MS Reorg Frees Security Wares

Microsoft's reorganization will also affect its Security Business & Technology Unit, and its security products could benefit.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

The recently announced reorganization at Microsoft Corp. will also bring changes to the companys Security Business & Technology Unit that could raise the profile of the companys security products, according to a company executive.

Microsoft will move development and marketing of several security products out of the SBTU and into the Windows Server Division, including the ISA (Internet Security and Acceleration) Server, Windows RMS (Rights Management Services), Sybari Software Inc.s enterprise anti-virus and anti-spam technology, and Terminal Services, said Amy Roberts, director of product management in the SBTU.

Microsoft said last week that it was reorganizing the company into three new divisions: Microsoft Platform Products & Services Division, Microsoft Business Division and Microsoft Entertainment & Devices Division. The shake-up is intended to make the Redmond, Wash., company more agile as it moves into the services arena and competes with companies such as Google Inc.

/zimages/1/28571.gifDo Googles parts make up a whole that is capable of altering the IT balance of power? Click here to read more.

While little was said about the impact of the reorganization on Microsofts security operation, Roberts acknowledged last week that the reorganization will split the SBTU in two, separating the products from Microsofts security group.

Development of Microsofts core security technology will continue to be the responsibility of developers who work within the SBTU, but management of the products will be the responsibility of the Windows Server Division, which is under the leadership of Bob Muglia, she said.

"This will give [the SBTU] a laser focus on Windows and on security leadership of the company," Roberts said.

The SBTU will continue to work on security within Windows, as well as client-based security products such as Windows OneCare, the companys desktop firewall, anti-virus and anti-spyware technology. The SBTU will also continue to be responsible for the Microsoft Security Response Center, which manages updates for the companys products; the Microsoft Trustworthy Computing SDL (Security Development Lifecycle) program; and security education for employees and customers, Roberts said.

/zimages/1/28571.gifTo read more about Windows OneCare, click here.

E-mail security technology the company acquired with FrontBridge Technologies Inc. will be managed by the companys Exchange Server division, a company spokesperson said.

Microsoft believes that moving ISA, RMS, anti-virus and Terminal Services under the Windows Server Division will make it easier to build integrated management features for those technologies and simplify deployment, Roberts said.

However, the SBTU will continue to play an important role in the development of those technologies and in other security technologies at the company, Roberts said.

Those changes aside, Roberts downplayed the impact of the reorganization on the SBTU or Microsofts security operation.

The SBTU and the Windows Server Division are both in the new Microsoft Platform Products & Services Division and are housed in the same building on the Redmond campus, which ensures that decision makers in those groups will see each other, Roberts said.

The companys renewed focus on services such as MSN and the creation of a new Entertainment & Devices Division wont make security less of a priority or require substantial changes to the way the SBTU does business or communicates with development groups within the company, she said.

"Security is baked into the DNA of the development groups within the company. Those relationships have strengthened over time, but I dont see that the reorg has any impact on that one way or the other," she said.

SBTU researchers are studying the security of mobile and embedded devices as well as gaming platforms closely, but Roberts denied that the reorganization will change those ongoing efforts.

Breaking off Microsofts stand-alone security products to focus the SBTU on Windows and security components that are embedded in the operating system is probably a good idea, said Chris Christiansen, an analyst at IDC, in Framingham, Mass.

"Its never a good thing to mix products with embedded features. It gets messy in terms of customer expectations," Christiansen said.

Christiansen said that Microsoft and the SBTU have done a good job improving the security of the companys products but that Microsoft will need to have a central security authority for years to come to have "one neck to choke" on security issues.

"[Microsoft] is clearly making progress, but security is still more of a negative than a positive [for the company]," Christiansen said.

The reorganization might also resolve a conflict within the SBTU, which was expected to manage software products and make a profit but also serve as the companys security "conscience," said John Pescatore, an analyst at Gartner Inc., in Stamford, Conn.

"The SBTU wasnt moving very quickly in getting security products out the door," Pescatore said. "This split is basically saying: Product groups are supposed to ship products."

Breaking the security products out from under the SBTU might make it easier for Microsoft to push out regular product updates and enhancements, in line with competitors such as Symantec Corp., Pescatore said.

/zimages/1/28571.gifClick here to read about the latest updates to Symantecs consumer security package.

However, Microsoft must still emphasize security improvements in its operating system that, hopefully, make security products unnecessary, Pescatore said.

"The role of their product is to give customers the best Windows experience possible, so if thats something that means they sell less anti-virus technology, thats good," Pescatore said.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.