Jeff James: Could you talk about Microsoft’s relationship with RSA, working together to develop a modular approach to protecting information, and what you're doing with RSA?
Doug Leland: One of the key dialogues or challenges that customers are facing right now is protecting the information assets that they have as an organization, whether that be HBI—high business impact—data or PII—privacy information that we hold about many of our employees and/or the customers and businesses that we deal with. And as we've seen with the rising publicity around data breaches over the last couple of months and even years, this problem is only growing and it's being exacerbated by the downsizing that's taking place. Now you have the rise of a disgruntled employee who has easy access to the crown jewels of the organization, which is the information.
Given this backdrop, we saw the opportunity to again converge a set of needs around securing information, which has been approached via a market approach which is called data leakage protection. And converge that approach with the enterprise ID management approach, which is all about providing identity-based access information, enabling customers to access information but access it securely and have those access privileges be part of the information itself. So we reached across the aisle to one of our key partners, EMC or RSA (the security division of EMC), to partner at a technology level and a sales and marketing perspective to deliver a unified solution across the classic DLP and the enterprise rights management space, to build a more comprehensive solution that addresses these broader-range needs for securing the information and providing access to the information.
Jeff James: We've heard from readers concerned not only about security and identity in the cloud but also between the cloud and their own on-premises environments. How do you address IT pros’ concerns?
Doug Leland: We’re hearing the same thing from customers, in terms of their desire to take advantage of the cost benefits and economics of being able to operate in a Software+Services environment where they have a choice of running workloads either on-premises, or in the cloud, or some combination of both. And we believe from the company perspective that it's an “and” versus “or.” In other words, we will deliver solutions for use on-premises, but also in the cloud, and those need to be able to easily migrate back and forth, and also to interoperate, meaning customers will live in a hybrid world of some workloads living on-premises and some workloads living in the cloud. Our strategy is to provide protection for those workloads, whether they live on-premises or in the cloud.
A couple of examples: Today, when a customer purchases the Business Productivity Online Suite from Microsoft, it comes protected by Forefront. So, specifically when a customer buys SharePoint Online or Exchange Online, those come already protected with their companion Forefront products, Forefront Security for Exchange or Forefront Security for SharePoint. That is a model we will continue to follow, and we will also build out what you may think of as standalone offerings for cloud-based protection of either non-BPOS workloads or protection of on-premises solutions. A key example already available today is Exchange Hosted Filtering, which provides spam filtering for on-premises Exchange mailboxes.
Jeff James: We’ve heard from readers that using AD is like going to the dentist—you know it's good for you and you know you need to do it, but it can be painful, from an ease-of-use perspective. How do your new products address those concerns, and how will they work with the new AD features in Windows Server 2008 R2?
Doug Leland: As you mentioned, Active Directory is the core, the heart and soul of any good identity infrastructure. Management of that system is key, and it's also consistent with what we're hearing from a customer needs perspective of helping reduce the cost of these systems. So that is an area we focused on for our 2008 release and are continuing to focus on for our upcoming release of Windows Server 2008 R2.
In terms of overall manageability, there are a number of significant advancements that have taken place, and one of them is the adoption of PowerShell. We are using PowerShell for all of our management interfaces, and that has dramatically increased the usability from an IT pro or administrative perspective. We’ve also moved to a task-based paradigm. And within that paradigm, we can more easily identify and walk an admin through a particular task or a set of tasks if that's the way the interface is built up. So, I think customers and administrators will see a huge benefit in terms of the overall manageability of the system.
In addition we offer other products for managing identities and managing the life cycles of those identities and those resources in the organization. One of those is Identity Lifecycle Manager, and that is a tool that is designed to help organizations manage identities (users), manage groups, manage policies associated with those groups, and ultimately help them report on that and meet their compliance needs. ILM 2007 is available for purchase today, and the next major release of that product, Identity Lifecycle Manager version 2, is currently in the release candidate (RC) phase.
Jeff James: Any estimate on when the final release of that might be?
Doug Leland: Well, the testing is going well—we released that RC back in November—and we're getting a lot of great feedback from customers. We have a policy that you're probably familiar with, which is called dogfooding, and that is we won't release our enterprise products until we are running them in our own production environments, so we're working closely with MS IT in deploying that out, scaling that out, right now actually, and we're moving towards the final release in a couple of months.