It has been a few weeks since I last blogged and it's definitely time I get back into it. Since the beginning of February we (a) launched a major upgrade to Centrify Suite for UNIX/Linux/Mac, (b) entered the Windows privilege management market with DirectAuthorize for Windows; (c) are now fully participating (and doing quite well out of the gates) in the cloud identity management market with Centrify for SaaS; and (d) launched a major partnership with Samsung. And the nice thing is that this product and technology momentum is also being replicated in other areas of our business.
With our recent release of Centrify Suite 2013, we have extended our privilege management capabilities to also include Windows servers and desktops thereby addressing the issue of restricting and protecting high privilege domain accounts as well as restricting and protecting local accounts with administrative privileges. Another major new feature we just recently added is a fairly comprehensive sudo policy migration tool that I want to call out in this blog post.
Quick heads up that Centrify is doing a joint webinar with Box on March 28th where we are going to discuss the issues, technologies and policies required for next generation management of employee or corporate-owned devices, smartphones, and tablets. This presentation will cover how to approach identity and authentication, enterprise app management, enabling single sign-on to apps, along with policy and architectural considerations for managing mobility projects across a myriad of platforms, use cases and enterprise boundaries.
Recently Centrify announced the general availability of Centrify for Mobile 2013 and Centrify for SaaS 2013, a set of integrated capabilities enabled by the Centrify Cloud Service platform that delivers secure, enterprise-class mobility management with integrated cloud and SaaS Single Sign-on (SSO) to improve security and increase workforce productivity in the enterprise. In this blog post I want to walk you through single sign-on capabilities from an end user perspective.
As I discussed in my last blog post, Centrify announced today at Mobile World Congress that Samsung Electronics Co, Ltd., has selected Centrify to provide key enabling technology for Samsung's next generation Android-based platform, called KNOX.
Centrify announced today at Mobile World Congress that Samsung Electronics Co, Ltd., has selected Centrify to provide key enabling technology for Samsung's next generation Android-based platform, called KNOX.
I wanted to tie up my series of blog posts on least privilege for Windows by drilling into a bit of architectural detail on how DirectAuthorize for Windows — an integrated component of the Centrify Suite — lets IT organizations securely delegate and manage privileged access across your entire Windows infrastructure.
In my latest blog post over at Forbes, I drill down into the commoditization of Mobile Device Management (MDM) and discuss what's next for the MDM market. In this post I discuss in more detail how Centrify sees itself vis a vis this market.
As mentioned in a prior blog post on "Implementing Windows Privilege Management" I wanted to drill down in another blog post how the concept of least privilege has found its way in various compliance and regulatory requirements we see out there. So in this blog post I will cover this topic, and luckily Centrify has a nice whitepaper entitled "Windows Least Privilege Management and Beyond" that I can leverage for the specifics on how the concept of least privilege maps to specific compliance requirements.
In this blog post I want to compare and contrast some of the approaches to enforcing "least privilege" that other solutions take vis a vis DirectAuthorize including what you get natively with Windows itself.
In this blog post I am going to talk about the concept of least privilege and what are some of the challenges in the Windows environment, and briefly discuss how DirectAuthorize for Windows can address these challenges.
Centrify Suite 2013 builds on the core enhancements Centrify introduced in Suite 2012 by extending DirectAuthorize to Windows, providing tighter integration between DirectAudit and DirectAuthorize, making migration from legacy "sudo" environments to DirectAuthorize fast and simple as well as adding many newly supported operating systems. All this makes Centrify Suite 2013 the industry's easiest and most scalable solution for unified identity and privilege management and detailed user auditing across UNIX, Linux and now Windows systems.
The recent revelation that Barracuda Networks had numerous privileged "backdoor" user accounts with weak passwords once again draws attention to not only the need to have strong passwords but also the need for privileged identity management.
Join product managers from Microsoft Office 365 and Centrify for this special in-depth discussion of Office 365 security in an online webinar on January, 24, 2013 at 1pm EST.
Recently there's been some good buzz around "Cloud Identity" given recent high profile VC investments and Salesforce getting into the market with the announcement of Salesforce Identity. Whether you call it "Cloud Identity" or "Identity and Access Management for the Cloud" and/or whether you are touting the idea that "Identity is the new Perimeter," the concept being implemented by vendors in this space is basically the same. In this blog post I want to talk about where I see existing "Cloud Identity" solutions falling short and how Centrify goes beyond their approaches.
At Centrify we believe the converging forces of cloud and mobile are beginning to merge the identity and access management ("IAM") market with the mobile device management ("MDM") market. Irrespective of whether or not they become a single market or will still be considered distinct markets, the fact is there is a growing intersection between the two, and the winning solutions in identity will be mobile-centric and the emerging winners in MDM will become identity-centric. In this blog post I am going to discuss what's causing these markets to converge and why I think Centrify is on the forefront of this convergence.
Today's blog is a guest written blog by Peter Christy, an analyst at the Internet Research Group. Peter was kind enough to let us share with readers of the Centrify blog some of his thoughts regarding the shift to "people oriented IT" (also referred by some as "people-centric IT") and how Centrify's unified identity services across data center, cloud and mobile capabilities dovetails with this shift.
On Dec. 18 I am participating in a webinar with Enterprise Management Associates (EMA) Managing Research Director Scott Crawford entitled "Data Center, Mobile, Cloud: All Roads Lead through Identity," on the central role of identity in unifying a strategy that yields consistent control over each of these domains. If you register, EMA will also provide you two of their analyst research reports on Security, which represents a $1590 value.
Today Centrify announced a new cloud-based offering that lets organizations centrally secure and control access to their increasing deployments of Software-as-a-Service (SaaS) apps and other cloud services, while also giving end users much needed single sign-on to address the password sprawl associated with these new technologies. Instead of going into the details of this announcement, I wanted to use this blog post to provide some thoughts on the challenges enterprises are facing as they embrace both cloud and mobile vis a vis identity.
So how are we delivering this Mobile SSO capability? Well for RMAs we are delivering a MAS Software Development Kit (SDK) that lets mobile application developers provide corporate users with a "Zero Sign-On" experience and stronger authentication when accessing applications from their mobile devices, which eliminates the need to remember and re-enter credentials for each mobile app. "Zero Sign-On" goes beyond Single Sign-On for devices enrolled in the Centrify Cloud Service, as users who have enrolled their mobile device in the Centrify Cloud Service are provided a certificate identifying the user of a specific device. Users are then able to use Mobile Apps that integrate with the Centrify MAS SDK to gain seamless access to authorized cloud services upon unlock of the mobile device.
