Henk van Roest, our EMEA Security Program Manager is running a pretty successful internal blog. Before summer vacation he started a series called “Why it pays to be secure” which I think has some great information in it. I asked him then to go public with it but he told me that he is not doing this kind of outside communication but that I should feel free to use the content, which I am going to do – thank you Henk.

I will basically copy/paste his series over time. So I do not want to take the credit for the great work he did. Let’s start with his introduction today.


In the Security Incident Response Team we are often faced with support cases from customers compromised through some malware which is wreaking havoc in their environment.

Usually the customer says that deploying updates to software (not just MS Software) is too time consuming, too expensive and too disruptive to their environment.  Of course the resulting issue is usually also quite disruptive e.g. Conficker.

Microsoft has done a great deal of research into managing an IT environment as well as numerous studies with some of our customers to discover the “True” cost of a managed environment.

I thought it was useful to start a series of posts under on the subject of Update Management and Infrastructure Optimization that might allow you to have good conversations with your customers on the subject.

So for the purpose of this introduction I’ll just copy one little piece from a study done in 2006 (so this is not a ‘new’ thing):

WINDOWS DESKTOP BEST PRACTICES

In this research, IDC evaluated more than 20 potential best practices and identified three that are consistently used by top-performing IT departments for optimizing Windows desktops.

  • Standard desktop strategy (savings of $110/PC). Deploying a standardized desktop by minimizing hardware and software configurations.
  • Centrally managed PC settings and configuration (savings of $190/PC): Keeping deployed PCs standardized by preventing users from making changes that compromise security, reliability and the application portfolio.
  • Comprehensive PC security (savings of $130/PC): Proactively addressing security with antivirus, antispyware, patching, and quarantine.

http://download.microsoft.com/download/a/4/4/a4474b0c-57d8-41a2-afe6-32037fa93ea6/IDC_windesktop_IO_whitepaper.pdf


Henk and Roger