Microsoft has played down the significance of plans to make third-party security certifications mandatory for partners, claiming most would already hold them.
The software giant has two specialisations under its security competency: infrastructure and management. Due to the changes, certified partners specialising in security infrastructure are also required to obtain certification from the International Information Systems Security Certification Consortium (ISC)2. Those wanting to maintain a security management specialisation would need to have staff certified by the Information Systems Audit and Control Association (ISACA).
The new global requirements are the first time Microsoft has specified that resellers uphold certifications from third-party organisations. Local partner group director, Kerstin Baxter, said the changes were reflective of the broader approach being taken by security providers and the industry as a whole.
"Security is more than just technology; it's also practices and methodologies," she said. "It's not just about Microsoft's ISA or a desktop virus solution. We wanted to make sure the security competency was reflective not just of product, but of wider industry issues."
Microsoft was now consulting with its 10 security partners to confirm they had all met the new third-party requirements.
Although there were reports that Microsoft was working on providing discounts for some of the certification classes, Baxter said it had not yet discussed any options locally.
Dimension Data marketing manager, Martin Aungle, said the integrator had no concerns about the changes, as it already boasted of the largest contingents of engineers with Certified Information Systems Security Professional qualifications from (ISC)2 in Australia. It also had several technicians certified by ISACA. DiData is a Microsoft gold certified partner.
"Specialist Microsoft security skills don't cover the gamut of security infrastructure in terms of ensuring security right across a range of computer networks," Aungle said. "It's good to recognise a holistic approach, and particularly so for Microsoft, whose software is so pervasive in that environment."
Baxter said Microsoft was also attempting to bolster its security partner database by identifying channel players who were already putting together security solutions and matching them with its customers.
The vendor was currently running a local security campaign to engage mid-sized customers with partners who had obtained competencies, she said.