I've been doing a little light reading on my flight to Edinburgh this afternoon. I'm in Scotland for meetings with Partners over the next couple of days to talk about Core IO and these two whitepapers are very pertinent to those discussions.
The first is a whitepaper from EMA talks about why, with the release of Forefront Security and System Center Management tools, now is the time for partners to get a grasp of the technologies and take real advantage of the fact Microsoft is the first vendor to converge both management and security to address real issues in these areas. It's got some interesting quotes that I wanted to highlight:
"IT professionals struggle to strike a balance between IT and business priorities. Airtight control versus unfettered access; information privacy versus information availability; acceptable risks, such as those required to capitalize on business opportunity, versus unacceptable risks, such as those posed by the threat of exploit or attack. When this balance cannot be struck to the satisfaction of customers and partners as well as business stakeholders, conflict often results. For example, when poorly integrated policy enforcement denies legitimate IT resource access to authorized users, both IT costs and frustration rises—for users, IT professionals, and business owners alike."
It all boils down to simplification at the end of the day and making sure that even the most complex security solutions are manageable. EMA spoke to one CISO (Chief Information Security Officer) who stated:
“Our suppliers often don’t really get one of the most important requirements of security management, and that is simply this: all the various tools need to be managed as a coherent whole. I don’t need another antivirus product or vulnerability scanner, unless and until it works together with all the other tools in my organization. Even if it’s better, I don’t want it until it speaks the same language as tools that understand what could be affected by an attack or exploit. That lack of integration is a serious impediment to security management.”
Which makes me think that to get over the objection of having "another" security product we need to ensure that the overall ROI of implementing a holistic security management solution is clear. I like the next excerpt and I'm going to be using it in my meetings when talking about Microsoft's approach to Core IO:
Microsoft’s strategy delivers the ability for the partner to move the customer up the maturity curve more smoothly and quickly, via a set of products that literally deliver increased maturity “in a box.”
Having a strategic conversation with CIO's/CTO's within customers allow for the topic of maturity to come up. By talking about the IO Maturity model and then showing which Microsoft products can allow the customer to move up the model help to turn the conceptual into something real where costs, timelines and resources can be attributed. Thus the proposition becomes real and the deal moves forward.
Anyway, those are my thoughts. This applies more to the mid and large size businesses so would appreciate your comments. I'm interested to hear if you are a customer whether this is something that rings true with you or if you are a partner and are planning to take up the Core IO strategy or perhaps you are already experiencing success with it - either way drop me a comment.
Small Business Partners and customers - what are your thoughts, which parts of this post appeal - do you see how this might translate into something that might be viable for your business? Do you think that Small Business Server is your route to IT maturity "in a box"? In fact that's an interesting topic in itself don't you think - I'm going to think about that some more and post again soon.
Download the whitepapers here: