Leading up to the RSA security conference, which started yesterday in San Francisco, Microsoft has gradually been exposing its new security marketing strategy to the world. The new strategy is called Business Ready Security (that’s the best introductory link I’ve found so far).

There’s no question in my mind that Microsoft has an unrealized opportunity when it comes to end-to-end security and stealing security and compliance market share from CA, EMC, and Symantec. How will Microsoft start to capitalize on that opportunity? First, by integrating with its main enterprise asset – Active Directory.

All of the scenarios here – endpoint security, email security, network compliance and health, identity management, strong authentication, etc – can and should be managed via Active Directory. It should be the go-to repository for identity and authorization information, and it should be the go-to repository for management and configuration. This is the first key for achieving interoperability across product lines, and for driving down IT deployment and lifecycle costs, which is something that many customers have been complaining that the existing players in the security market (e.g. CA and Symantec) haven’t been doing well. Tight integration with AD for products coming out of Microsoft should just be a no-brainer; if customers don’t have AD installed, make ‘em get it first.

However, there’s a second aspect of AD integration that’s less obvious and that even Microsoft has been getting wrong. It’s one thing to have a single repository for identity and policy information; it’s another thing to have a consistent interface look-and-feel – call it the IT user experience – across every product and tool, for managing that information.

What do IT people think of when they want to manage AD? An MMC snap-in! It’s not always pretty, but it’s what everyone has been trained to use. But look at the management interface for Forefront 1.0. Or for Identity Lifecycle Manager. Those management interfaces are web-based. That’s not a problem in and of itself, nor is the root problem even that not every product uses MMC for management. The problem is that not every product has a consistent management interface.

The customers I’ve spoken with regarding the end-point security market, for example, expect all of the top-tier vendors to pretty much have feature parity. The differentiation is in how easy the product is to deploy and manage.

Along with tight AD integration, a consistent management UX is Microsoft’s best competitive tool in the security market. Don’t make the IT guy learn a new interface for every (or any) product. And if you’re not going to use MMC, consider that you have a huge installed base of those snap-ins already, plus legions of IT people to re-train.

Ok, so, integration with AD is one thing. What’s the second step? It’s a no-brainer: you have to actually ship the new security products – get them developed and ready for the market – and that just hasn’t been happening quickly enough.

When I was staffing the Forefront booth at TechEd last year, several attendees came up to me who had never heard of that brand (i.e. Forefront). When I told them what it is and what it does, a frequent response was, “Oh right – we looked at that, but it’s not yet on par with eTrust,” or etc. Their next question: when is the next version of Forefront shipping so we can take another look? Answer: we don’t know.

Big companies tend to move slowly – they have a lot to lose, lots of cogs to turn – that’s just the nature of the beast. But Microsoft would pose a bigger, more immediate threat to the aforementioned existing competitors in this space if it could turn the “get the products out the door” crank more quickly. Forefront Stirling and Identity Lifecycle Manager 2 both should have shipped last year. If that had happened, the new Business Ready Security realignment would have momentum behind it, along with real credibility, and the buzz would directly influence purchasing decisions. Competitors would be running scared.

Thus, I conclude that there’s huge potential for Microsoft here, but they’ve put the cart before the horse. First step: give the products a consistent management experience. Second step: ship them. Third step: spin up the re-energizing marketing campaign. Fourth step: count the truckloads of money.

No Comments »