Who is Microsoft security for?

I’ve written before of the innovation, ingenuity, coverage and effectiveness of the Microsoft security stack and I’m in no doubt that they have one of the very best “end-to-end” security control and visibility solutions available. So much for that then, but who is the intended consumer? I come across some understandable confusion when talking to current and potential customers because on the surface MS can look like its focus is on globe-spanning behemoth enterprises, yet it’s true that once you look slightly closer and start to understand the modular “secure as you go” (I’m trademarking that) technologies they offer and how they all fit together, using MS to secure your one man band, start-up, SME, not for profit or criminal syndicate is perfectly viable and cost-effective.

Microsoft has even, say it quietly, started to make the licensing model “friendly”. I do mean “started” – it’s still horrific to navigate and many a good Sales Engineer will still throw their hands in the air after hours spent with Microsoft’s handy “calculators”, muttering “I just need to find out what I need to buy..” , and that’s before tackling how much it is, which is some seriously advanced stuff for another day.

Luckily there is a new breed of partners working with Microsoft as “pure-play” security providers. This is interesting because although we would like to think that security is pervasive, built-in and commoditised, it isn’t, and the need for specialists is greater than ever. It’s interesting too because these partners don’t want to take on the burden of being “full-stack” Microsoft chums, and as little as two years ago, it would have been very difficult to contract in a meaningful way with Microsoft unless you fit the decades-old model – i.e. you were Gold Partner material, keen to specify, sell and maintain everything from Windows licences to Azure CPU and everything in between.

For boutique or specialist security companies, that model is a problem. It’s not viable to take on the challenge of becoming an expert in hundreds of catalogue SKUs just to earn the right to trade in the one or two things you’re actually interested in. The investment in staff and training alone is formidable. The choice was quite stark – make a strategic decision to become a Microsoft “house” or try to get some security piecework through other Microsoft partners. Thankfully things have changed, and, just as ITC has done, it is now not only possible but positively encouraged to become a Microsoft Security Partner – with all the tools for supporting us and, crucially, allowing us to work alongside incumbent “full-stack” Microsoft partners with defined recognition of contribution and the allocation of tasks to each.

This means that customers have more choice. You don’t have to use your Microsoft licencing partner to provide specialist security services on MS platforms like Windows, Defender and Azure. You can, of course, use them, but it’s very easy not to now without ruffling any feathers or breaking any processes. It’s become much easier to access specialist services for both customers and other Microsoft partners – who often need skills they don’t have in-house to bolster a service offering of their own.

This agility in the marketplace is allowing customers of all shapes and sizes to access what were perhaps previously known as “enterprise-grade” services from specialists whose companies look a lot like their own – all shapes and sizes are represented, with a huge and diverse array of skills and experience available. Microsoft is actively encouraging this kind of engagement, alongside working hard to make their security services slightly less opaque and the end-user licencing and consumption models less like some kind of “Crystal Maze” test with the prize of a bill of materials at the end.

The key thing here is that the huge investment Microsoft continues to make in security services research and development has generated, and continues to generate, some really, really good products. And they’re supposed to be for everybody, from individuals through to SMEs and, of course, still the global enterprises. The benefits of the MS security stack work whatever size you are and no matter how many staff you have and how many non-standard applications running on Linux you have in the basement.

If you’re interested in some of the things Microsoft are doing in the security arena but are thinking for whatever reason that those things are not targeted at businesses like yours, let us know, we’re sure you’ll be pleasantly surprised.