Identity consolidation and privileged access management across Windows, Linux, and UNIXEnterprise Edition
Detailed auditing of privileged user sessions on Windows, Linux and UNIXPlatinum Edition
Dynamic segmentation and isolation of cross-platform systemsApplication Edition
Secure, centralized single sign-on to on-premises business applications
Single sign-on and unified management for cloud and mobile apps and devicesMac Edition
Centralized security and management for Macs and mobile devicesPremium Edition
SaaS and Mac Editions combined with mobile security management
Recently I noticed some vendors are saying "we do UNIX authorization" and "we do UNIX role-based access control" (RBAC), hoping they can score a checkbox next to that category of functionality when it comes to a vendor bake off. But when you peel the layers of the onion back and look under the proverbial hood, in the end what these vendors are really just doing is offering a solution that helps you sync sudoers files. Centrify offers that same capability to sync sudoers files via a Group Policy (and offers IMHO the best implementation of a sudo group policy), but I wanted to take this blog post and discuss why I think sudo and sync'ing sudoers is simply not enough to address UNIX authorization and RBAC, i.e. why enterprises need something more industrial strength.
Earlier this week we announced an expanded partnership with Canonical, the guys behind Ubuntu Linux. The net net of the relationship is that Canonical is now distributing Centrify's free Active Directory authentication solution, Centrify Express, through its Ubuntu Software Partner Repository.
Recently we have been hearing more and more from Ubuntu users regarding their dissatisfaction with some of the other Active Directory integration tools that they can get for free with Ubuntu. The good news is that our free Active Directory integration solution, Centrify Express, is now certified by the makers of Ubuntu and is now in the Ubuntu Partner Repository.
Periodically I like to give updates on how Centrify is doing business-wise for our customers and partners, as well as for prospective customers. Our Fiscal Year runs from July 1st to June 30, so at the end of September we completed our first Fiscal Quarter (aka "Q1") of the new Fiscal Year. And like the previous company updates I have given, after reflecting back on the achievements over the last 3 months, I am happy to say again "Let the Wild Rumpus Start!"
Group Logic, our fellow partner in the Enterprise Desktop Alliance, recently came out with an interesting survey of Mac usage in higher education, and I thought in this blog post I would highlight a few key findings.
In this blog post is a little detail on why Amadeus selected Centrify and how Amadeus is using Centrify's software on 1000s of UNIX and Linux servers. Amadeus is the leading provider of transaction processing for the travel and tourism industry, processing over 670 million transactions in 2009.
Recently at VMWorld Centrify announced our "enterprise-out" strategy of enabling customers to seamlessly leverage their existing security administration, access control and policy management that they get with the combo of Active Directory and Centrify to servers being spun up in the cloud. We also recently announced that we have licensed key intellectual property from Microsoft to better secure cloud systems, and also entered into partnerships with cloud providers such as Savvis. In this blog post I want to discuss at a high level what we started to deliver in regards to securing servers in the cloud, with subsequent blog posts drilling down into specific capabilities.
The release last week of Centrify Suite 2010 Update 2 extends support to over a dozen new UNIX and Linux platforms, bringing the total of non-Microsoft platforms that Centrify bridges into Active Directory to over 250. That is simply far more than any other solution on the market that integrates Active Directory with non-Microsoft systems, on the order of magnitude of approximately 40% more platforms supported.
Recently some press and bloggers have been reviewing both the Centrify Suite and Centrify Express. In these reviews our products have shined and have taken top honors when compared to other solutions on the market. In this blog post let me run through the recent reviews and point to some of the key things these reviews found.
Earlier this year we signed a technology licensing agreement with Microsoft that gave us the rights to leverage key protocols and patents from Microsoft in the area of securing communications in the cloud, and today we announced that agreement as part of our recent wave of announcements around securing systems and apps deployed in the cloud.
A new Washington state law went into effect earlier this month that makes a business or a credit card processor liable for unauthorized access to credit card information it stores. The key thing with the law is that businesses or processors are not liable if they are PCI DSS compliant, so in effect this further motivates businesses who process credit cards to get compliant. This is part of a growing trend for states to in effect incorporate PCI into state law.
I was pleased to see that one of our partners, TekVault, recently issued a press release re: a mutual customer, First New York Securities, who has deployed our software to help the customer manage and secure their fast growing Linux environment.
Periodically I like to report on how Centrify is doing for our customers and partners, as well as for prospective customers. Our Fiscal Year runs from July 1st to June 30, so we just ended our latest fiscal year and the final numbers have been tallied up. I have previously given a three month, six month and nine month update of the past Fiscal Year, so here is the "annual report". And like the previous updates, after reflecting back on the achievements over the last 12 months, I am happy to say "Let the Wild Rumpus Start!"
Recently we announced Centrify Express, a free offering for anyone who wants to better integrate non-Microsoft systems with Windows. Please go ahead and visit www.centrify.com/express and download it - by simply entering a valid email address and you are on your way to cross-platform interop nirvana! We are very excited about this announcement as it delivers by far more free capabilities than any other Windows/Active Directory interop solution out there, and it is also the most mature and manageable solution out there. In this blog post I will discuss what Centrify Express is and why we released it.
Recently VMware published its official release of the vSphere 4.0 Security Hardening Guide. I was pleased to see that Centrify was the only third-party identity management vendor called out by VMware to "provide tighter integration with Active Directory" when it recommends to use a directory service product for authentication for the ESX Service Console. While Centrify was called out vis a vis the security requirements around Console OS password policies, in looking at the hardening guide it became readily apparent that the Centrify Suite can address a wide range of vSphere hardening requirements for enterprises, and this blog post gives an example of some of the additional value add Centrify can provide.
Many of our customers want DirectControl to seamlessly integrate with Samba - the de facto industry standard CIFS File Server for Linux and UNIX - so I have blogged a few times about what we offer in terms of Samba interoperability as well as on the technical and architectural details around our Samba integration. But because there is a bit of overlapping capability with what Samba offers and what DirectControl offers, we occasionally get questions on how we compare to what Samba offers, so in this blog post I am going to drill down a bit into two areas of overlapping functionality with DirectControl and Samba's windbind capability.
With the release of DirectSecure earlier this year and the release of DirectAuthorize last year we have broadened our PCI footprint to address additional PCI requirements, so I want to use this blog post to talk about some of the added requirement we now address.
I saw in Network World a recent article with the headline, "IRS security faults leave taxpayer information at risk." In reading the article and digging down into the actual United States Government Accountability Office (GAO) report (entitled "Information Security: IRS Needs to Continue to Address Significant Weaknesses") that the article uses as its source, it turns out that the major findings in the audit were really about the need for comprehensive privileged identity management within the Internal Revenue Service. In this blog post I will analyze the GAO report and map the report to specific capabilities that Centrify addresses.
Well it has been 6 years since Centrify was formed. I wish I had a picture of myself and our 2 other founders, Paul Moore and Adam Au, from 6 years ago, but I think we probably look about the same now as we did then, so if a picture of the three of us were to be taken you would not know if it was from 2004 or 2010. It definitely would not be like the classic photo of the original Microsoft employees with the facial hair, the long hair and the big collars.
It was three years ago that Bill Gates made his last appearance at the RSA Conference and introduced the Microsoft vision of "Secure Anywhere Access in a Connected World." It was 2 years later that part of that vision became reality with the introduction of technology in Windows 7 and Windows 2008 R2 called DirectAccess. In this blog post I will give an overview of DirectAccess and discuss how Centrify DirectSecure embraces and extends it to non-Microsoft platforms; i.e. even better together.
DirectSecure can help you meet PCI DSS requirements around network segmentation and address section 1.2 of PCI regarding restricting connections between untrusted networks.
With the release of Centrify Suite 2010, we introduced two new products: DirectManage and DirectSecure. In this blog post I will discuss what DirectSecure does at a high-level and why customers need it. In later blog posts discuss how it works, give some use cases, and then discuss how it extends Windows 7 DirectAccess to cross-platform environments.
One common dilemma that software vendors face is when they pack more features and functions into their products, those products become more difficult to use, manage and deploy, and therefore a major upgrade can actually represent a step backwards in the customer's eyes. The best example for me personally is Office 2007 - after a year on Office 2007 I still find I am not as productive in using this new version vs. the older version. Centrify has been very cognizant of that classic software vendor dilemma, and since day 1 we have historically invested in making our software not only functionally rich, but also easy to deploy/use/manage, as well as very non-intrusive (e.g. no AD schema mods, no painful UNIX UID rationalizing, no kernel mods, etc.). Our goal has been to NOT have our customers 'manage the management system.' The recently introduced DirectManage is another step in this vision, and in this blog post will talk about what DirectManage is and what it does.
Five years and one week ago Centrify entered the market with the announcement of DirectControl version 1.0. Today, we are pleased to announce the release of Centrify Suite 2010. In five years we have gone from 1 product to 5 products, from a few beta sites to over 1500 customers including some of the largest enterprises in the world, and from a classic Silicon Valley startup to a mature, profitable software company with staff throughout the world. In this blog post let me talk about some of the new products and new features that make up Centrify Suite 2010.
At MacWorld we announced the release of DirectControl version 4.4 for Apple Mac OS X. With this release we expanded the number of Mac-centric Group Policies we offer, added support for FileVault, further enhanced our Snow Leopard support and delivered tighter integration with Group Logic's ExtremeZ-IP. We are also proud to announce that our support for the government Common Access Card (CAC) was certified by the Department of Defense Joint Interoperability Test Command (JITC).
As many of my blog readers may recall, for the last year or so I have been banging on the "superuser privilege management" drum which is all about "trusting, but verifying" what privileged users (e.g. systems administrators, DBAs, etc.) and their accounts (e.g. root) can do and auditing actions taken by those privileged/superusers. It was with a great deal of interest that I read in Network World that a financial services firm had to notify 1.2 million customers of a data breach - not because they found an actual breach of data, but because six usernames and passwords have been shared by administrators over the last 10 ten years.
On Monday we announced that a special McAfee-certified package of Centrify DirectControl for Mac OS X is now available for use with McAfee's ePolicy Orchestrator.
I am pleased to announce that last quarter (i.e. quarter ending December 2009) was another record quarter for us, capping off a great year of year-to-year growth in the face of a tough economy. The last two quarters were in fact by far the two best quarters we ever had as a company, and, like last quarter, we were again profitable. So I say again: "LET THE WILD RUMPUS START!"