Last week we released a new version of Centrify for Mobile that provides several new and enhanced features including the Centrify Mobile Manager for iOS app, PKI authentication for Wi-Fi network access on iOS devices, Exchange configuration for Touchdown on Android devices, Group Policy controls for several new Restrictions settings in iOS 6 and other improvements. In this blog post I will provide details on some of these new features.
This week we released an update to our DirectControl for Applications web single sign-on. It adds 4 new applications server versions in addition to the enhancements and/or upgrades.
Yesterday we extended our free Centrify Express security and management offerings beyond UNIX, Linux, Mac, iOS and Android to include free smartcard support for the Mac environment. One specific use case is that it enables US Government civilian and defense agency employees and contractors to use for free any CAC, CACNG and PIV Smart Card on Mac OS X for secure two-factor authentication to web resources, VPN and encrypted email.
Today we announced smart card authentication support for Red Hat Linux. The new offering from Centrify will help in particular Federal organizations deploying Red Hat systems meet Homeland Security Presidential Directive 12 (HSPD-12). Couple that with our support for FIPS 140-2 encryption and you now have a secure, standards-based Linux desktop platform for federal workers.
Centrify Insight was recently updated on splunkbase to version 1.3. As I have previously blogged, Centrify Insight is a free monitoring and reporting tool built on Splunk that helps you identify and analyze authentication, authorization and other events taking place on the UNIX, Linux and Mac systems managed by Centrify Suite or Centrify Suite Express.
Just recently we announced a second certification received from SAP to provide single sign on for users of NetWeaver AS Java based applications leveraging their Active Directory credentials.
Hence we are quite proud to announce that when Mountain Lion shipped the other day, that we were the only solution that had a shipping product that extends Active Directory to Mac to deliver a support for Mountain Lion.
Centrify runs on a July 1 to June 30th fiscal year, so our Fiscal Year just ended, and yesterday we announced our Fiscal Year 2012 results. I wanted to give our customers and partners an update on our business and reflect on the last twelve months.
The net result is Centrify's unified auditing and access management capabilities now span more than 375 operating system platforms - the industry's broadest range of resources operating on premise or in the cloud - and uniquely span from mobile devices to mainframes and hundreds of flavors of desktop and server operating systems and applications in between.
I am pleased to tell you that today we announced the details of the 2012 Centrify Customer Conference. It is going to be held June 5-6, 2012 in New York City and is free for all Centrify customers to attend. The first day (June 5th) is the main part of the conference, and the second day of the conference (June 6th) is an optional day of advanced technical training - a $2,400 value -which again is no charge for attendees.
We are now on "Beta 2" of Centrify for Mobile, our new cloud-based service the lets enterprises centrally secure and manage smart phones and tablets, including iPads and Android devices, using existing Active Directory infrastructure, skill sets and processes. In this post I want to provide more details on our cloud-based architecture for letting you leverage Active Directory to secure your iPad, iPhones and Android devices.
Last week we came out with a new release to our suite of solution. This latest and greatest version is called Centrify Suite 2012.2, which updates DirectControl to version 5.0.2, DirectAuthorize to version 2.0.2, DirectAudit to 2.0.2, and DirectManage Deployment Manager to 2.1.2. Customers can download it here while Express users can get it here. While a minor update, we have packed into a number of goodies that I want to talk to you about in this blog post.
Before I get into blogging about the details of our recently announced Centrify for Mobile, I wanted to show my readers a few screenshots of it in action using my iPhone as an example. In other words, we are using our own internal Active Directory to manage our fleet of mobile devices used by employees.
I am very pleased to announce a major extension of our product line with the beta release today of Centrify Centrify for Mobile. This new cloud-based service lets enterprises centrally secure and manage smart phones and tablets, including iPads and Android devices, using existing Active Directory infrastructure, skill sets and processes to enable easy, rapid deployment combined with enterprise-class scalability. In this blog post I want to tell you why we decided to branch out into mobile and give an overview of Centrify for Mobile.
I posted a new blog post over on my Forbes.com blog entitled "Buckle up with CyberSecurity … It's the Law." In this post I discuss how state laws have been on the books for years regarding security breach notification, but newly enacted laws that tighten compliance requirements for data security as well as recent guidance from the SEC regarding disclosing cybersecurity risks and incidents is turning up the heat on companies to improve their security or face significant fines and lawsuits.
In my last blog post I discussed the business reasons for auditing your server infrastructure. In this blog post I will walk you through various options to do auditing of servers, and some of the pros and cons of each.
It is interesting that when I talk to IT professionals and ask them about their security and compliance requirements for their server infrastructure that in some instances IT pros tell me that auditing their server infrastructure doesn't apply to their organization or they can kick the proverbial can down the road. I can understand that sentiment if their organization was a small-to-medium sized business that may not be a public company and have to deal with SOX, or not in a well regulated industry that has to deal with HIPAA or FERC/NERC, but when an larger organization that is in a regulated industry states that they don't need auditing on all their servers it seems a bit of evangelism is needed to get customers to realize that it is in their best interest to do so. I would also argue that this same evangelism should be considered by smaller organizations. In this blog post and a few others to follow I am going to talk a bit more about auditing, and in this one will discuss the business needs for auditing your servers.
As we head into the holiday season and the New Year, I first would like to wish all our customers, partners and employees a Happy Holiday season. We certainly appreciate your support. I also want to use this blog post to reflect on calendar year 2011 as it relates to Centrify. This past year has probably been the most significant calendar year for Centrify since 2004 (which was the year we formed the company). In this blog post I want to highlight some of our major milestones and also give some thoughts on what's in store for Centrify in 2012.
Today we shipped Centrify Express 2012 — our comprehensive suite of free Active Directory-based integration solutions for authentication, single sign-on, remote access, file-sharing, monitoring and cloud security for cross-platform systems. It is another milestone release in terms of added functionality (more on that below) and new platforms supported (with nearly 50 new OSes added!). It is also marks the milestone that well over 100,000 IT Pros have acquired Centrify Express in the last 12 months alone.
A few weeks ago we announced that both Centrify Suite and Centrify Express now support Canonical's recently released Ubuntu 11.10 ("Oneiric Ocelot"). What is of significance — and what was also the case with Ubuntu 10.10 (Maverick Meerkat) — is that Canonical is distributing Centrify Express with Ubuntu 11.10 through its Ubuntu Software Partner Repository. Which means that IT professionals can now quickly and easily integrate Ubuntu 11.10 servers and desktops into Microsoft Active Directory for centralized authentication and single sign-on - and do so free.
A few blogs and publications have asked me, among other folks in the industry, to contribute to their respective annual end-of-year prediction series. So I have been busy the last few days peering into my "crystal ball" and writing up a few articles.
