Back in December 2010 Microsoft released its Forefront Endpoint Protection 2010 (FEP) suite that provides protection from malware and other threats.
Used in conjunction with Microsoft System Center Configuration Manager 2007 (MSCCM), Windows BitLocker for encryption and the Windows Firewall, businesses can make sure their Windows desktops and laptops are up to date and secure, something most businesses value. Microsoft now has a comprehensive capability to protect and manage Windows PC end-points.
Microsoft hopes that with a big channel drive, 2011 could be the breakthrough year for FEP and that it will prove to be an effective challenge to Trend Micro Worry-Free Business Security, Symantec Endpoint Protection V12 (released in Feb 2011), the McAfee Endpoint Protection Suite and other products from security specialists.
This hope is bolstered by the expected acceleration of the take-up of Windows 7. Although research conducted in 2010 show that Windows 7 was quite widely used amongst SMBs, conversations with resellers and service providers suggests this is rarely an across the board commitment especially amongst larger businesses. However, some Microsoft large account resellers say they expect many more enterprises to make the move in 2011.
When businesses do move to Windows 7, they tell me they will review their Windows end-point security at the same time and the Microsoft will be on the list. So is Microsoft set to take the end-point security market by storm? In my view probably not; it has three problems.
Businesses now have more end-points to worry about than just PCs, and beyond the PC Microsoft is currently an “also ran”. Its market share of the smartphone market languishes below 5%. Microsoft hopes its new partnership with Nokia will reverse its fortunes, but that would take time.
Furthermore, the use of tablets/slates is increasing in businesses. Gartner predicts 55M unit sales of Apple’s iPad in 2011, and the market will be further boosted by other hardware vendors that have entered the market, many using the Google Android operating system.
Whilst vendors that specialise in end-point security and management struggle to keep up with this diversity, Microsoft is not even trying. Worse still, Microsoft does not even support old versions of its own products – FEP 2010 is only available for Windows XP and later and but BitLocker is only in Windows 7 and Vista. And there is no FEP or BitLocker for Windows Mobile.
Microsoft’s second problem is that IT security is about much more than user end-points. It is about servers, data centres, networks and the increasing use of on-demand computing services. The revamped Forefront range includes offerings in these areas; Forefront Server Security, Forefront Threat Management Gateway and Forefront Unified Access Gateway.
But, where businesses can no longer rely on the user end-point devices being purely Microsoft, few have ever had such homogeneity at the backend. Most of those wanting a single vendor to cater for the majority of their security needs must look beyond Microsoft to the specialists.
The third problem Microsoft faces is the channel. Some of its existing distributors are keen to join a new value added distributed programme for Forefront. However, many of the resellers they must win over are not convinced with some saying that in evaluations Microsoft Forefront still fails to come out on top.
They also complain that there is little margin for them in Microsoft security products and they have to fall back on services, which at least there is a requirement for, as some find Microsoft’s products more complicated to deploy than those from other vendors. Furthermore, resellers have existing relationships with security vendors whose products they have rolled out to their customers; Microsoft must overcome this double incumbency.
One final groan from resellers actually works in Microsoft’s favour. They complain that because Enterprise Agreements and Enterprise CALs (client access licences) – two ways larger businesses can licence Microsoft technology – now include many Forefront products; their customers already have paid for the right to use them.
When this is the case, there is no incremental product revenue for the reseller. End users must work out for themselves if they have such rights and if the Microsoft security products provide the protection they need – many resellers seem unlikely to highlight it for them.
Microsoft Forefront will become more widely used in 2011, but there will be few organisations that will be able to rely solely on Microsoft for their IT security needs. There is plenty of opportunity left for the specialist security vendors and most resellers seem unlikely to jump ship from them to Forefront in 2011.