Security Centre

Comprehensive security: How Microsoft helps protect your business

Latest Business News
Social networking offers huge opportunities to retailers
CBI says manufacturing outlook poor but improving
Nationwide expresses concern for economic recovery

View the full archive

Subscribe to the latest market news feedSubscribe to feed
Get your free MSAT toolkit today.
 
Contact Us
Call us to discuss your business requirements
Speak to an IT Expert
Find a Microsoft partner who can answer your business needs:
Enter Postcode:
Search by Category
 

Related Links

Microsoft Security home page

Security in Windows Vista

Microsoft Forefront

Microsoft Security Response Center

Microsoft Security Response Center Blog

Data can be vulnerable anywhere — from the edge of the network all the way to the desktop. But integrated security technology helps provide a reliable defense. Microsoft's security applications work together to keep data safe, within the firewall, on the network, and on PCs themselves. Here is a look at integrated security and why it is so important.

In Summary:

Ensure your security tools deal with the three areas of concern: the boundary of the network, servers, and desktops.

Deploy security tools that stop sensitive documents from being sent outside the network, as well as tools that stop malicious applications from coming in.

Use role-based security processes to ensure that employees have appropriate access in current roles, and when they change jobs.

Document and data protection

Within any company, the staff creates a number of sensitive documents, such as employee reviews, marketing plans, and product designs. It's important to make sure unauthorized people — employees or outsiders — cannot obtain access to those documents. One of the best ways to protect data is to invoke security capabilities on the hard disk itself. With the Windows Server 2003 Encrypting File System feature, you can encrypt folders (including My Documents) before creating sensitive files within them; as a result, files are encrypted by default, upon creation.

BitLocker Drive Encryption is a new data protection feature available in Windows Vista Enterprise and Ultimate editions. BitLocker addresses the very real threats of data loss or disclosure from lost, stolen, or inappropriately decommissioned PC hardware, with a tightly integrated drive encryption solution that also provides for the integrity checking of early start-up components. With mobile PCs becoming the mainstream computing platform for businesses, the unintentional exposure of data on user machines presents corporations with a growing problem. BitLocker Drive Encryption allows companies to realize the benefits of mobile computing while helping to reduce risk and enable better compliance.

Microsoft Exchange Server 2007 includes the ability to use Windows Rights Management Services (RMS) functionality — which allows an author to set restrictions on how recipients can open, modify, print, or take other actions with a file. With RMS, Exchange users can send rights-protected e-mail across a network, or enable recipients to open rights-protected e-mail when they are disconnected from the network.

Outsourcing services

Sometimes it's hard for a small IT department to stay aware of the onslaught of "phishing" experiments, viruses, and spyware — in addition to regular monitoring and patch management. That's when it's nice to give those responsibilities to a third-party security provider. For midsize businesses looking for software-as-a-service (SaaS) capabilities for messaging security and management, Microsoft Exchange Hosted Services helps organizations:

protect themselves from "malware" (viruses and other malicious software) within e-mails;

satisfy retention requirements for compliance;

encrypt data to preserve confidentiality;

and preserve access to e-mail during and after emergency situations.

Network protection at the "edge"

No matter what security technology you have within applications and on servers, it helps to have an electronic sentry at the outermost boundary of the network, also known as the "edge." Such a device can guard against hackers and malware before they enter your network, which means your IT department doesn't have to spend time cleaning up damage. The Microsoft Internet Security & Acceleration Server acts as a two-way gateway to protect your network from Internet-based threats. At the same time, it works as a security tool for both remote-office access and Web-access protection.

Server protection

Most midsize companies have at least two or three servers from which to run applications and manage tasks: a file and print server for storing and managing documents and applications, an e-mail server for processing e-mail and instant messaging applications, and a Web server to run your organization's intranet and public Web site and associated data and applications. These devices are protected from infiltration by the technologies that sit on the edge.

But as companies increasingly collaborate with companies and individuals around the globe, they might have computers that are directly connected to partners' computers. Such connections might be required to update inventory information, for instance, and bypass the traditional network to transmit information as quickly as possible. Because of this peer-to-peer connection, you need to consider the threat of malware that may come in through foreign networks or machines connected directly to your network servers.

Forefront Security for SharePoint helps businesses protect those servers running Office SharePoint Portal Server 2007 and Windows SharePoint Services 3.0 from viruses, unwanted files, and inappropriate content.

Because viruses and worms frequently gain entrance through e-mail, Forefront Security for Exchange Server protects the e-mail infrastructure from infection and downtime. To avoid the traditional slowdown that security measures cause, its performance capabilities are now better so that e-mail delivery is unaffected.

In the first half of 2007, Microsoft releases its Security for Office Communications Server product, based on the Antigen server protection product line. While most viruses and worms infect computer systems through the Web and e-mail, hackers are creating a new kind of threat that can access corporate networks through portals and instant messaging applications. Security for Office Communications Server is designed to address those threats.

Client device protection

Since companies are increasingly issuing laptops so employees can be productive when they are away from the office, and those devices tend to have wireless connections, it's important to protect them separately from your corporate networks and servers. Previously known as Microsoft Client Protection, Forefront Client Security is an integrated security tool for protecting any client device, whether desktops or laptops. Forefront Client Security guards against newer threats, such as spyware and rootkits, as well as against traditional threats, such as viruses, worms, and Trojan horses.

Identity management

If your company started as a small business, you probably have a great deal of trust in your original employees; in fact, you may have given them more responsibility over the years. Even so, it's important to ensure that their access to corporate data is aligned with their responsibilities. For instance, someone who was transferred from human resources to manufacturing, no matter how trustworthy, should no longer have access to employee records.

To help handle these requirements, Microsoft's Identity Integration Server stores identity information for companies with multiple directories of users. It provides a unified view of all known users, applications, and network resources.

You also need to keep track of employees as they join the company, and as they depart. System Center Certificate Lifecycle Manager (part of Windows Server 2003) helps IT staff keep track of digital certificates and smart cards, using multiple levels of authentication.

Frequently, IT professionals need to set up digital identify and access rights across security and enterprise boundaries. In this scenario, Active Directory Federation Services (also part of Windows Server 2003) extends the ability of employees, customers, partners, and suppliers to use single sign-on capability when they need to access multiple Web-based applications.

Systems management

A key adjunct to security is availability and reliability — that is, the assurance that your computers and network are up when employees need them to be, and that they're adequately protected. That's why security is a key component of systems management, in terms of protecting network data as employees are using it. For instance, even though it handles data management and analysis, SQL Server 2005 also provides features for availability and security; it includes native data encryption, secure default settings, and password policy enforcement.

Typically, upgrading applications can mean either adding features or adding security components — critical but sometimes onerous tasks. Systems Management Server helps companies handle configuration management by updating both Microsoft software and third-party applications efficiently and safely. With the release of the next version, Systems Management Server 2003 will be known as System Center Configuration Manager 2007. Similarly, Windows Server Update Services (WSUS) is designed to deploy updates to Microsoft's server and desktop operating systems. Using WSUS lets you manage the distribution of updates on an incremental basis, to smooth their implementation and reduce the IT department's workload.

Guidance and development tools

For more on Microsoft security, visit the Microsoft Security Development Center.