Back in December, Microsoft released Forefront Endpoint Protection 2010 (FEP), a suite that provides protection for Windows PCs from malware etc. Used in conjunction with Microsoft System Center Configuration Manager 2007 (MSCCM) businesses can make sure their Windows PC user end points are up to date and secure. In conjunction with BitLocker, Microsoft’s full disk encryption capability, and other security features that come with Windows, such as the Windows firewall, Microsoft now has a comprehensive capability to protect and manage Windows PC end points.

A further worry for its competitors is that business take-up of Windows 7 since its launch in October 2009 has been fairly slow, but this is expected to accelerate rapidly during 2011. A Microsoft large account reseller (LAR), which provides end point management services, told Quocirca that many of its customers are asking to upgrade in the next 12 months. One thing seems certain; when they do this they will review their Windows end point security in light of the offerings from Microsoft. For example, one CISO Quocirca spoke to stated:

“When we move to Windows 7 we will include an evaluation of Forefront and BitLocker alongside existing end point security”

So is Microsoft set to take the end point security market by storm and see off the security specialists that dominate at present such as Symantec, Trend Micro, McAfee and Sophos? In Quocirca’s view probably not; Microsoft has three problems.

First, although Windows 7 is expected to do well in 2011, it is no longer true that Windows-based PCs are the only end point most businesses have to worry about. Microsoft has failed to make much of an inroad into the smartphone market; its market share languishes at below 5%. Nokia/Symbian, Apple/iOS, Google Android and RIM are much more widely used and look set to remain so. 

Furthermore, more tablet computers are increasingly being used to access business IT resources. Gartner predicts 55 million unit sales of Apple’s iPad in 2011 and other hardware vendors are entering the market, many using the Google Android operating system. A CISO from a diehard Microsoft shop, that was an adopter of the forerunner to FEP, Forefront Client Security, told Quocirca that even they now have a “few iPhones and iPads” to worry about.

Vendors that specialise in end point security and management struggle to keep up with this diversity, and Microsoft is not even trying. Worse still, Microsoft does not even support old versions of its own products; FEP is only available for Windows XP and later (not too bad) but BitLocker is only in Windows 7 and Vista (few businesses adopted the later). As for Windows Mobile, don’t even bother—no FEP or BitLocker there. So if you are looking for a common security suite across all end points, Microsoft does not have the answer and it probably never will.

Microsoft’s second problem is that IT security is about much more than user end points. It is about servers, datacentres, networks and the increasing use of on-demand computing services. The revamped Forefront range includes offerings in these areas; Forefront Server Security (for Windows Server SharePoint, Exchange, Lync), Forefront Threat Management Gateway 2010 (was ISA Server) and Forefront Unified Access Gateway 2010 (was Intelligent Application Gateway). But, where businesses can no longer rely on the user end point devices being purely Microsoft, few have ever had such homogeneity at the backend. Most of those wanting a single vendor to cater for the majority of their security needs must look beyond Microsoft.

The third problem Microsoft faces is the channel. It is rolling out Forefront via a new value added distributor (VAD) programme. Its existing distributors are keen to join and capitalise on the Forefront opportunity. However, the resellers they must win over for this to succeed are less convinced. One told Quocirca:

“We always include Microsoft [security products] in a review but it has never come out on top”

Other resellers complain that there is little margin for them in Microsoft security products and they have to fall back on services, which at least there is a requirement for, as some find Microsoft’s products more complicated to deploy than those from other vendors. Furthermore, resellers have their existing relationships with security vendors whose products they have rolled out to their customers; Microsoft must overcome this double incumbency.

One final groan from resellers actually works in Microsoft’s favour. They complain that because Enterprise Agreements and Enterprise CALs (client access licences)—two ways larger businesses can license Microsoft technology—now include many Forefront products; their customers already have paid for the right to use them. When this is the case, there is no incremental product revenue for the reseller. End users must work out for themselves if they have such rights and if the Microsoft security products provide the protection they need—many resellers seem unlikely to highlight it for them.

Microsoft Forefront security will become more widely used in 2011, but there will be few organisations that will be able to rely solely on Microsoft for their IT security needs. There is plenty of opportunity left for the specialist security vendors.