Conceding its previous efforts to differentiate security partners were ‘broken,” Microsoft is beefing up its Security Solutions Competency third-party program by requiring them to be formally certified.
The new requirements, announced this week, call for Microsoft security partners to pass certification tests from International Information Systems Security Certification Consortium (ISC)2 and Information Systems Audit and Control Association (ISACA).
According to Thomas Dawkins, a Microsoft group product manager responsible for security partner strategy, this is one of the first times that Microsoft has required external industry certifications for its partners. He says that the goal is to help Microsoft’s partners more effectively position themselves. Left unsaid is that Microsoft is striving to re-emphasize that the company is getting serious about security.
The certifications include ISACA’s CISM (Certification for IT Security Management), a certification established three years ago that covers people, processes, policy, and overall governance. It requires the passing of a test, plus at least five years experience in IT security governance, risk management, info security program management, info security management (the day to day stuff), and incident response management.
Kent Anderson, managing director of Network Risk Management LLC, and member of ISACA’s CISM Certification Board, characterizes CISM as the people side of security. Businesses have realized that security is more than a technical problem, he said.
The other piece, represented by the 16-year old CISSP (Certified Information Systems Security Professional), will be optional for Microsoft partners. CISSP involves a test of 250 multiple choice questions covering topics such as access control systems, cryptography, and security management practices.
Microsoft’s requirements are in two categories: basic, which comprises the ISACA, (ICP)2, and Microsoft Certified Professional (MCP) certifications; and advanced, which adds requirements; and advanced, which adds certification as Microsoft Certified systems Engineer (MSCE).
The requirements will be enforced when each partnership comes up for annual renewal. Dawkins estimates that roughly 80% of those already in the security partner program have passed the various certifications.