Today we announced that Tim Steinkopf has joined us as our Chief Financial Officer. Tim has a number of years of being a CFO at both public and private companies and will definitely help us manage our continued high growth and momentum. Some of you may recall Tim as the former CFO of publicly traded security company Secure Computing Corporation that was acquired by McAfee a few years ago. We are very pleased to have someone with Tim's skills and personality on board the Centrify team.
Besides the recent release of Centrify Suite 2012 — which is probably our most significant release since our Version 1.0 release of DirectControl — Centrify has been also busy on a number of fronts over the last few weeks. Notable items include receiving a patent for our Zoning technology, receiving FIPS 140-2 Level 1 Certification, the Centrify Suite winning a SC Magazine 5 Star award, and our European expansion. Coupled these with our major product release and our recent major round of funding, collectively these items show our continued momentum in the market. In this blog I will briefly elaborate on some of the newer announcements.
I have been doing a series of blog posts on Centrify Suite 2012, and in this blog post I want to focus on the improvements we made in manageability of our software as well as some other key features in the area of simplified replacement of legacy NIS environments and extended platform coverage.
We recently shipped Centrify Suite 2012, one of the most significant major releases we have ever done as a company, and in today's blog I want to focus on the improvements we have made to our patented Zoning capability and also discuss a new featured called Computer Roles.
Over the last week or so Centrify has announced a major product upgrade in the form of Centrify Suite 2012, the award of a US patent for our Zones technology, the US Government has awarded us FIPS certification and that a major security publication gave our products a perfect 5 out of 5 stars. Suffice to say I have a lot of catching up to do blogging-wise to give my take on these great announcements! Over the next few blog posts I will give you my take on the significance of Centrify Suite 2012, and let me kick off with Part 1 of this series of blog posts by discussing the release of Centrify DirectAudit 2.0.
As discussed in my last blog post, second generation AD Bridging products have been on the market for a number of years now, with Centrify taking a clear leadership role based on install base, breadth and depth of product portfolio, revenue, sales growth, etc. In this blog post I will give some of my thoughts on the future of Active Directory and Active Directory bridging.
In case you missed it, in May of this year the industry celebrated the 14th birthday of "bridging" Active Directory to non-Microsoft systems. Fourteenth (??!!) birthday you say — how can that be when Active Directory was not even released until 2000? In this blog post I will explain that, walk you through the history of bridging Active Directory and give my thoughts on where the next generation of Active Directory bridging should go.
Besides blogging here at Centrify.com, I am also blogging away at my "Secure Thinking" blog site over at Forbes.com. In this blog post I wanted to expand on my latest Forbes.com blog post entitled "Security's Inside Jobs" which I believe is highly relevant to one of the key value propositions - superuser privilege management - that Centrify provides.
We have gotten a lot of positive reaction to our recent announced that we have raised $16 million in Series D financing to fuel growth and our extensions into the cloud. You can read news articles of the funding at VentureBeat, TheVARGuy.com, SecurityWeek, and The San Jose Business Journal among the many publications that covered this news.
The Centrify team is very excited to announce that Centrify has raised $16 million in Series D funding. We see this as another positive endorsement of our products and strategy, the team we have assembled, the great set of customers and partners we have been able to bring on board, our track record of success including high annual growth and profitability, and the overall market opportunity we have here with Centrify.
In honor of Splunk's annual user conference happening this week, I wanted to blog about Centrify Insight. Implemented as a Splunk app, Centrify Insight is a free monitoring and reporting tool that helps you identify and analyze authentication, authorization and other events taking place on the UNIX, Linux and Mac systems managed by Centrify Suite or Centrify Suite Express. This information strengthens organizations' compliance efforts and improves security in on-premise and cloud environments. In this blog post I will discuss what Centrify Insight is, why we built, where we plan to take it, and how it differs from other approaches.
Today we announced results from our fiscal yearthat recently ended June 30th. We did not think we could top the great 50 percent year-to-year growth that we experienced last fiscal year, but this year we beat that and grew approximately 75 percent year-to-year. In addition, we achieved record profitability and were cash-flow positive as well.
I am pleased to announce DirectControl for Mac OS 10.7, which provides support for the newly released OS 10.7 Lion system update from Apple.
I am pleased to announce that Forbes.com has now taken me on as a guest blogger. I will still blog on Centrify-specific topics over here at Centrify.com, but my views on security, infrastructure software, entrepreneurship, life in Silicon Valley and general what-have-you will appear over at my Forbes.com blog called "Secure Thinking."
As part of our CloudTools release we are delivering some Centrify-specific RightScripts. As a reminder, Centrify CloudTools is an integrated collection of free tools and enhancements to existing products that lets organizations dynamically apply Active Directory-based authentication and access control to Linux systems running within cloud hosting providers such as Amazon EC2 and the RightScale Cloud Management Platform. In this blog post I will describe what "RightScripts" are and discuss what our RightScripts do.
OK, so we are all hearing about "The Cloud." Cloud this, Cloud that. Vendors talk about it all the time, but are they simply blogging about it and telling their investors about this hot new thing called "The Cloud" or are they also actually delivering products that are specific and optimized and useful to "The Cloud"? Well, Centrify heard all this talk of the "The Cloud," we talked to Cloud providers, and of course talked to our customers, and decided to actually do something about "The Cloud." So after a good deal of research figuring out what customers care about vis a vis securing "The Cloud," and after a good bit of development effort, the other day we released, for free, Centrify CloudTools.
Today we released a major upgrade to Centrify Express — Centrify Express 2011 — that adds two new solutions to our Express offering (Centrify Cloud Tools and Centrify Insight — bringing the total number of solutions that comprise Express to five), major feature enhancements to the three pre-existing Express solutions, and also the unique addition of the expansion of our free Active Directory bridging support beyond on-premise systems to cloud-based systems as well. In this blog post I will discuss some of these new capabilities we added in Centrify Express 2011.
In this blog post I will describe Centrify Suite 2011's improved deployability and manageability via enhanced DNS handling as well as enhancements we added to DirectAudit, DirectSecure and Centrify-enabled OpenSSH.
In this blog post I will describe Suite 2011's enhanced administration and privilege management capabilities for UNIX/Linux/Mac systems as well as its expanded platform coverage and additional application single sign-on capabilities.
Today we announced Centrify Suite 2011, the latest release of our flagship security and compliance solution. Centrify Suite 2011 boasts enhanced administration and privilege management capabilities for UNIX/Linux/Mac systems, expanded platform coverage and additional application single sign-on capabilities allowing enterprises finer grain control and auditing over an expanded set of data center systems and enterprise applications. In today's blog post I am going to highlight some of the neat Linux and Mac desktop management capabilities we added in this release.
