Posts about 2010

Tom Kemp's Centrify Blog

Tuesday, November 30, 2010

Why sudo and Sync'ing sudoers Files is Not Enough for UNIX Authorization / RBAC

Recently I noticed some vendors are saying "we do UNIX authorization" and "we do UNIX role-based access control" (RBAC), hoping they can score a checkbox next to that category of functionality when it comes to a vendor bake off. But when you peel the layers of the onion back and look under the proverbial hood, in the end what these vendors are really just doing is offering a solution that helps you sync sudoers files. Centrify offers that same capability to sync sudoers files via a Group Policy (and offers IMHO the best implementation of a sudo group policy), but I wanted to take this blog post and discuss why I think sudo and sync'ing sudoers is simply not enough to address UNIX authorization and RBAC, i.e. why enterprises need something more industrial strength.


Wednesday, November 17, 2010

Centrify and Canonical Expand Partnership; Rave Reviews for Centrify Express Continue

Earlier this week we announced an expanded partnership with Canonical, the guys behind Ubuntu Linux. The net net of the relationship is that Canonical is now distributing Centrify's free Active Directory authentication solution, Centrify Express, through its Ubuntu Software Partner Repository.


Monday, October 18, 2010

Centrify Express Now Baked into Ubuntu Repository - aka Ubuntu + Active Directory Integration That Is Not "Broken"

Recently we have been hearing more and more from Ubuntu users regarding their dissatisfaction with some of the other Active Directory integration tools that they can get for free with Ubuntu. The good news is that our free Active Directory integration solution, Centrify Express, is now certified by the makers of Ubuntu and is now in the Ubuntu Partner Repository.

Categories: Centrify Express, Ubuntu, All

Monday, October 11, 2010

Wild Rumpus Continues, Unabated

Periodically I like to give updates on how Centrify is doing business-wise for our customers and partners, as well as for prospective customers. Our Fiscal Year runs from July 1st to June 30, so at the end of September we completed our first Fiscal Quarter (aka "Q1") of the new Fiscal Year. And like the previous company updates I have given, after reflecting back on the achievements over the last 3 months, I am happy to say again "Let the Wild Rumpus Start!"

Categories: Centrify, All

Thursday, October 7, 2010

New Survey Details Mac Usage in Higher Education and Highlights Need for Better AD/Mac Integration

Group Logic, our fellow partner in the Enterprise Desktop Alliance, recently came out with an interesting survey of Mac usage in higher education, and I thought in this blog post I would highlight a few key findings.


Wednesday, October 6, 2010

How Amadeus Addresses PCI Compliance and Security Administration with Centrify

In this blog post is a little detail on why Amadeus selected Centrify and how Amadeus is using Centrify's software on 1000s of UNIX and Linux servers. Amadeus is the leading provider of transaction processing for the travel and tourism industry, processing over 670 million transactions in 2009.


Thursday, September 23, 2010

Centrify Extends Active Directory to the Cloud

Recently at VMWorld Centrify announced our "enterprise-out" strategy of enabling customers to seamlessly leverage their existing security administration, access control and policy management that they get with the combo of Active Directory and Centrify to servers being spun up in the cloud. We also recently announced that we have licensed key intellectual property from Microsoft to better secure cloud systems, and also entered into partnerships with cloud providers such as Savvis. In this blog post I want to discuss at a high level what we started to deliver in regards to securing servers in the cloud, with subsequent blog posts drilling down into specific capabilities.


Monday, September 20, 2010

Centrify Continues to Set the Bar for Platform Support

The release last week of Centrify Suite 2010 Update 2 extends support to over a dozen new UNIX and Linux platforms, bringing the total of non-Microsoft platforms that Centrify bridges into Active Directory to over 250. That is simply far more than any other solution on the market that integrates Active Directory with non-Microsoft systems, on the order of magnitude of approximately 40% more platforms supported.


Monday, September 13, 2010

Centrify Suite and Centrify Express Shine in Recent Competitive Product Reviews

Recently some press and bloggers have been reviewing both the Centrify Suite and Centrify Express. In these reviews our products have shined and have taken top honors when compared to other solutions on the market. In this blog post let me run through the recent reviews and point to some of the key things these reviews found.


Monday, September 13, 2010

Centrify Signs Patent Licensing Agreement with Microsoft to Enable Development of Enhanced Cloud Security Solutions

Earlier this year we signed a technology licensing agreement with Microsoft that gave us the rights to leverage key protocols and patents from Microsoft in the area of securing communications in the cloud, and today we announced that agreement as part of our recent wave of announcements around securing systems and apps deployed in the cloud.

