to guard against threats from unmanaged PCs that access the MUSC network.

As a result, MUSC has reduced malicious software incidents by 45 percent to save about 108 hours each month for IT personnel, meaning they can  focus on more strategic projects…and spend fewer nights and weekends re-imaging machines.

The IT department at MUSC is now better able to fulfill its mission of facilitating an environment where nurses, doctors, staff, and students can collaborate and collectively provide top-quality patient care and make positive contributions to the latest in medical research.

Joel

Recently, our Forefront Protection 2010 for SharePoint (FPSP) product was released so I thought I’d take the opportunity to explain, in my own terms, the business value for the product.  I also interviewed Noreen from the product team to get her take on the product as well as give us some demos of FPSP in action (viewable at bottom of this post).

Defense in Depth 
Especially considering how important SharePoint is to your business, you should have a defense in depth strategy which includes SharePoint.  How much employee time or money would your company lose if someone uploaded a virus on SharePoint bringing it down or compromised the data?  There are two significant unique features in FPSP that help your defense-in-depth strategy which I’d like to highlight:

• Multi-Engine Anti-Virus – The statistics are irrefutable, having multiple anti-virus engines has the highest detection rate.  Every company’s client anti-virus software, including Microsoft’s Forefront Client Security, utilize only a single engine.  Furthermore, if you rely only on your client anti-malware software and it does detect a virus on the SharePoint server itself, the user experience will more than likely be poor causing a loss of productivity time. 
  Side note: multi-engine AV is also available in Forefront Protection 2010 for Exchange.
• Interoperability with Rights-Management-Services (RMS) – RMS is an excellent addition to your defense in depth strategy, protecting the documents themselves.  FPSP still has all of the same protection capabilities even with RMS-protected documents.

More control and visibility over your data 
With a continued expansion of the amount of data inside your environment, the time to filter this data or cost to increase storage capacity can be significant.  The data keyword & file filtering give you control over what type of data you allow on the SharePoint server and provide reporting on what type of files are present.   This could save costs through not requiring additional storage capacity or helping to prevent data leaks.  For instance, if you have a publicly-accessible SharePoint server in your company you could enable keyword file-filtering to prevent anything with the words “confidential" or “internal only” inside the files, even specifying the threshold of how many times these words show up before you disallow them from being posted.

To download this video in various formats such as Zune, iPod, WMV, or MP3, please visit the original post.

Tomorrow at 2:30 pm Eastern time, tune in via Twitter to see Kelly Higgins of Dark Reading interview  JG Chirapuarth, senior director of the Microsoft Identity and Security Business Group.  You can follow the discussion at either the Dark Reading or Forefront Twitter Account.

Today we released Forefront Protection 2010 for SharePoint and Active Directory Federation Services 2.0, which makes it a good time to talk about secure business collaboration.

It is clear that collaboration drives the modern enterprise.  Sharing documents and applications within the company, from the remote office, with trusted partners and customers, into the cloud, etc. - is crucial for most organizations today.

Collaboration is a key engine for success, regardless of which industry or part of the world you're in.  And, whether its deployed on-premises or as hosted cloud service, the new SharePoint 2010 is the ideal business collaboration platform to connect people within the enterprise and beyond. 

Of course, helping ensure valuable information is safe against accidental loss, theft and malicious software is no trivial exercise in the world of cloud computing and cross-company collaboration.  Information is the lifeblood of any organization and it must be kept highly secure.  In his blog Gartner vice president Neil MacDonald wrote about this "tearing down of walls between businesses and the opening up of our information, processes and systems to outside parties - whether these are contractors, outsourcers, partners and customers. Nearly every enterprise I speak with is being asked to enable and foster secure collaboration with external entities."

Working with customers and partners, Microsoft has learned a great deal about secure collaboration.  Based on this, we thought we would share our top five recommendations to help companies strike the right balance of risk management and productive collaboration. 

• Be a Team Player: Build a virtual team across security, content, identity and business managers for a holistic approach.

• Strive for Defense-in-Depth: Apply strong anti-malware on SharePoint, in addition to anti-malware on PCs and servers.

• Extend the Power of Identity: Identity is at the center of good security. Apply interoperable technologies to manage and federate identities across company boundaries and into the cloud (e.g. Single Sign-On.
  

• Go the Extra Mile to Protect Your Information Lifeblood: Use rights management policies and technology to keep sensitive content out of the wrong hands.

• Be Cloud-Ready: Investigate your cloud vendor's security measures. Choose technologies that bridge in-house and cloud systems.
  

The new Forefront Protection 2010 for SharePoint and Active Directory Federation Services 2.0 (ADFS 2.0) provide essential building blocks for a Secure Collaboration solution.  They also represent great progress for what we call our Business Ready Security strategy to help enterprise customers manage risk and enable productivity. 

Forefront Protection 2010 for SharePoint is deeply integrated with SharePoint Server 2010, preventing employees from uploading or downloading infected docs, inappropriate content, or sensitive information. 

Active Directory Federation Services 2.0 is a no-cost download for Windows Server.  It enables easier, more secure access to applications on-premises and in the cloud, as well as collaboration within the enterprise and across organizational boundaries.  ADFS 2.0 lets companies apply their existing on-premises identities to the cloud. 

Learn more here.

Today on the Microsoft Blog Vinny Gullotto, general manager of MS Malware Protection Center, announced the release of the Microsoft Security Intelligence (SIR) Report version 8.  The SIR is a wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Microsoft creates the SIR to provides information that helps customers and partners better understand the problem of malicious software, so they can take appropriate action.

Volume 8 of the Security Intelligence Report (SIR v8) covers July 2009 through December 2009. It includes data derived from more than 500 million computers worldwide, each running Windows. It draws from a variety of sources, such as Forefront and some of the business Internet services, like Windows Live Hotmail and Bing. 

The full report and a great interactive summary is available here and here’s a video of Vinny and Frank Simorjay discussing the report.

A key finding of the latest SIR is that cybercrime continues to mature as criminals model their operations on conventional business processes. Enterprise networks continue to be susceptible to worms while home users are more exposed to malware and socially engineered threats.

And criminals continue to package online threats into “kits” to maximize potential impact. The Eleonore browser exploit kit, for example, employs different exploits for browsers from several different vendors as well as popular application software frequently found on systems.

SIRv8 further confirms that attackers are now largely motivated by financial gain and rarely act alone. For example, malware creators seldom conduct attacks themselves but instead work with other criminals in online black markets to buy and sell malware kits and botnet access. Bot herders are also at the core of the professional online threats, knitting together compromised machines into a dark version of a Cloud Computing network.

From Vinny’s blog post:

The telemetry data in SIR has shown consistently that the lowest infection rates are seen on computers running Windows Vista SP2 and Windows 7. Infection rates for both operating systems are less than half the infection rate for computers running Windows XP. Also, analyzing the attacks in affected Office program installations, we found that most attacks affected Office 2003 users who had not applied a single service pack or other security update since the original release of Office 2003 in October 2003.

So what can enterprises and individuals do to defend against the latest malware? Keeping current is essential. Use products developed with security in mind, install good anti-malware solutions, and make certain you are applying the latest software updates.

Finally, in this latest volume we introduced a section based on customer request called “Mitigation Strategies for Protecting Networks, Systems, and People.” This guidance section was developed by Bret Arsenault, Microsoft Chief Information Security Officer and it provides insight on how Microsoft implements our own defense in depth approach to security. We hope you find it valuable and applicable to your systems.