In a prior blog post I discussed how I thought sudo and sync'ing sudo files is an inadequate solution for UNIX/Linux authorization. Writing that blog post got me thinking on how authentication and authorization really go hand-in-hand, especially for securing underlying operating systems such as UNIX and Linux, and should be delivered to customers as an integrated solution. In this blog post I will describe why that's the case, and discuss why most of the existing vendors out there are also saying the two also go hand-in-hand, but are delivering the opposite or not even delivering one of the two key components. Hopefully at the end of this blog post you will agree that it is inefficient to have a separate solution (and architecture) for UNIX authentication and for UNIX authorization.
As was the case with prior quarters, I am pleased to announce that we recently concluded yet another record-breaking quarter for us.
In the past I have highlighted many of the positive reviews of Centrify Express, and in the last 2 months there have been even more reviews that have confirmed that Centrify Express is the most functionally rich and stable free solution out there for Active Directory and *nix integration vis a vis alternative point tools. Let me highlight a few of the recent reviews.
Recently I noticed some vendors are saying "we do UNIX authorization" and "we do UNIX role-based access control" (RBAC), hoping they can score a checkbox next to that category of functionality when it comes to a vendor bake off. But when you peel the layers of the onion back and look under the proverbial hood, in the end what these vendors are really just doing is offering a solution that helps you sync sudoers files. Centrify offers that same capability to sync sudoers files via a Group Policy (and offers IMHO the best implementation of a sudo group policy), but I wanted to take this blog post and discuss why I think sudo and sync'ing sudoers is simply not enough to address UNIX authorization and RBAC, i.e. why enterprises need something more industrial strength.
Earlier this week we announced an expanded partnership with Canonical, the guys behind Ubuntu Linux. The net net of the relationship is that Canonical is now distributing Centrify's free Active Directory authentication solution, Centrify Express, through its Ubuntu Software Partner Repository.
Recently we have been hearing more and more from Ubuntu users regarding their dissatisfaction with some of the other Active Directory integration tools that they can get for free with Ubuntu. The good news is that our free Active Directory integration solution, Centrify Express, is now certified by the makers of Ubuntu and is now in the Ubuntu Partner Repository.
Periodically I like to give updates on how Centrify is doing business-wise for our customers and partners, as well as for prospective customers. Our Fiscal Year runs from July 1st to June 30, so at the end of September we completed our first Fiscal Quarter (aka "Q1") of the new Fiscal Year. And like the previous company updates I have given, after reflecting back on the achievements over the last 3 months, I am happy to say again "Let the Wild Rumpus Start!"
Group Logic, our fellow partner in the Enterprise Desktop Alliance, recently came out with an interesting survey of Mac usage in higher education, and I thought in this blog post I would highlight a few key findings.
In this blog post is a little detail on why Amadeus selected Centrify and how Amadeus is using Centrify's software on 1000s of UNIX and Linux servers. Amadeus is the leading provider of transaction processing for the travel and tourism industry, processing over 670 million transactions in 2009.
Recently at VMWorld Centrify announced our "enterprise-out" strategy of enabling customers to seamlessly leverage their existing security administration, access control and policy management that they get with the combo of Active Directory and Centrify to servers being spun up in the cloud. We also recently announced that we have licensed key intellectual property from Microsoft to better secure cloud systems, and also entered into partnerships with cloud providers such as Savvis. In this blog post I want to discuss at a high level what we started to deliver in regards to securing servers in the cloud, with subsequent blog posts drilling down into specific capabilities.
The release last week of Centrify Suite 2010 Update 2 extends support to over a dozen new UNIX and Linux platforms, bringing the total of non-Microsoft platforms that Centrify bridges into Active Directory to over 250. That is simply far more than any other solution on the market that integrates Active Directory with non-Microsoft systems, on the order of magnitude of approximately 40% more platforms supported.
Recently some press and bloggers have been reviewing both the Centrify Suite and Centrify Express. In these reviews our products have shined and have taken top honors when compared to other solutions on the market. In this blog post let me run through the recent reviews and point to some of the key things these reviews found.
Earlier this year we signed a technology licensing agreement with Microsoft that gave us the rights to leverage key protocols and patents from Microsoft in the area of securing communications in the cloud, and today we announced that agreement as part of our recent wave of announcements around securing systems and apps deployed in the cloud.
A new Washington state law went into effect earlier this month that makes a business or a credit card processor liable for unauthorized access to credit card information it stores. The key thing with the law is that businesses or processors are not liable if they are PCI DSS compliant, so in effect this further motivates businesses who process credit cards to get compliant. This is part of a growing trend for states to in effect incorporate PCI into state law.
I was pleased to see that one of our partners, TekVault, recently issued a press release re: a mutual customer, First New York Securities, who has deployed our software to help the customer manage and secure their fast growing Linux environment.
Periodically I like to report on how Centrify is doing for our customers and partners, as well as for prospective customers. Our Fiscal Year runs from July 1st to June 30, so we just ended our latest fiscal year and the final numbers have been tallied up. I have previously given a three month, six month and nine month update of the past Fiscal Year, so here is the "annual report". And like the previous updates, after reflecting back on the achievements over the last 12 months, I am happy to say "Let the Wild Rumpus Start!"
Recently we announced Centrify Express, a free offering for anyone who wants to better integrate non-Microsoft systems with Windows. Please go ahead and visit www.centrify.com/express and download it - by simply entering a valid email address and you are on your way to cross-platform interop nirvana! We are very excited about this announcement as it delivers by far more free capabilities than any other Windows/Active Directory interop solution out there, and it is also the most mature and manageable solution out there. In this blog post I will discuss what Centrify Express is and why we released it.
Recently VMware published its official release of the vSphere 4.0 Security Hardening Guide. I was pleased to see that Centrify was the only third-party identity management vendor called out by VMware to "provide tighter integration with Active Directory" when it recommends to use a directory service product for authentication for the ESX Service Console. While Centrify was called out vis a vis the security requirements around Console OS password policies, in looking at the hardening guide it became readily apparent that the Centrify Suite can address a wide range of vSphere hardening requirements for enterprises, and this blog post gives an example of some of the additional value add Centrify can provide.
Many of our customers want DirectControl to seamlessly integrate with Samba - the de facto industry standard CIFS File Server for Linux and UNIX - so I have blogged a few times about what we offer in terms of Samba interoperability as well as on the technical and architectural details around our Samba integration. But because there is a bit of overlapping capability with what Samba offers and what DirectControl offers, we occasionally get questions on how we compare to what Samba offers, so in this blog post I am going to drill down a bit into two areas of overlapping functionality with DirectControl and Samba's windbind capability.
With the release of DirectSecure earlier this year and the release of DirectAuthorize last year we have broadened our PCI footprint to address additional PCI requirements, so I want to use this blog post to talk about some of the added requirement we now address.