Categories: Centrify, Cloud, Partners, All

Friday, July 30, 2010

Buckle Up With PCI ... It's Becoming the Law

A new Washington state law went into effect earlier this month that makes a business or a credit card processor liable for unauthorized access to credit card information it stores. The key thing with the law is that businesses or processors are not liable if they are PCI DSS compliant, so in effect this further motivates businesses who process credit cards to get compliant. This is part of a growing trend for states to in effect incorporate PCI into state law.


Tuesday, July 27, 2010

First New York Securities Integrates Linux with Active Directory the Centrify Way

I was pleased to see that one of our partners, TekVault, recently issued a press release re: a mutual customer, First New York Securities, who has deployed our software to help the customer manage and secure their fast growing Linux environment.


Friday, July 23, 2010

Viva the Wild Rumpus!

Periodically I like to report on how Centrify is doing for our customers and partners, as well as for prospective customers. Our Fiscal Year runs from July 1st to June 30, so we just ended our latest fiscal year and the final numbers have been tallied up. I have previously given a three month, six month and nine month update of the past Fiscal Year, so here is the "annual report". And like the previous updates, after reflecting back on the achievements over the last 12 months, I am happy to say "Let the Wild Rumpus Start!"

Categories: Centrify, All

Thursday, July 22, 2010

Hello Centrify Express!!! ... Giving Users Much More than Free Active Directory Authentication for Linux

Recently we announced Centrify Express, a free offering for anyone who wants to better integrate non-Microsoft systems with Windows. Please go ahead and visit www.centrify.com/express and download it - by simply entering a valid email address and you are on your way to cross-platform interop nirvana! We are very excited about this announcement as it delivers by far more free capabilities than any other Windows/Active Directory interop solution out there, and it is also the most mature and manageable solution out there. In this blog post I will discuss what Centrify Express is and why we released it.


Monday, May 24, 2010

Hardening VMware vSphere Security and the ESX v4 Console Operating System with Centrify

Recently VMware published its official release of the vSphere 4.0 Security Hardening Guide. I was pleased to see that Centrify was the only third-party identity management vendor called out by VMware to "provide tighter integration with Active Directory" when it recommends to use a directory service product for authentication for the ESX Service Console. While Centrify was called out vis a vis the security requirements around Console OS password policies, in looking at the hardening guide it became readily apparent that the Centrify Suite can address a wide range of vSphere hardening requirements for enterprises, and this blog post gives an example of some of the additional value add Centrify can provide.


Friday, May 21, 2010

Comparing the NSS/PAM Implementations of Samba Winbind and Centrify for Active Directory Integration

Many of our customers want DirectControl to seamlessly integrate with Samba - the de facto industry standard CIFS File Server for Linux and UNIX - so I have blogged a few times about what we offer in terms of Samba interoperability as well as on the technical and architectural details around our Samba integration. But because there is a bit of overlapping capability with what Samba offers and what DirectControl offers, we occasionally get questions on how we compare to what Samba offers, so in this blog post I am going to drill down a bit into two areas of overlapping functionality with DirectControl and Samba's windbind capability.


Wednesday, May 19, 2010

PCI Compliance for UNIX and Linux Servers

With the release of DirectSecure earlier this year and the release of DirectAuthorize last year we have broadened our PCI footprint to address additional PCI requirements, so I want to use this blog post to talk about some of the added requirement we now address.


Wednesday, March 24, 2010

Failed IRS Security Audit Highlights Need for Privileged Identity Management

I saw in Network World a recent article with the headline, "IRS security faults leave taxpayer information at risk." In reading the article and digging down into the actual United States Government Accountability Office (GAO) report (entitled "Information Security: IRS Needs to Continue to Address Significant Weaknesses") that the article uses as its source, it turns out that the major findings in the audit were really about the need for comprehensive privileged identity management within the Internal Revenue Service. In this blog post I will analyze the GAO report and map the report to specific capabilities that Centrify addresses.


Tuesday, March 23, 2010

Happy Birthday Centrify! ...And Celebrating 2000+ Customers

Well it has been 6 years since Centrify was formed. I wish I had a picture of myself and our 2 other founders, Paul Moore and Adam Au, from 6 years ago, but I think we probably look about the same now as we did then, so if a picture of the three of us were to be taken you would not know if it was from 2004 or 2010. It definitely would not be like the classic photo of the original Microsoft employees with the facial hair, the long hair and the big collars.


