REDMOND, Wash., Oct. 9, 2003 — Today at Microsoft’s annual Worldwide Partner Conference in New Orleans, Microsoft CEO Steve Ballmer announced security-related technology investments and ongoing efforts designed to improve the security of computer users around the world. (See Press Releases, right.)
Mike Nash, Corporate Vice President, Security Business Unit
Ballmer characterized many of the new initiatives as joint efforts with Microsoft’s industry partners to help proactively improve security — by providing a wide range of tools, training and other services to help ensure that customers’ systems are as secure as possible. The goal of this collaborative work is simple, Ballmer said: Get customers secure, and keep them secure.
To learn more about the roles that partners are playing in the new security efforts, PressPass talked with Mike Nash , corporate vice president of Microsoft’s Security Business Unit.
PressPass: How does Microsoft work with its industry partners in addressing security issues for customers?
Nash: Security is an issue that affects our entire industry. Our company is working diligently to provide better software and tools for our customers, and the security expertise our partners bring to the table is absolutely critical in helping people secure their systems. We are committed to helping all PC users — consumers, small and medium-sized businesses, and large organizations — get secure and stay secure. To be successful, such a large undertaking requires a close partnership with many other companies.
We’ve also learned that we need to be more proactive with our customers to help them stay secure. We can develop security features in our software, or release a patch to address a security vulnerability, but if people have a difficult time implementing these measures, then they simply aren’t effective. In many cases, partners can provide proactive security expertise that can be invaluable in helping customers bridge the gap to a more secure environment. These partners are often intimate with the customer’s business, and they work alongside the customer to help tackle the tough security issues. Partners have stepped up to the challenge, and they have played a critical role in helping protect our mutual customers.
PressPass: Has Microsoft always worked closely with partners on matters of security?
Nash: Definitely. Microsoft has always collaborated with partners on matters of security, and we’ve been working even more diligently with them in recent months. For example, the Microsoft Virus Initiative (MVI) forum began in 1995 as a working effort by ISVs and independent researchers to improve platform interoperability with antivirus products. And the Virus Information Alliance (VIA) is a collaboration of antivirus vendors, designed to share information on new attacks and vulnerabilities. More recently, Microsoft’s “Protect Your PC” campaign launched with special offers from antivirus and personal-firewall software vendors. And finally, much of our prescriptive guidance around security has been developed with the direct involvement of partners.
Going forward, as our emphasis on security continues to grow in the face of new and emerging security threats, we expect the role of Microsoft’s security partners to grow equally. We see security as a long term, industry-wide effort in which our partners play an essential role.
PressPass: What specific roles will partners play in the new security efforts Microsoft announced today?
Nash: Much of what Steve Ballmer outlined in the announcement at the Worldwide Partner Conference emphasized the security investments that Microsoft is making. The quality of Microsoft Windows XP Professional and Microsoft Windows Server 2003 is a step in the right direction. It’s a direct result of our focus on the Trustworthy Computing initiative, and it will continue in upcoming versions of the Microsoft Office System, Exchange Server, and SQL Server.
We’ve heard clearly from our customers that we need to make patches more reliable and easier to manage and deploy. As Steve explained, we’re taking some big steps to make that happen. We have important work to do building enhanced security features, such as those coming in Windows XP Service Pack 2. And we’re delivering better training and education for our customers. These are all crucial things that Microsoft as a company has to do to help improve security for our customers.
Our partners also play a major role in helping customers implement the security features that Microsoft technology offers. Our products serve as a platform for independent software vendors (ISVs) to build on. And the expertise of our delivery partners — the systems integrators (SIs), value added resellers (VARs), and consultants — offer our customers to help them secure their technology environments is equally critical. There are many aspects of security that our partners’ expertise is very well suited to address, including antivirus software, network security and patch management.
PressPass: Antivirus software obviously plays a key role in security, and is something Microsoft has emphasized for both consumers and business customers.
Nash: Absolutely. Installing antivirus software is one of the three key steps we recommend that consumers take immediately to protect their PCs. Antivirus is also a critical piece for maintaining the integrity of a business network, and should be deployed on desktops, servers, gateways and e-mail servers. This is also a key area where we look to partners to provide that value-add for customers.
We are working closely with partners, such as Symantec, Network Associates, Computer Associates, and Trend Micro, who offer powerful antivirus software designed to work with Microsoft products, so our customers have an array of options to build in added security into their networks. For example, several vendors have developed add-ons to our firewall product, Microsoft ISA Server, and to Microsoft Exchange Server to provide customized antivirus solutions. These add-ons help keep e-mail and Web-borne viruses, worms and other malicious mobile code from entering a customer’s network. Together, these products can do a great job of providing customers with great technologies, and improving the security of an organization’s networks.
PressPass: How do partners come into play around issues of network security and patch management?
Nash: Our delivery partners offer Microsoft customers critical expertise to plan, design, and maintain security measures across their technology infrastructure. Global service partners such as CGEY, Getronics and Unisys, for example, offer intensive programs that help assess a company’s infrastructure, identify key security issues, and develop a plan to mitigate any vulnerabilities. Essentially, they help an organization use Microsoft and third-party products to deploy the security technologies most critical to their particular environment and needs.
Our partners also help customers more easily manage software patches. As Steve Ballmer mentioned in his speech, Microsoft is working to make patch management easier for customers. But it’s still important for businesses to have a sound strategy for testing and deploying software patches, and here our customers can really benefit from the expertise that our delivery partners offer.
For example, Avanade is launching a dedicated patch-management offering, based on Microsoft Solutions for Management and the Microsoft Systems Management Server, designed to make it easier for corporate IT departments to manage and deploy software patches. Avanade, I should add, also practices what it preaches; because its network was designed with effective security processes and was up-to-date on all software patches, they were unaffected by the Blaster and SoBig attacks.
Regional and local VARs and consultants support IT needs of small and mid-sized businesses worldwide. Microsoft Certified Partners, and especially Microsoft Gold Certified Partners for Security Solutions, have proven expertise with securing customer environments using the latest Microsoft and third-party technologies, tools and practices. For any organization that does not have in-house security resources, working with a consultant or VAR is absolutely essential to improving the security of their computing environment.
PressPass: Microsoft also provides documentation to help customers implement software securely – do partners play a role in creating that documentation?
Nash: Microsoft TechNet, our Web site to for IT professionals, offers a host of documentation and best practices to help IT administrators implement security features and products within their network. Partners such as PricewaterhouseCoopers have done a great deal to contribute to this documentation. Since they also deliver services based on these materials, customers really stand to benefit from their deep experience.
PressPass: So, how can Microsoft customers learn more about their options for working with Microsoft and Partners to address security needs?
Nash: Well, security is an important issue for all customers, everyone from the consumer worried about a single home computer to the Fortune 500 CIO responsible for a complex, worldwide network, so it depends on the customer’s specific needs. Our partners offer a wide array of solid, effective security products and services, and we encourage our customers to shop around and find the best solution to fit their needs.
Customers with an existing relationship with a solutions integrator or value-added reseller should work through that partner to make sure they have the best security solutions at their disposal. Consumers can go to our Web site to get the latest patches, antivirus software and learn more about firewalls. The site address is http://www.microsoft.com/security . And for business customers, they can learn more about the tools and technologies we produce, our security guides and our various partner offerings here: http://www.microsoft.com/business/security/ .
