S E P T E M B E R 2 0 0 3

Market Opportunity Customers currently prioritize security higher

than any other IT investment. More than 90%have detected security breaches and are lookingto experts to make them more secure. The topopportunity for Microsofts partners are thesetop three spending priorities for ALL sizemarkets: security, antivirus, and firewalls1.

In security software, training, and hardware,growth rates are estimated to be between 23-38%2.

With improved security and performance inWindows Server 2003 and Windows XPProfessional, customers running Windows NTServers (10 million Windows NT worldwide) will becompelled to upgrade.

Urgency to address security needs: With the everimpending arrival of new security threats,customers are shortening their deployment cyclearound security projects to protect themselvesagainst unforeseen attacks. Many of the Microsofttechnologies such as MBSA, IIS Lockdown Wizardand Baseline Urlscan are free downloads or areincluded in Windows 2003 or Exchange Server2003. These security technologies are a readilyavailable set of enhancements that you simplyneed to initiate for your customers.

Key Market ScenariosMicrosoft has identified the following as keyscenarios for Microsoft partners on Microsofttechnologies.

1. Secure Wireless, VPN, and Perimeter: Enablescompanies to increase information worker

productivity by extending a security enhancedcorporate network. Primary technologies involveISA Server, Windows Server 2003 VPN, and802.11x solutions.

2. Secure Management and Operations: Includespatch management and virus detection andinvolves: Desktop lockdown with Windows XPProfessional and Microsoft Office System; serverlockdown with Windows Server 2003 and IIS; andsecurity policy management with AD GroupPolicy and Windows XP Professional.

3. Identity and Access Management: Addresses theneed to limit access to corporate systems anddata, and Single sign-on.

11Building a Security Practicewww.microsoft.com/partner/security

INITIATIVE

Wireless

Outlook Web Access

VPN & SmartCard

Firewall (ISA Server)

SECURE NETWORKS

Patch Policies (SUS)

SECURE MANAGEMENTAND OPERATIONS

Mobility

Encrypted File Systems

Info Rights Mgmt (Office)

SECURE DATA TRANSFER

Key Security Scenarios

(continued from front)

Windows XPProfessional Windows Server 2003

1 CMP Media LLC, Technology Solutions Group, 20032 IDC, The Big Picture: IT Security Software, Hardware and Services Forecastand Analysis, 2001-2005 (Dec 2001, IDC #26311)

2003 Microsoft Corporation. All rights reserved. Microsoft, Outlook, Windows, Windows NT, and WindowsServer are either registered trademarks or trademarks of Microsoft Corporation in the United States and/orother countries. The names of actual companies and products mentioned herein may be the trademarks of theirrespective owners. Part No. X09-98435

P A R T N E R G U I D E

As we increasingly rely on the Internet to communicate and conduct business, asecure computing platform has never been more important. Along with the vastbenefits of increased connectivity, new security risks have emerged on a scale that few in our industry fully anticipated. Bill Gates

Security OverviewIncidents such as Code Red, Nimda, and Slammer were a wake-up call for all. Today, companies are making ITsecurity a priority.

As IT experts, you can offer your skills to conduct security assessments and set up processes for your customers toaddress their priorities. With you, security solutions can start with simple things you can do with your customerssuch as: 1) keeping them up-to-date on patches, 2) using antivirus software and keeping it up-to-date with thelatest signatures, 3) using firewalls and offering new barriers to entry.

Many of the Microsoft technologies such as MBSA, IIS Lockdown Wizard, and Baseline Urlscan are free downloadsor are included in Windows 2003 and Exchange Server 2003 and are a readily available set of enhancements thatyou simply need to initiate for your customers.

Microsofts Security Go-to-market initiative gives you the resources you need to start building a security practice.

Who Should Participate?Partners who want to offer their customers security services, software, training, and support.

Key Microsoft Technologies Windows Server 2003 (including IIS Server)

Internet Security and Acceleration Server

Windows XP Professional

Additional Microsoft technologies include: - Microsoft Baseline Security Analyzer- Windows Update- Software Update Services- Systems Management Server- Microsoft Office

03MIC336_Partner_Guide_F14.qxd 1/12/04 12:43 PM Page 1

Developers and PC Installers Sales and Marketing Technical

Circulate this Partner Guide to the relevant people in your organization so they can synch up their activities to leverage Microsoft support.

This table identifies Best Bets for all your people throughout the Security Go-to-market initiative, based on their roles in the sales/deployment cycle.

Best Bets: Security Resources for Microsoft PartnersFind live links to all of these resources at www.microsoft.com/partner/security

Assign Skilled StaffEvaluate market opportunitiesto find the best match for yourcompanys skills (see TechnicalSkills Assessment Tools) andplan goals and activities for theSecurity initiative.

