I've been trying to keep one eye on the products vendors are introducing to address the growing IT problem of managing security and compliance, and the recent acquisition of Whale Communications by Microsoft is certainly interesting. Here's what I've learned.
The Whale Communications products are essentially remote access solutions that are designed to provide high levels of security. The company has an excellent technical pedigree, and will probably become a profitable subsidiary in this arena. That said, this acquisition in no way moves Microsoft towards a role as a security and compliance vendor--the Whale suite are merely alternative access methodologies for the huge base of Windows applications and servers, especially the ISA 2006 server.
Here's Microsoft's own statement on their strategic direction, from a June 12 "Press Pass" interview with Ted Kummert, VP of Microsoft's Security, Access and Solutions Division (SASD):
Press Pass: What are the key customer pain points Forefront products seek to address?
Kummert: Customers are facing a broader, more complex and diversely motivated threat landscape. Attacks are increasingly advanced, more carefully targeted and often aimed at specific applications. In protecting themselves from these threats, customers are faced with a vast array of solutions, each of which will protect a given point against a specific threat. However, implementing such a combined collection of security solutions can provoke configuration and integration difficulties, making it more costly and complex to manage, control and report on the security of their environment.
By equipping customers with the ability to effectively secure their environment and securely enable the access scenarios their businesses require, Forefront products will help them unlock the full business value of IT applications and infrastructure.
See the full interview at http://www.microsoft.com/presspass/features/2006/jun06/06-12Security.mspx
In conclusion, IT managers are increasingly pressured to ensure that every system and application is secure from attack on the one hand, and in compliance with increasingly onerous governamental regulations on the other. Truly helpful solutions will continue to come from those vendors who are automating these concerns directly, as opposed to reducing the threat surface of individual applications and protocols. JMACINC will continue to study the NetIQ (now Attachmate) Security & Compliance Suite of products as a feasible and cost-effective approach. See http://www.netiq.com/solutions/regulatory and http://www.netiq.com/solutions/security for the full details.
Refer to www.JMACINC.com for the rest of the story.