Going back to Bill Gates' 2007 keynote at the RSA Conference, Microsoft has long sought to integrate security and identity management, and promised to deliver secure access anywhere. Last July, it went so far as to create its new Identity and Security division, uniting those companion groups to form a new technology and platform development division.
On Thursday, Microsoft will further its vision with a slew of announcements in advance of this year's RSA show, which starts Tuesday in San Francisco. While some of the announcements are branding plays, there are tangible enhancements to the Forefront suite of integrated security products that touch upon this integration of identity and security and fall under the umbrella of a beta 2 offering of Stirling, which is the next generation of Forefront.
Primary among those is Microsoft's first security software as a service offering: Forefront Online Security for Exchange. JG Chirapurath, director of Microsoft's identity and security business group said the new cloud offering will filter messages in the cloud using multiple scanning engines for virus and spam detection. User identities, meanwhile, can remain on-premises inside Active Directory in an organization's Exchange boxes. IT managers are allowed to make a policy-centric decision as to what information around user identities, for example, will live in the hosted Exchange environment versus on-premises. Microsoft said this is the first in a line of SaaS announcements coming out of the Forefront suite.
Microsoft has also rebranded its identity lifecycle manager as Forefront Identity Manager.
"Microsoft has done a good job to bring a big-picture view of security and identity. The execution is going to be challenging," said Gartner research vice president Earl Perkins. "It's possible with the scale and resources of someone like Microsoft, but if you look at history, this will be difficult to achieve."
Microsoft's ambition here is to meld all things security under Stirling, and manage it all from a central console. But Microsoft is notorious for product delays, and Stirling is not exception. Beta 1 was released during last year's RSA Conference and version 1 was expected in Q1 of this year. That did not happen and Microsoft said earlier this year it would delay Stirling's full-fledged release until late this year, or early 2010.
"It's not rocket science, it's just the ability to get it out in a timely manner and immediately show value," Perkins said. "This is not a hallmark in the past, I think that's concerning. There's not a lot of identity participation associated with Stirling Beta 2 yet. The contribution here is minimal. Overall, it's more the vision than the execution."
Perkins did add that Microsoft has huge edge in Active Directory and its ubiquity as an underlying platform for identity management.
"It's theirs to lose. It just needs to be done," Perkins said. "Other competitors are moving into this space, especially around the integration of security and events management, DLP and entitlement management. It's an active market, and competitors are not going to stand still."
Stirling is a comprehensive security suite, and includes several client, server and application security products, including Forefront Threat Management Gateway (formerly ISA Server), Forefront Client Security, Forefront Security for Exchange Server and Forefront Security for SharePoint, under a common management console.
Beta 2 also includes Security Assessment Sharing, which gathers events from third-party products under the Forefront management console. Microsoft said 10 partners will announce integration with SAS, including Juniper, RSA Security, Brocade, Kaspersky, TippingPoint, Imperva, StillSecure, Q1 Labs, Sourcefire and Guardium.