I saw in Network World a recent article with the headline, "IRS security faults leave taxpayer information at risk." In reading the article and digging down into the actual United States Government Accountability Office (GAO) report (entitled "Information Security: IRS Needs to Continue to Address Significant Weaknesses") that the article uses as its source, it turns out that the major findings in the audit were really about the need for comprehensive privileged identity management within the Internal Revenue Service. In this blog post I will analyze the GAO report and map the report to specific capabilities that Centrify addresses.
Well it has been 6 years since Centrify was formed. I wish I had a picture of myself and our 2 other founders, Paul Moore and Adam Au, from 6 years ago, but I think we probably look about the same now as we did then, so if a picture of the three of us were to be taken you would not know if it was from 2004 or 2010. It definitely would not be like the classic photo of the original Microsoft employees with the facial hair, the long hair and the big collars.
It was three years ago that Bill Gates made his last appearance at the RSA Conference and introduced the Microsoft vision of "Secure Anywhere Access in a Connected World." It was 2 years later that part of that vision became reality with the introduction of technology in Windows 7 and Windows 2008 R2 called DirectAccess. In this blog post I will give an overview of DirectAccess and discuss how Centrify DirectSecure embraces and extends it to non-Microsoft platforms; i.e. even better together.
DirectSecure can help you meet PCI DSS requirements around network segmentation and address section 1.2 of PCI regarding restricting connections between untrusted networks.
With the release of Centrify Suite 2010, we introduced two new products: DirectManage and DirectSecure. In this blog post I will discuss what DirectSecure does at a high-level and why customers need it. In later blog posts discuss how it works, give some use cases, and then discuss how it extends Windows 7 DirectAccess to cross-platform environments.
One common dilemma that software vendors face is when they pack more features and functions into their products, those products become more difficult to use, manage and deploy, and therefore a major upgrade can actually represent a step backwards in the customer's eyes. The best example for me personally is Office 2007 - after a year on Office 2007 I still find I am not as productive in using this new version vs. the older version. Centrify has been very cognizant of that classic software vendor dilemma, and since day 1 we have historically invested in making our software not only functionally rich, but also easy to deploy/use/manage, as well as very non-intrusive (e.g. no AD schema mods, no painful UNIX UID rationalizing, no kernel mods, etc.). Our goal has been to NOT have our customers 'manage the management system.' The recently introduced DirectManage is another step in this vision, and in this blog post will talk about what DirectManage is and what it does.
Five years and one week ago Centrify entered the market with the announcement of DirectControl version 1.0. Today, we are pleased to announce the release of Centrify Suite 2010. In five years we have gone from 1 product to 5 products, from a few beta sites to over 1500 customers including some of the largest enterprises in the world, and from a classic Silicon Valley startup to a mature, profitable software company with staff throughout the world. In this blog post let me talk about some of the new products and new features that make up Centrify Suite 2010.
At MacWorld we announced the release of DirectControl version 4.4 for Apple Mac OS X. With this release we expanded the number of Mac-centric Group Policies we offer, added support for FileVault, further enhanced our Snow Leopard support and delivered tighter integration with Group Logic's ExtremeZ-IP. We are also proud to announce that our support for the government Common Access Card (CAC) was certified by the Department of Defense Joint Interoperability Test Command (JITC).
As many of my blog readers may recall, for the last year or so I have been banging on the "superuser privilege management" drum which is all about "trusting, but verifying" what privileged users (e.g. systems administrators, DBAs, etc.) and their accounts (e.g. root) can do and auditing actions taken by those privileged/superusers. It was with a great deal of interest that I read in Network World that a financial services firm had to notify 1.2 million customers of a data breach - not because they found an actual breach of data, but because six usernames and passwords have been shared by administrators over the last 10 ten years.
On Monday we announced that a special McAfee-certified package of Centrify DirectControl for Mac OS X is now available for use with McAfee's ePolicy Orchestrator.
I am pleased to announce that last quarter (i.e. quarter ending December 2009) was another record quarter for us, capping off a great year of year-to-year growth in the face of a tough economy. The last two quarters were in fact by far the two best quarters we ever had as a company, and, like last quarter, we were again profitable. So I say again: "LET THE WILD RUMPUS START!"
Centrify has released on our customer support site our latest CIFS Server for file sharing among UNIX and Linux systems and Windows. Based on the industry standard Samba file-and-print server, this release of our Centrify-enabled Samba represents a significant upgrade from our previous package, including the fact it has been upgraded to the latest stable release of Samba (version 3.3.9)
I am pleased to announce that last quarter was our best ever in terms of sales, net new customers added, transactions, etc. And the best news of all was that we hit P&L profitability a few quarters ahead of schedule.
It has been over a month since Apple released Mac OS X 10.6 aka "Snow Leopard." Centrify worked hard to deliver "day 1" support for the platform, but it appears given press reports that other ISVs are still struggling to deliver supported bits for customers who are now buying Macs that has Snow Leopard pre-loaded.
In my last blog post I provided some analysis on the recent Centrify Survey as it relates to the state of the virtualization market. In this blog post I will analyze the results as it relates to customers' thoughts re: virtualization security. Not surprisingly, IT Professionals are concerned about security of this new technology.
During VMworld the other week we announced the results of a 500 person survey on the virtualization market and the current state of securing virtualized environments. The survey has already garnered a bunch of press, but for now I will drill down into the results of the survey as it relates the current state of the virtualization market.
Today we announced deep Active Directory integration with VMware vSphere, VMware's cloud operating system, making us the first ISV of its kind to support this platform.
Great job to the Centrify engineering and support team in delivering day 1 support to customers for Snow Leopard and of course delivering the best Mac/Active Directory solution out there.
In my last two blog entries I examined the "before Centrify" and "after Centrify" approaches to managing digital identities for your operating systems. In those blog posts I also talked about how Centrify's approach to identity management and our products and solutions can make your organization more operationally efficient and productive as it relates to securing and managing access to your server and desktops. I have also recently discussed my thoughts on the key security challenges involving application single sign-on. But we all know that in today's economy IT projects are not always driven by best practices. So in this blog post I will talk about how our products drive significant operational efficiency when you deploy our stuff for web and enterprise applications such as SAP Netweaver.
This is the second of a two-part blog post on how Centrify's approach to identity management and our products and solutions can make your organization more operationally efficient and productive as it relates to securing and managing access to your server and desktops. In part 1 I described the current way enterprises manage digital identities for their operating systems and how Centrify changes this paradigm by centralizing cross-platform identity management leveraging Active Directory. In this post I will give the specific cost savings you can get with our solutions.
In this two-part blog post I will talk about how Centrify's approach to identity management and our products and solutions can make your organization more operationally efficient and productive as it relates to securing and managing access to your servers and desktops.
