Microsoft discloses ambitious security strategy

Microsoft Thursday began detailing a security strategy that will see it combine its identity management efforts with its Forefront security products built for clients, servers and the network edge.

The company plans to integrate its security and identity products under the Forefront brand, offer software-as-a-service versions and present it all as a layered defense of access and control for its corporate infrastructure software.

The resulting security layer also will incorporate third-party tools linked to a common control panel Microsoft is developing called Stirling. Thursday, the company released Beta 2 of Sterling and plans to ship the final version early in 2010.

Microsoft will further dissect the plan, which uses Active Directory as its foundation, at next week's RSA Conference under the marketing banner Business Ready Security.

But while the story will be told at RSA, the work integrating, refining and releasing all the moving parts will be no short-term task.

"It is a bit much to bring together into a coherent technology architecture," said Earl Perkins, an analyst with Gartner. "This is an attempt to bring everything together with a common theme and message because

Microsoft is convinced that identity is a part of security. On the positive side, they are trying to bring together relevant resources under one organizational arm, but the rest of it could be hit and miss."

Perkins characterized Microsoft's pronouncements today as an organizational and marketing announcement.

Microsoft officials say the identity and security message is a natural outgrowth of last year's corporate reorganization that merged two business groups – Identity/Access and Security/Access – into the Identity and Security Business Group.

As part of the introduction of the new strategy, Microsoft Thursday introduced the first of a slate of online security services: an email offering called Forefront Online Security for Exchange.

The service, which works with Active Directory, includes spam and virus protection, policy enforcement, real-time message trace and reporting, and despite the name, supports any e-mail system. The service also provides archiving, encryption, and disaster recovery.

Microsoft plans to turn all its Forefront security tools into online services. The lineup is made up of Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, Forefront

Security for Office Communications Server, and Forefront Threat Management Gateway.

Microsoft also will brand all its identity products, except, AD, with the Forefront name. The next version of Identity Lifecycle Manager (ILM), which is now delayed until early 2010, will be called Forefront Identity Manager.

ILM is Microsoft's platform for identity synchronization, certificate and password management, and user provisioning.

A forthcoming identity platform code-named Geneva, which pushes Microsoft's claims-based identity platform into the cloud, also will fall into the Forefront portfolio.