Microsoft's Security Push Will Start Off Shaky, But Just Wait

With its Forefront product line, Microsoft must convince businesses it's a reputable player in the security market. But just give it three years.
When it comes to the IT ailments that have made security such a big business, there are lots of companies selling Band-Aids but relatively few looking for cures. Microsoft's creation of Forefront, a single brand for its security products, indicates that the company knows where the money is in this market.

Hint: Band-Aids.

The Forefront line, unveiled last week, will include Microsoft's software for protecting business PCs, its Antigen software for servers that came from the Sybari Software acquisition, and its Internet Security & Acceleration Server for analyzing network traffic, among other products. The first of the rebranded products are due later this year, and the rest are expected in the first half of 2007.

While Microsoft didn't talk about any new security technologies, its establishment of an umbrella product line shows that it's preparing to get serious about the market. Still, it will be difficult for the company to emerge as a powerful player, at least at first.

For starters, Microsoft will have to convince businesses that it's the solution to, rather than the source of, their security problems. "You've got people asking why they should pay to plug the holes created by the products that Microsoft sells," says Andrew Braunberg, an analyst with Current Analysis.

Also, many businesses already have bought the type of products found in the Forefront line from established security vendors such as McAfee, Symantec, and Trend Micro. Plus, Microsoft tends to move at glacial speeds when it comes to delivering new product versions, particularly when it tries to include them as features within Windows.

As a result of these and other factors, it will be "a good three years" before Microsoft starts making notable security sales to big companies, Gartner VP John Pescatore predicts. "Businesses don't try the first version of anything, and they wait for version 3 of anything from Microsoft."

Give It Three Years

Eventually, though, Microsoft will influence how its competitors price and package their security wares. Many businesses would prefer to have security features within the operating systems they use. Competing security vendors could struggle to match Microsoft's ability to offer that. If businesses can reduce their spending on antivirus software, they can shift their security budgets toward more important emerging technologies, such as network access control. "We see the standalone security market dying out over the next three to four years," Braunberg predicts.

Indeed, even doubtful Microsoft customers say there's no question about the need for integrated security. "Microsoft has a huge row to hoe in terms of creating a good reputation around security," says Joanne Kossuth, CIO at Franklin W. Olin College. Still, "security has to become a no-brainer for users," Kossuth says. "It's got to be integrated into the products they use."

Symantec appears to have seen the writing on the wall and has diversified into storage and security management, most notably acquiring storage software maker Veritas. McAfee also wants to get more involved with security management, a business it won't be able to grow if it sticks strictly to the anti-malware software market.

The question isn't really whether Microsoft will be able to sell a lot of Forefront licenses--it will--but rather whether conforming to the current security market model best serves its customers. Perhaps the company's resources would be better spent ensuring that Vista and Longhorn ship on time and are more secure than their predecessor, eliminating the need for so many Band-Aids.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing