Building a Security Practice

2
SEPTEMBER 2003 Market Opportunity Customers currently prioritize security higher than any other IT investment. More than 90% have detected security breaches and are looking to experts to make them more secure. The top opportunity for Microsoft’s® partners are these top three spending priorities for ALL size markets: security, antivirus, and firewalls 1 . In security software, training, and hardware, growth rates are estimated to be between 23-38% 2 . With improved security and performance in Windows Server® 2003 and Windows® XP Professional, customers running Windows NT® Servers (10 million Windows NT worldwide) will be compelled to upgrade. Urgency to address security needs: With the ever impending arrival of new security threats, customers are shortening their deployment cycle around security projects to protect themselves against unforeseen attacks. Many of the Microsoft technologies such as MBSA, IIS Lockdown Wizard and Baseline Urlscan are free downloads or are included in Windows 2003 or Exchange Server 2003. These security technologies are a readily available set of enhancements that you simply need to initiate for your customers. Key Market Scenarios Microsoft has identified the following as key scenarios for Microsoft partners on Microsoft technologies. 1. Secure Wireless, VPN, and Perimeter: Enables companies to increase information worker productivity by extending a security enhanced corporate network. Primary technologies involve ISA Server, Windows Server 2003 VPN, and 802.11x solutions. 2. Secure Management and Operations: Includes patch management and virus detection and involves: Desktop lockdown with Windows XP Professional and Microsoft Office System; server lockdown with Windows Server 2003 and IIS; and security policy management with AD Group Policy and Windows XP Professional. 3. Identity and Access Management: Addresses the need to limit access to corporate systems and data, and “Single sign-on.” 1 1 Building a Security Practice www.microsoft.com/partner/security INITIATIVE Wireless Outlook® Web Access VPN & SmartCard Firewall (ISA Server) SECURE NETWORKS Patch Policies (SUS) SECURE MANAGEMENT AND OPERATIONS Mobility Encrypted File Systems Info Rights Mgmt (Office) SECURE DATA TRANSFER Key Security Scenarios (continued from front) Windows XP Professional Windows Server 2003 1 CMP Media LLC, Technology Solutions Group, 2003 2 IDC, The Big Picture: IT Security Software, Hardware and Services Forecast and Analysis, 2001-2005 (Dec 2001, IDC #26311) © 2003 Microsoft Corporation. All rights reserved. Microsoft, Outlook, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Part No. X09-98435 PARTNER GUIDE “As we increasingly rely on the Internet to communicate and conduct business, a secure computing platform has never been more important. Along with the vast benefits of increased connectivity, new security risks have emerged on a scale that few in our industry fully anticipated.” —Bill Gates Security Overview Incidents such as Code Red, Nimda, and Slammer were a wake-up call for all. Today, companies are making IT security a priority. As IT experts, you can offer your skills to conduct security assessments and set up processes for your customers to address their priorities. With you, security solutions can start with simple things you can do with your customers such as: 1) keeping them up-to-date on patches, 2) using antivirus software and keeping it up-to-date with the latest signatures, 3) using firewalls and offering new barriers to entry. Many of the Microsoft technologies such as MBSA, IIS Lockdown Wizard, and Baseline Urlscan are free downloads or are included in Windows 2003 and Exchange Server 2003 and are a readily available set of enhancements that you simply need to initiate for your customers. Microsoft’s Security Go-to-market initiative gives you the resources you need to start building a security practice. Who Should Participate? Partners who want to offer their customers security services, software, training, and support. Key Microsoft Technologies Windows Server 2003 (including IIS Server) Internet Security and Acceleration Server Windows XP Professional Additional Microsoft technologies include: - Microsoft Baseline Security Analyzer - Windows Update - Software Update Services - Systems Management Server - Microsoft Office 03MIC336_Partner_Guide_F14.qxd 1/12/04 12:43 PM Page 1

description

Building a Security Practice

Transcript of Building a Security Practice

  • S E P T E M B E R 2 0 0 3

    Market Opportunity Customers currently prioritize security higher

    than any other IT investment. More than 90%have detected security breaches and are lookingto experts to make them more secure. The topopportunity for Microsofts partners are thesetop three spending priorities for ALL sizemarkets: security, antivirus, and firewalls1.

    In security software, training, and hardware,growth rates are estimated to be between 23-38%2.

    With improved security and performance inWindows Server 2003 and Windows XPProfessional, customers running Windows NTServers (10 million Windows NT worldwide) will becompelled to upgrade.

    Urgency to address security needs: With the everimpending arrival of new security threats,customers are shortening their deployment cyclearound security projects to protect themselvesagainst unforeseen attacks. Many of the Microsofttechnologies such as MBSA, IIS Lockdown Wizardand Baseline Urlscan are free downloads or areincluded in Windows 2003 or Exchange Server2003. These security technologies are a readilyavailable set of enhancements that you simplyneed to initiate for your customers.

    Key Market ScenariosMicrosoft has identified the following as keyscenarios for Microsoft partners on Microsofttechnologies.

    1. Secure Wireless, VPN, and Perimeter: Enablescompanies to increase information worker

    productivity by extending a security enhancedcorporate network. Primary technologies involveISA Server, Windows Server 2003 VPN, and802.11x solutions.

    2. Secure Management and Operations: Includespatch management and virus detection andinvolves: Desktop lockdown with Windows XPProfessional and Microsoft Office System; serverlockdown with Windows Server 2003 and IIS; andsecurity policy management with AD GroupPolicy and Windows XP Professional.

    3. Identity and Access Management: Addresses theneed to limit access to corporate systems anddata, and Single sign-on.

    11Building a Security Practicewww.microsoft.com/partner/security

    INITIATIVE

    Wireless

    Outlook Web Access

    VPN & SmartCard

    Firewall (ISA Server)

    SECURE NETWORKS

    Patch Policies (SUS)

    SECURE MANAGEMENTAND OPERATIONS

    Mobility

    Encrypted File Systems

    Info Rights Mgmt (Office)

    SECURE DATA TRANSFER

    Key Security Scenarios

    (continued from front)

    Windows XPProfessional Windows Server 2003

    1 CMP Media LLC, Technology Solutions Group, 20032 IDC, The Big Picture: IT Security Software, Hardware and Services Forecastand Analysis, 2001-2005 (Dec 2001, IDC #26311)

    2003 Microsoft Corporation. All rights reserved. Microsoft, Outlook, Windows, Windows NT, and WindowsServer are either registered trademarks or trademarks of Microsoft Corporation in the United States and/orother countries. The names of actual companies and products mentioned herein may be the trademarks of theirrespective owners. Part No. X09-98435

    P A R T N E R G U I D E

    As we increasingly rely on the Internet to communicate and conduct business, asecure computing platform has never been more important. Along with the vastbenefits of increased connectivity, new security risks have emerged on a scale that few in our industry fully anticipated. Bill Gates

    Security OverviewIncidents such as Code Red, Nimda, and Slammer were a wake-up call for all. Today, companies are making ITsecurity a priority.

    As IT experts, you can offer your skills to conduct security assessments and set up processes for your customers toaddress their priorities. With you, security solutions can start with simple things you can do with your customerssuch as: 1) keeping them up-to-date on patches, 2) using antivirus software and keeping it up-to-date with thelatest signatures, 3) using firewalls and offering new barriers to entry.

    Many of the Microsoft technologies such as MBSA, IIS Lockdown Wizard, and Baseline Urlscan are free downloadsor are included in Windows 2003 and Exchange Server 2003 and are a readily available set of enhancements thatyou simply need to initiate for your customers.

    Microsofts Security Go-to-market initiative gives you the resources you need to start building a security practice.

    Who Should Participate?Partners who want to offer their customers security services, software, training, and support.

    Key Microsoft Technologies Windows Server 2003 (including IIS Server)

    Internet Security and Acceleration Server

    Windows XP Professional

    Additional Microsoft technologies include: - Microsoft Baseline Security Analyzer- Windows Update- Software Update Services- Systems Management Server- Microsoft Office

    03MIC336_Partner_Guide_F14.qxd 1/12/04 12:43 PM Page 1

  • Developers and PC Installers Sales and Marketing Technical

    Circulate this Partner Guide to the relevant people in your organization so they can synch up their activities to leverage Microsoft support.

    This table identifies Best Bets for all your people throughout the Security Go-to-market initiative, based on their roles in the sales/deployment cycle.

    Best Bets: Security Resources for Microsoft PartnersFind live links to all of these resources at www.microsoft.com/partner/security

    Assign Skilled StaffEvaluate market opportunitiesto find the best match for yourcompanys skills (see TechnicalSkills Assessment Tools) andplan goals and activities for theSecurity initiative.

    Circulate the WindowsServer 2003 and ISAServer Partner GuidesWith partner-exclusive selling,deployment, and developmentresources around WindowsServer 2003 and ISA Server.

