Partnering with Microsoft Security Partners

By Thomas Dawkins
Group Product Manager, Microsoft Security Access and Solutions Division

See other Viewpoint articles.

Microsoft's promises to IT pros and developers have their roots in the years of conversations we have had with customers worldwide to understand their problems and needs—past, present, and anticipated in the future. Security is a top priority both for Microsoft and for our partners and, with our promise to "protect information, control access," we look to our trusted security partners to help us address the changing landscape of threats and compliance demands that impact business agility and growth.

By the year 2008, security will be a 52 billion-dollar market. As more and more companies increase their focus on security and begin to make investments based on security needs, there are new business opportunities for partners who provide security solutions and services. More importantly, however, there are new opportunities for you, the customer, to improve the security of your systems and processes by taking advantage of a broad, partner-based security solution landscape.

What We Saw

Before revising the Security Solutions Competency in 2005, my team and I spent time talking with our security partners about the competency. They provided us with a lot of insight about their experience with the competency and about where we should focus our efforts to make the competency more relative to their business. We also talked with our fellow Microsoft team members in the field, and with top Chief Security Officers (CSOs), to gain insight into the customer perspective on the value of working with Microsoft security partners.

What We Learned

What did we discover? First, we found that field reps and customers often were not aware of the full capabilities and current skills of our security partners. We also learned that what CSOs value, above all, when working with a partner is the partner's industry experience and industry security certifications. We used this insight to make considerable changes to the Security Solutions Competency, with regard to both the requirements and the core benefits. The result has been a more satisfying and effective security solution experience for customers, from a skilled and experienced security partner ecosystem.

What We Changed

In late 2005, the Microsoft Security Solutions Competency became the first Microsoft Partner Program competency to include as core elements both the rigorous and sought-after third-party validation from the Information Systems Audit and Control Association (ISACA) and the International Information Systems Security Certification Consortium (ISC)², and the relevant Microsoft security certifications. The restructured competency features two new specializations—one that is focused on security management for those partners who focus on more “technology agnostic” services such as security policy, governance, compliance, risk assessment, risk management, and auditing, and the other that is focused on infrastructure security, which is the technical side of the equation.

The Security Solutions Competency Today

By working with today's Microsoft security partner, businesses can benefit from engaging a partner who understands change management, change control, risk assessment, and the impact that these and other security-related processes have on a business's overall security policy.

To become a Security Solutions Competency partner, an organization must meet stringent requirements that prove an understanding of the basic and advanced concepts of securing an IT infrastructure. The partner must also have individuals on its team who have industry certifications like the ISACA and (ISC)² certifications, both of which are well-respected by CSOs and security professionals around the world. Partners in the Security Solutions Competency also:

• Have proven expertise in deploying and managing Microsoft security products in the context of a customer's security policy.

• Understand the impact that their work has on the security of a customer's IT infrastructure.

• Ensure that their work represents the full scope of the industry knowledge that comes with their Microsoft and security industry certifications.

Many Security Solutions Competency partners also have expertise in Microsoft product deployment and management services, in which security is included as a value-added service to differentiate their services from the services offered by their competitors.

As we execute our new Microsoft Forefront security product strategy and evolve our products under this brand, we will help our security partners advance the promotion of their new service offerings that include our new comprehensive and integrated security product portfolio.

Conclusion

In the past two years, the number of partners in the Security Solutions Competency has experienced triple-digit growth, and over 14,000 partner resources have received training around our security guidance and products. We continue to receive a lot of great feedback from partners, and from many of our customers, about the value of the competency as a tool to better prepare and qualify partners for helping businesses to achieve safe and secure access to critical business information through comprehensive security solutions. To find a Microsoft Security Solutions Competency for your next project, read the article "Finding the Right Security Partner", and visit https://directory.microsoft.com.

"By being in the Security Solutions Competency, we have stayed up-to-date on the latest products, strategies, tools, and services offered by Microsoft in the area of security. Being that security is core to our business, this link into Microsoft around our core business competency has been extremely valuable for us and for our customers!" – Rich Dorfman, VP Sales and Services, Convergent Computing