All seemed quiet on the security front at Microsoft until last fall, when the company announced several new products in rapid succession. Amid the noise surrounding Windows 7 and Windows Server 2008 R2, Microsoft quietly strengthened its case for its new positioning—providing “business-ready security”—by introducing Forefront Protection for Exchange, followed closely by Forefront Threat Management Gateway (TMG) 2010 and Forefront Unified Access Gateway (UAG) 2010. TMG lets companies provide safe web browsing to users. UAG gives users secure remote access to business resources.
George Podolak, director of IT at New York-based architectural firm Pei Cobb Freed & Partners, recently talked about the challenges he faced as one of a two-member IT team supporting 150 web-savvy users serving security-conscious clients such as high-profile banks and the Louvre Museum in Paris.
“We work with people who are very cognizant of their data and they don’t want their information—preliminary drawings, for example—splashed on the Internet,” Podolak said. “We’ve always had a good perimeter defense. We regulate very well what comes in. But the thing that has always bothered me is egress—anyone could go out to a malware site and infect the entire system.”
Podolak said that he’s always taken a fairly liberal stance with regulating users’ access to the Internet. “We have really smart kids coming in here and they’re used to using Facebook. It would be easy to say we’re just going to cut off Facebook for everybody, but that’s sort of counterproductive. It’s not Facebook I’m worried about, it’s what you can access from Facebook.”
After using or evaluating various point solutions for years, Podolak adopted Microsoft’s Forefront TMG and Forefront UAG solutions in the Technology Adoption Program (TAP). John (JG) Chirapurath, Microsoft’s director of the identity and security business group, explained how these solutions fit with Microsoft’s three-pronged security strategy. “We’re focused on three things,” Chirapurath said. “One is the ability to protect data and let users access it anywhere. Second is ensuring that security is integrated but extensible. Third is that security is simple to deploy and easy to manage.”
Chirapurath said that one of the key tenets of Microsoft’s business-ready security strategy is helping IT pros resolve the “tension between being protective and granting access.” Chirapurath pointed out the increase in web use in businesses, and the commensurate increase in corporate exposure to malware. He also noted that phishing rose in the first half of 2009, according to a Microsoft Security Intelligence Report. TMG, which was based on ISA Server 2006, provides URL filtering, anti-malware, and intrusion-prevention technologies combined with firewall and VPN protection. Chirapurath said that TMG is the first product to rely on cloud computing technology—it uses Microsoft Reputation Services, a Microsoft-hosted cloud-based system that maintains a database that helps protect customers from malicious sites. UAG helps IT pros grant mobile workers access to business resources through PCs and mobile devices by supporting Windows DirectAccess, which enables seamless, always-on connectivity.
Echoing the constant refrain of IT pros in the economic downturn, Podolak said that Microsoft’s Forefront products helped him consolidate his security toolkit. “I was looking at different technologies for everything—email filtering, URL filtering,” Podolak said. “I needed a comprehensive strategy for dealing with all the threats, and a console, and the ability to produce reports so I could prove to clients that we have a secure system.”
Chirapurath said that the Forefront tools are appropriate for companies large and small primarily because they’re easy to use, one of the legacies of their ISA Server roots. Chirapurath called ISA Server “one of those products that was loved across the board because it was “easy to deploy and easy to use.”
Although Podolak said that his company is among the smallest in Microsoft’s pilot program, he’s observed that the security problems faced by his small company and large enterprises are essentially the same. Although the price of the Forefront tools was competitive, he felt that the reason the products were compelling for small companies was because they were easy to use. For companies with small IT organizations and unlimited resources, simplified management can trump lots of other considerations, Podolak said. “We have the same problems, but it’s even more difficult because we have less staff.”
If Podolak’s early assessment is any indication, Microsoft’s new security tools follow an ongoing trend of helping IT pros manage increasingly complicated scenarios with fewer resources.