Gartner just published its annual "Hype Cycle for Identity and Access Management Technologies" and the big takeaways are that operational efficiency is now the lead business driver for identity management deployments and that enterprises are focusing on leveraging what they already have to save money. In this blog post I will drill down on these points, and how both of these trends bode well for Centrify.
I recently saw an article on options for integrating Macs in a Windows environment. The article noted that "Apple has offered an Active Directory plug-in ever since Mac OS X 10.3" but pointed out a key area that the Apple AD plug-in doesn't provide, namely Group Policy. I want to use this blog post to talk about the differences between our solutions and why some customers choose Centrify DirectControl over "what comes in the box."
This is the last in a series of blog posts on securing VMware environments. In this blog post I will discuss how you can audit interactive administrative access to VMware ESX with DirectAudit and how you can in general harden your VMware Infrastructure with the Centrify Suite.
I am going to discuss how the second product in our suite, DirectAuthorize, complements vCenter Server by providing additional ways to manage roles and privileges in a VMware ESX environment.
In this blog post I want to drill down in detail on some of the value we provide in terms of delivering identity and access management to VMware environments. I am going to first review what are some of the identity management challenges in VMware environments, discuss what VMware provides out-of-the-box in terms of Active Directory integration and its limitations, and discuss what Centrify uniquely offers.
Today we announced extensive support for heterogeneous, virtualized data centers with the general availability of the Centrify Suite 2008 update 3. With this release we help our customers securely and efficiently transition from a traditional, physical infrastructure to a dynamic, virtualized computing environment.
Tomorrow we are announcing the release of Centrify Suite 2008 Update 3. The major news with this release has to do with what we are doing in securing heterogeneous virtual platforms. I will blog on our "virtual security" support tomorrow, but in today's blog want to focus on the other capabilities we added to this release, including the fact that we added support for an additional 40 flavors of UNIX/Linux/Mac, bringing the total count of platforms support to over 190 - well more than anyone else in the industry.
Mark Diodati of the Burton Group recently published his thoughts on "Identity Management 2.0," discussing how the legacy world of identity management "suites" is calcified from an innovation perspective and how newer technologies such as Active Directory Bridge products and privileged account management solutions are taking off and offer quicker ways to ensure security and meet compliance needs. In this blog post I will offer some of my color commentary on Mark's superlative article and where the identity and access management market needs to head.
It was definitely encouraging to see based on last Friday's announcement that Cyberspace Security is becoming a national security priority. President Obama on Friday presented the recommendations of a 60 day cyber security review panel and will likely appoint a Cyberspace Security "Czar" in the next few days. I thought the tagline of the Cyberspace Policy Review did a good job of nailing what needs to be done: "Assuring a Trusted and Resilient Information and Communications Infrastructure." Below are some of my thoughts and observations on the Obama Cyberspace Policy Review.
The Enterprise Desktop Alliance, whose purpose is to facilitate the acceptance of the Mac in environments managed with Microsoft Windows (and of which Centrify is a founding member), is hosting a webinar on June 2nd to help IT professionals learn how to integrate Macs into their Windows environment.
I always like seeing Centrify technical folks demo'ing the Centrify Suite to customers, but it is even better to see a partner show off our wares. That's why I greatly enjoyed seeing Keith Combs at Microsoft recently post on his blog a third part demo of Centrify DirectControl.
Quick heads up that Centrify is hosting a webinar on May 7th on the topic of "Simplifying Mac Smart Card Support in Windows Environments."
As you may recall from a prior blog post on this topic, Centrify DirectControl is being demo'ed in Microsoft's "Integrate Your IT Environment" Windows/UNIX/Linux interoperability road show being hosted at Microsoft offices in 15 cities throughout the United States (Centrify is also an event partner as well). As reported this weekend on Keith Combs' blahg, the event on May 6th is being simulcast live from Downers Grove, IL and you can virtually attend the event by visiting http://tinyurl.com/interop-webinar (the same URL lets you also view the replay of the session that will be available a few days later).
I recently came across three security spending surveys that, for the most part, point to positive signs for the security software market during this recessionary calendar year. All three point to security being among the most "mission-critical" (i.e. "must have") area of all of software and IT spending, with identity and access management being one of the most important areas within security given compliance requirements and concerns regarding who has access to sensitive data.
We have had a number of customers recently ask us how we could help them integrate their MIT Kerberos realm users with Active Directory. Given that one of the recent features we added in DirectControl v4.2 (shipped in December 2008) was in fact to support this capability, I thought it would be interesting to further elaborate on this feature in a blog post. Mike Patnode, our VP of Technology, was kind enough to write today's blog post, so take it away Mike!
Over the last few weeks we hit a number of major company milestones which I wanted to share with you. These milestones include our 5th year anniversary, a successful quarter sales-wise, and Centrify procuring our 1000th customer.
Centrify is pleased to be an event partner in the Microsoft TechNet Event "Integrate Your IT Environment" being hosted at Microsoft offices in 15 cities throughout the United States. Microsoft and Centrify will demonstrate how Centrify's DirectControl software solution can extend Microsoft Active Directory to seamlessly manage and secure UNIX, Linux, and Mac platforms and non-Microsoft applications.
Centrify is pleased to offer insightful industry commentary with the respected analyst firm the Burton Group in the form of a podcast. Burton Group analyst Mark Diodati (the same person who wrote the "Active Directory Bridge" report that I previously blogged about) interviews our own David McNeely on several topics related to the appropriateness of leveraging Active Directory for cross-platform identity management. There is a particularly good exchange about Active Directory's group- and role-based management features, and how Centrify has leveraged those in DirectAuthorize for UNIX/Linux root access control.
This week we are hosting a webinar on how Centrify's solutions provide a powerful, cost-effective, standards-based way to address the four key identity and access management provisions of the Federal Information Security Management Act (FISMA) in distributed, cross-platform environments. Federal customers should register for the webinar and in doing so will get a fairly comprehensive whitepaper on the topic. In this blog post I am going to talk about FISMA and give you an idea on how we can help federal agencies comply with it.
Our partner NetApp in a recent blog post gave a shout-out to Centrify and how we can help secure NFSv4, so I thought I would return the favor and give our take on how a customer can leverage DirectControl's Active Directory integration and Kerberos support to implement NFSv4 with Kerberos authentication.
I have been blogging a bunch lately on our Mac support and on the topic of UNIX privilege user management (aka superuser privilege management) that I have probably been remiss in giving updates on our web application support. We have been busy in this area as well. So here is a quick blog post on a recent update to our web SSO solution that provides authentication and security using Active Directory for Apache and J2EE application servers.