    Become a GoldCertified Partner forSecurity SolutionsGet the recognition youdeserve for your expertise inoffering security solutions. TheMicrosoft Gold Certified PartnerProgram identifies companiesthat have proven expertise inspecialized areas.

    Partner with YourPeers to Offer End-to-End Solutions Engage with complimentarypartners with differentspecialization to help build yourWindows-based connectedinfrastructure with securityfeatures.

    Offer a Free CustomerSecurity AssessmentWhen you offer a two-hoursecurity assessment, Microsoftwill promote you to customerson Microsoft.com/security.

    Position WindowsSecurity vs. LinuxClear up misconceptions aboutsecurity strengths of Windowsvs. Linux with talking points andhard data that shows thatWindows is a more secureplatform. Linux had morevulnerabilities during 2002 thanall versions of MicrosoftOperating Systems combined.Find more on this topic online.

    Send a Direct Mailing Provide customers with simpletips including security patchmanagement and virusprotection, and become theirtrusted advisor. Microsoftstemplates can help.

    Generate CustomerDemandUse Microsoft marketingtemplates, messaging,customer-ready presentationsand take advantage of specialtradeshow and seminaropportunities to create demandthrough marketing, presentations,events, and Solution Sellingmaterials for Security.

    Conduct SecurityAssessmentsUse the Microsoft SecurityAssessment Project Guide towalk you through an effectiveassessment.

    Obtain SecurityCertificationsMicrosoft Certified SystemsEngineer (MCSE) and MicrosoftCertified Systems Administrator(MCSA): Security on MicrosoftWindows 2000 certificationidentifies systems engineers andsystems administrators whospecialize in implementingsecurity on the Microsoft platformand as part of a security-enhancedcomputing environment.

    Use the ISA ServerVPN Deployment KitDeployment Kit shows how toinstall a VPN. Patterns andPractices are also available forpartners with larger customers.

    Deliver PatchManagement ServicesTell your customers on-site orremotely to reduce securityrisk using the Software UpdateServices.

    Utilize MicrosoftsPrescriptive GuidanceNine different Security ProjectGuides walk through step-by-step jobs and include MicrosoftProject 2002 templates withdetails on time and peopleresources.

    DEPLOYMENT AND SUPPORT ACTIVITIES:SALES AND MARKETING ACTIVITIES:DEVELOPER AND PC INSTALLER ACTIVITIES:PLANNING ACTIVITIES:

    Review the current IDC Security study:IDC, the Big Picture: IT Security Software, Hardwareand Services Forecast and Analysis to better understandthe business opportunities associated with building asecurity practice.

    L

    E

    A

    R

    N

    Recommended for ISVs and Developers:Improving Web Application Security: Threats andCountermeasures gives you a solid foundation fordesigning, building, and configuring security-enhancedASP.NET Web applications to help make sure that yourWeb applications are hack-resilient.

    L

    E

    A

    R

    N

    Security Solution Selling Training:Microsoft uses solution selling for its worldwideEnterprise sales staff. Now Microsoft is extending thistraining to partners. Find new ways to generate leads,qualify opportunities, expand initial opportunities, andshorten sales cycles with positioning statements,interest-creating statements, sample sponsor lettersspecifically written for selling security solutions.L

    E

    A

    R

    N

    Security Technical Training: Security Hands-on-Labs for Partners: Outlines the

    requirements for the publication of network resources forexternal access via the Internet. Covers ISA Server, MBSA,Windows 2000 hardening, and security-enhanced servermail configurations.

    Security 3-day Workshop: Covers three key securityscenariosManagement and Operations, Identity andAccess Management, and Secure Wireless, VPN, andPerimeter for the IT implementers. Check with your localMicrosoft office for availability.

    L

    E

    A

    R

    N

    MSDN SecurityDeveloper CenterHelps developers increasesoftware security by providingsupporting resources andcommunities.

    ISA Server SDK The Internet Security andAcceleration (ISA) Serversoftware development kit (SDK)includes documentation andsample code, allowing third-party developers to extend theproduct by creating componentsthat work with, and build on,ISA Server.

    Build More Secure PCsFind out tips and tricks forSystem Builders to bettersecure PCs with Windows 2003Server, Microsoft BaselineSecurity Analyzer, and moresteps you can take to bettersecure your customers.

    PLAN BUILD SELL DEPLOY/SUPPORT

    Business Development Managers

    03MIC336_Partner_Guide_F14.qxd 1/12/04 12:43 PM Page 2