Monday, March 1, 2010

What is DirectAccess and How You Can Extend it to Non-Microsoft Platforms (e.g. UNIX, Linux)

It was three years ago that Bill Gates made his last appearance at the RSA Conference and introduced the Microsoft vision of "Secure Anywhere Access in a Connected World." It was 2 years later that part of that vision became reality with the introduction of technology in Windows 7 and Windows 2008 R2 called DirectAccess. In this blog post I will give an overview of DirectAccess and discuss how Centrify DirectSecure embraces and extends it to non-Microsoft platforms; i.e. even better together.


Thursday, February 25, 2010

How DirectSecure Encrypts Data in Motion and Why You Need It

DirectSecure can optionally encrypt data in motion. Here are two immediate reasons why you need it.


Tuesday, February 23, 2010

How DirectSecure Can Help Address PCI Network Segmentation and Isolation Requirements

DirectSecure can help you meet PCI DSS requirements around network segmentation and address section 1.2 of PCI regarding restricting connections between untrusted networks.


Monday, February 22, 2010

How DirectSecure Leverages IPsec

In this blog post I will talk more about how DirectSecure works and specifically how it leverages IPsec.


Wednesday, February 17, 2010

Introducing Centrify DirectSecure: Cross-Platform Server Isolation

With the release of Centrify Suite 2010, we introduced two new products: DirectManage and DirectSecure. In this blog post I will discuss what DirectSecure does at a high-level and why customers need it. In later blog posts discuss how it works, give some use cases, and then discuss how it extends Windows 7 DirectAccess to cross-platform environments.


Wednesday, February 17, 2010

Introducing Centrify DirectManage: Making the Centrify Suite Even Easier to Deploy and Manage

One common dilemma that software vendors face is when they pack more features and functions into their products, those products become more difficult to use, manage and deploy, and therefore a major upgrade can actually represent a step backwards in the customer's eyes. The best example for me personally is Office 2007 - after a year on Office 2007 I still find I am not as productive in using this new version vs. the older version. Centrify has been very cognizant of that classic software vendor dilemma, and since day 1 we have historically invested in making our software not only functionally rich, but also easy to deploy/use/manage, as well as very non-intrusive (e.g. no AD schema mods, no painful UNIX UID rationalizing, no kernel mods, etc.). Our goal has been to NOT have our customers 'manage the management system.' The recently introduced DirectManage is another step in this vision, and in this blog post will talk about what DirectManage is and what it does.


Tuesday, February 16, 2010

Introducing Centrify Suite 2010: An Active Directory Bridge to Privileged Identity Management

Five years and one week ago Centrify entered the market with the announcement of DirectControl version 1.0. Today, we are pleased to announce the release of Centrify Suite 2010. In five years we have gone from 1 product to 5 products, from a few beta sites to over 1500 customers including some of the largest enterprises in the world, and from a classic Silicon Valley startup to a mature, profitable software company with staff throughout the world. In this blog post let me talk about some of the new products and new features that make up Centrify Suite 2010.


Friday, February 12, 2010

DirectControl for Mac OS X Adds Key New Features; Gets Certified by Department of Defense

At MacWorld we announced the release of DirectControl version 4.4 for Apple Mac OS X. With this release we expanded the number of Mac-centric Group Policies we offer, added support for FileVault, further enhanced our Snow Leopard support and delivered tighter integration with Group Logic's ExtremeZ-IP. We are also proud to announce that our support for the government Common Access Card (CAC) was certified by the Department of Defense Joint Interoperability Test Command (JITC).


Thursday, January 21, 2010

Is Your IT Staff Sharing Passwords (e.g. root, oracle, etc.)? This Could Spell Big Trouble... Very Big Trouble

As many of my blog readers may recall, for the last year or so I have been banging on the "superuser privilege management" drum which is all about "trusting, but verifying" what privileged users (e.g. systems administrators, DBAs, etc.) and their accounts (e.g. root) can do and auditing actions taken by those privileged/superusers. It was with a great deal of interest that I read in Network World that a financial services firm had to notify 1.2 million customers of a data breach - not because they found an actual breach of data, but because six usernames and passwords have been shared by administrators over the last 10 ten years.


Tuesday, January 12, 2010

Centrify Delivers First McAfee Compatible Solution for the Mac Platform

On Monday we announced that a special McAfee-certified package of Centrify DirectControl for Mac OS X is now available for use with McAfee's ePolicy Orchestrator.


Tuesday, January 5, 2010

Let the Wild Rumpus Start! (Redux)

I am pleased to announce that last quarter (i.e. quarter ending December 2009) was another record quarter for us, capping off a great year of year-to-year growth in the face of a tough economy. The last two quarters were in fact by far the two best quarters we ever had as a company, and, like last quarter, we were again profitable. So I say again: "LET THE WILD RUMPUS START!"