The Enterprise Desktop Alliance - which Centrify co-founded - just published a comprehensive survey of Mac usage within large organizations. Besides finding that 74% of IT organizations surveyed plan to add more Macs this year, it determined that the top interoperability challenge with Macs is ... integration with Active Directory.
I am on the road this week in Europe doing various customer visits and in two instances we were asked if Centrify could help them manage SSH keys in their UNIX/Linux environment. We answered Yes - through the use of DirectControl and Kerberos, there is no need to maintain and manage SSH keys. Kerberos takes care of all key management for us when using our OpenSSH and PuTTY which are designed to use Kerberos for key exchange. I asked Mike Patnode, our VP of Technology, to be a guest blogger and pen a blog post on this topic.
What caught my eye was an article regarding the Department of Defense banning USB drives. The article went on to say this was part of a growing trend within the government, and gave the example of the CIO of NASA having recently sent out a memo to all employees curtailing the use of thumb drives.
I have been beating the drum a bunch lately on privileged user management ("PUM" - the expression Forrester uses) aka superuser privilege management ("SUPM" - the expression Gartner uses) aka privileged account management ("PAM" - the expression Burton Group uses). Well Gartner has just weighed in again on this topic in a just published report, and in this blog post I will give you some of my thoughts on the report.
Centrify just released DirectControl 4.2.0 for OS X that enhances our Mac smartcard support as well as the release of two new informative "Video Chalktalks" on our smartcard support: Introducing Active Directory Integration with Mac Smartcards and Architecture and Authentication Flow for Smartcard login to Active Directory. This new release and the 2 Video Chalktalks are definitely a must have and view for Federal customers looking secure integration of their Department of Defense (DOD) Common Access Cards (CAC) with their Apple Macintosh computers running OS X 10.5 and above.
I just read of a very recent court decision that has interesting consequences for information security but is receiving little to no media attention. As you may know from my recent blog on the inside attack that was foiled at Fannie Mae that could have knocked that entire organization offline for a week, unauthorized access by insiders and/or former employees should be a huge concern these days. But a recent ruling by a Federal court in Georgia in the Andritz, Inc. v. Southern Maint. Contractor, LLC case held that lost revenue caused by theft may not be recoverable under the Computer Fraud and Abuse Act. This means to me that if you can't stop an ex-employee from stealing information from your systems in the first place via proper de-provisioning and auditing tools, you may be out of luck in terms of recovering lost money caused by that theft.
How do you manage from a security perspective the generic and application accounts such as "oracle" that are created on your critical UNIX systems? For this blog post I turned to the expertise of Ken Montagna, one of our Consultants in our Professional Services organization.
I just saw that Ryan Faas, author of "Administering and Managing Mac OS X Snow Leopard Server," has recently referred to Centrify DirectControl as one of "The Top 3 Windows/Mac Client Management Options" in the market in a recent article on InformIT.com. Ryan has written a number of books on managing Macs, and Apple itself is sending out one of his books as a gift to attendees of one of their recent seminar series, so it is great to see a noted Mac expert such as Ryan give DirectControl the big thumbs up.
Even though most of us in the IT industry know about the threat of insider attacks, it was still shocking to read the recent headlines that a former UNIX engineer at mortgage giant Fannie Mae was charged in federal court with planting a logic bomb that would have effectively shut down all 4,000 servers at Fannie. I am going to use this blog post to give some details from the affidavit regarding what happened at Fannie Mae and discuss how Centrify's products can help enterprises avoid something like this happening to them.
I was pleased to see that Burton Group recently published a fairly comprehensive report on the market for extending Active Directory across cross-platform systems and applications as a means to address regulatory compliance, improve security, reduce costs and improve operational efficiency. I think the key takeaways from my perspective is that a respected analyst firm has validated our AD-centric approach as mainstream and that Centrify is a "right vendor" to choose in this category.
As you probably know, Centrify is in the identity and access management (IAM) market segment of the overall security software market. Late last summer the analyst firm IDC published a report on the "Worldwide Identity and Access Management Market" which provided both forecasts for calendar years 2008-2012 and vendor shares for calendar year 2007. While the report shows significant historical revenue growth (and very good forward-looking growth) in the IAM market, it also revealed continued heavy fragmentation within the market in terms of the various vendors' market share and the overall number of vendors. I am going to use this blog post to talk about why I think the IAM market is so fragmented and why this fragmentation is creating a significant opportunity for Centrify who is applying a disruptive approach to this market within security.
It was definitely a busy holiday season here for the Centrify team with a number of major milestones reached. The first milestone reached was more company-oriented in that the December quarter represented our best ever fiscal quarter from a revenue and bookings perspective, and for the calendar year we showed significant revenue and bookings growth - in the face of a recession that started at the beginning of the year - when comparing CY 2008 to CY 2007. In addition our customer count now exceeds 750+ customers, another significant milestone. The final milestone reached was more product-oriented in that we shipped Centrify Suite 2008 on the last day of 2008. I am going to use this blog post to describe some of the new capabilities we added in the Centrify Suite 2008.
Clearly, a key value proposition of Centrify DirectControl is the ability to leverage Active Directory as the central identity hub/store to administer users and their access, as well as centrally control authentication. This centralization then enables single sign-on for users to non-Microsoft systems and applications.
Our VP of Technology, Mike Patnode, presented on the topic of integrating Linux (and UNIX and Mac) identity management in Microsoft Active Directory at LISA 2008 (aka the Large Installation System Administration Conference).
In this blog post I am going to drill down in more detail on why customers (especially in the Federal government) should leverage strong authentication for the Mac and how our solution works in this regard.
This is my fourth in a series in a series of blog posts on our great new product DirectAuthorize. In this blog post I want to discuss how DirectAuthorize compares and contrasts to the popular "sudo" utility found on most UNIX and Linux systems.
This is a third in a series of blog posts on our hot new product DirectAuthorize. In this post I will drill down on the architecture of DirectAuthorize and describe some of its unique architectural features including how it uniquely leverages Active Directory.
In this post I want to drill down in more detail on the customer challenges that DirectAuthorize addresses, specifically in the areas of improving security and addressing audit and compliance requirements.
Centrify is pleased to announce a brand new product called DirectAuthorize, a software solution that centrally manages and enforces role-based entitlements for UNIX and Linux systems, and we are also introducing the Centrify Suite, which is a comprehensive solution for cross-platform identity and access management.
I am happy to report that as of last week, after working with SAP Waldorf and the SAP Integration and Certification Center (ICC), we have officially certified the integration of Centrify DirectControl for SAP on UNIX 4.1 with SAP Netweaver via BC-SNC 4.0.
GroupLogic - one of Centrify's partners in the Enterprise Desktop Alliance has just released a very interesting survey detailing the major issues and concerns when faced with Mac integration within the enterprise.
