Wednesday, May 4, 2011
OK, so we are all hearing about "The Cloud." Cloud this, Cloud that. Vendors talk about it all the time, but are they simply blogging about it and telling their investors about this hot new thing called "The Cloud" or are they also actually delivering products that are specific and optimized and useful to "The Cloud"? Well, Centrify heard all this talk of the "The Cloud," we talked to Cloud providers, and of course talked to our customers, and decided to actually do something about "The Cloud." So after a good deal of research figuring out what customers care about vis a vis securing "The Cloud," and after a good bit of development effort, the other day we released, for free, Centrify CloudTools. CloudTools represents our initial foray into helping customers secure and automate the enforcement of Active Directory-based authentication and access control policies for a variety of Linux servers running within hosted environments such as Amazon EC2. There is a lot more stuff for us to do vis a vis "The Cloud," but every journey begins with some initial steps, and in this blog post I want to discuss the steps we have started to take.
So what are the "Centrify CloudTools"? Centrify CloudTools is an integrated collection of free tools and enhancements to existing products that lets organizations dynamically apply Active Directory-based authentication and access control to Linux systems running within cloud hosting providers such as Amazon EC2 and the RightScale Cloud Management Platform. Centrify CloudTools are available for free to customers of Centrify Suite and are also a new component of Centrify Express 2011. Used in conjunction with the Centrify Suite or Centrify Express, Centrify CloudTools enables an "enterprise-out" approach that establishes Active Directory as the center of trust between enterprise and cloud servers, whether private or hosted, to make them as secure and compliant as those in an on-premises data center.
So why would someone even need Centrify CloudTools? i.e. what's the pain point here? Well, one of the primary benefits of cloud computing is the dynamic nature of the environment in which compute capacity can scale near infinitely to support the growing demands of the IT organization. But in order to manage these cloud-based systems, the security infrastructure must also be automated to allow critical security and compliance policies to be applied consistently as every new system is initialized within a hosted environment. So when Centrify CloudTools are enabled for a newly provisioned Linux server in the cloud, they will immediately secure the root account, lock down the server and join it to the customer's on premises Active Directory domain. In this way, only administrators defined by the licensor of the server, and not the cloud service provider, have access to and control over the server. All access to the server is provided through Active Directory credentials, enabling server activity to be associated with a specific user. Similarly, when a server is terminated from a hosted service, it can automatically be removed from Active Directory.
So what comprises Centrify CloudTools? Key components of Centrify CloudTools include:
As I said above, this is our initial foray with "The Cloud," and we expect to add more tools and best practice guides to our CloudTools in the weeks and months to come, especially as we start to get customer feedback. In my next blogs posts I will drill down a bit more on what we deliver with our Centrify AMI Images and RightScripts. In the mean time, if you want more information please see our white paper, Enforcing Enterprise-Out Security for Cloud Servers, for a full overview of Centrify's solution for dynamically extending an organization's existing enterprise security infrastructure out to cloud-based UNIX and Linux systems