Circulate the WindowsServer 2003 and ISAServer Partner GuidesWith partner-exclusive selling,deployment, and developmentresources around WindowsServer 2003 and ISA Server.

Become a GoldCertified Partner forSecurity SolutionsGet the recognition youdeserve for your expertise inoffering security solutions. TheMicrosoft Gold Certified PartnerProgram identifies companiesthat have proven expertise inspecialized areas.

Partner with YourPeers to Offer End-to-End Solutions Engage with complimentarypartners with differentspecialization to help build yourWindows-based connectedinfrastructure with securityfeatures.

Offer a Free CustomerSecurity AssessmentWhen you offer a two-hoursecurity assessment, Microsoftwill promote you to customerson Microsoft.com/security.

Position WindowsSecurity vs. LinuxClear up misconceptions aboutsecurity strengths of Windowsvs. Linux with talking points andhard data that shows thatWindows is a more secureplatform. Linux had morevulnerabilities during 2002 thanall versions of MicrosoftOperating Systems combined.Find more on this topic online.

Send a Direct Mailing Provide customers with simpletips including security patchmanagement and virusprotection, and become theirtrusted advisor. Microsoftstemplates can help.

Generate CustomerDemandUse Microsoft marketingtemplates, messaging,customer-ready presentationsand take advantage of specialtradeshow and seminaropportunities to create demandthrough marketing, presentations,events, and Solution Sellingmaterials for Security.

Conduct SecurityAssessmentsUse the Microsoft SecurityAssessment Project Guide towalk you through an effectiveassessment.

Obtain SecurityCertificationsMicrosoft Certified SystemsEngineer (MCSE) and MicrosoftCertified Systems Administrator(MCSA): Security on MicrosoftWindows 2000 certificationidentifies systems engineers andsystems administrators whospecialize in implementingsecurity on the Microsoft platformand as part of a security-enhancedcomputing environment.

Use the ISA ServerVPN Deployment KitDeployment Kit shows how toinstall a VPN. Patterns andPractices are also available forpartners with larger customers.

Deliver PatchManagement ServicesTell your customers on-site orremotely to reduce securityrisk using the Software UpdateServices.

Utilize MicrosoftsPrescriptive GuidanceNine different Security ProjectGuides walk through step-by-step jobs and include MicrosoftProject 2002 templates withdetails on time and peopleresources.

DEPLOYMENT AND SUPPORT ACTIVITIES:SALES AND MARKETING ACTIVITIES:DEVELOPER AND PC INSTALLER ACTIVITIES:PLANNING ACTIVITIES:

Review the current IDC Security study:IDC, the Big Picture: IT Security Software, Hardwareand Services Forecast and Analysis to better understandthe business opportunities associated with building asecurity practice.

L

E

A

R

N

Recommended for ISVs and Developers:Improving Web Application Security: Threats andCountermeasures gives you a solid foundation fordesigning, building, and configuring security-enhancedASP.NET Web applications to help make sure that yourWeb applications are hack-resilient.

L

E

A

R

N

Security Solution Selling Training:Microsoft uses solution selling for its worldwideEnterprise sales staff. Now Microsoft is extending thistraining to partners. Find new ways to generate leads,qualify opportunities, expand initial opportunities, andshorten sales cycles with positioning statements,interest-creating statements, sample sponsor lettersspecifically written for selling security solutions.L

E

A

R

N

Security Technical Training: Security Hands-on-Labs for Partners: Outlines the

requirements for the publication of network resources forexternal access via the Internet. Covers ISA Server, MBSA,Windows 2000 hardening, and security-enhanced servermail configurations.

Security 3-day Workshop: Covers three key securityscenariosManagement and Operations, Identity andAccess Management, and Secure Wireless, VPN, andPerimeter for the IT implementers. Check with your localMicrosoft office for availability.

L

E

A

R

N

MSDN SecurityDeveloper CenterHelps developers increasesoftware security by providingsupporting resources andcommunities.

ISA Server SDK The Internet Security andAcceleration (ISA) Serversoftware development kit (SDK)includes documentation andsample code, allowing third-party developers to extend theproduct by creating componentsthat work with, and build on,ISA Server.

Build More Secure PCsFind out tips and tricks forSystem Builders to bettersecure PCs with Windows 2003Server, Microsoft BaselineSecurity Analyzer, and moresteps you can take to bettersecure your customers.

PLAN BUILD SELL DEPLOY/SUPPORT

Business Development Managers

03MIC336_Partner_Guide_F14.qxd 1/12/04 12:43 PM Page 2