I found it interesting to read that one analyst is predicting that Apple will ship 3 million Macs this quarter, which would put Apple on a glide path to grow global PC market share from to 4.2% in 2009 from 2.9% in 2007.
On the heels of winning WindowsITPro Magazine's "Best Pick" for interoperability, it looks like we won another award: Network Product's Guide Reader Trust Award for "Best in Identity Management." It is great to win an award from an analyst or editor, but we are equally proud (if not more so) when customers name us their top solution within security in the identity management market as is the case with this award.
As part of our continuing education series on leveraging Microsoft Active Directory for cross-platform Identity and Access Management to enable strengthened IT security and regulatory compliance, Centrify is pleased to announce a three part webinar series featuring Gartner Group analyst Perry Carpenter. Click here to learn more and register.
Last year I wrote a blog post what a great year we had last fiscal year. Well now that another fiscal year has gone by (our fiscal year ends June 30), I am pleased to report to our employees, customers and partners that we had another great year! The high-level summary is that Centrify is coming off of another year of continuing triple-digit growth in revenue and customers for the fiscal year. We increased sales into Global 2000 companies; the Centrify customer base more than doubled to over 500 organizations in all sectors and includes implementation by 38% of the Fortune 50.
I was pleased to notice in the recent issue of WindowsITPro Magazine that hit my desk that Centrify DirectControl won Editors' Best pick (i.e. the "Gold Medal") for Best Interoperability solution.
Centrify is pleased to announce that Société Générale Corporate & Investment Banking (SG CIB) - after a rigorous and comprehensive selection process of identity and access management solutions - has selected our DirectControl solution for a pilot deployment to optimize the efficiency and manageability of its UNIX - and Linux-based computing systems.
Today five enterprise software companies announced the creation of the Enterprise Desktop Alliance (EDA) to facilitate the acceptance of the Mac in environments managed with Microsoft Windows. Centrify is pleased to be one of these five software companies participating in the EDA.
I wanted to use this blog post to discuss the ways our DirectControl and DirectAudit solutions can be used to audit your UNIX and Linux environment. Many vendors bandy about that they do auditing, but many just simply interpret and/or write to log files regarding successful and unsuccessful logon attempts. What they don't do is deal with what today's auditors and security professionals must increasingly address which is auditing user-level activity. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires that organizations audit "all actions taken by any individual with root or administrative privileges"- not just their logon attempts. Fortunately Centrify can help with the both high-level and more detail levels of auditing required to meet organization's compliance requirements.
Having recently written about how DirectControl can integrate non-Microsoft web servers into Active Directory, I want to provide some insight into our efforts in extending Active Directory-based single sign2on to SAP ERP applications running on UNIX and Linux systems. This blog post on our SAP SSO solution is a complement to our upcoming webinar on SAP SSO using Active Directory (which I urge you to register for :-) ) and other resources such as our white paper on SAP SSO.
We are looking to immediately add 15+ great people to our sales team that represents the market leader in this hot market within security for extending Microsoft Active Directory across heterogeneous systems and applications. Positions are located all over the US and in the UK.
In my last few blog posts I discussed some of the challenges customers are trying to address with Web single sign-on (SSO) solutions, the architecture and key features of our DirectControl solution for web and Java/J2EE applications, and the specific use case of web SSO for intranet applications (applications where all of the users are "internal" users such as employees, contractors and consultants.) In this final blog post regarding DirectControl for Java/Web I would like to discuss the second use case regarding web SSO for extranet applications using ADFS and DirectControl for Java/Web.
In my last couple of blog posts I discussed some of the challenges customers are trying to address with Web single sign-on (SSO) solutions, the architecture and key features of our DirectControl solution for web and Java/J2EE applications, and how DirectControl addresses these challenges. In this blog post I will discuss the specific use case of web SSO for intranet applications (applications where all of the users are "internal" users such as employees, contractors and consultants.)
In my last blog post I discussed some of the challenges customers are trying to address with Web single sign-on (SSO) solutions that leverage Microsoft Active Directory. In this blog post I want to discuss the architecture and key features of our DirectControl agent for web and Java/J2EE applications and how it addresses these challenges. In future blog posts I will describe some use cases of our web/Java agent.
Most of our customers are familiar with DirectControl's core ability to seamlessly integrate non-Microsoft operating system platforms such as UNIX, Linux and Mac into an Active Directory environment. But over the years we have also heavily investing in building on top of DirectControl's OS-level capabilities some really solid technology that enables Active Directory-based single sign-on to custom web and java application servers running on a UNIX, Linux or Windows systems.
As part of our continued efforts to make UNIX and Linux systems more secure by getting customers to replace their old and insecure Network Information Service (NIS) directory service deployment(s) and onto a modern and more secure LDAP and Kerberos infrastructure, Centrify is pleased to announced it has created a NIS replacement and migration resource site: NIS-Migration.com.
As readers of my Centrify blog know, I usually use this blog as a forum to discuss Centrify's vision, customers, why our technology and our approach to interoperability makes sense, etc. In today's blog I am going to go "off topic" and discuss interoperability as it relates to Microsoft's recent announcements re: their "interoperability principals" and analyze how recently published Microsoft protocols map to US patents and US patent applications that are held by Microsoft.
On April 23rd for North America and on April 24th for Europe we are hosting a free Network Information Service (NIS) Migration webinar that explains how Centrify DirectControl can enable you to leverage your existing Active Directory-based LDAP and Kerberos infrastructure to replace NIS with a solution that meets regulatory requirements and streamlines your IT infrastructure and operations in the process.
Today we announced DirectControl 4.1. While a relatively minor release, it adds over 20 additional operating systems to our industry-leading list of non-Microsoft platforms (now over 135 platforms), Windows 2008 support, new web application support and also adds misc. support tools and utilities. It will be released by the end of April.
Recently we have seen a lot interest in our Java and J2EE integration capabilities with Active Directory. I wanted to use this blog entry to give some thoughts on why we do it and how we do it.
Recently one of our developers was visiting a customer and he told me the story that when one of the sys admins he was working with gave him a hostname to ssh to, he was presented with the following message: The authenticity of host 'hostname (172.27.20.32)' can't be established. RSA key fingerprint is 37:58:49:7b:da:8c:a9:61:44:3f:5c:35:81:20:b1:ff. Are you sure you want to continue connecting (yes/no)?
We have lots of stuff happening at the Directory Experts Conference, March 3-5 in Chicago, where we are a Gold Sponsor for the fourth DEC in a row. On Tuesday, March 4, from 6:00-8:30 we're throwing a party for DEC attendees in the Marquette Room. If you are at DEC, drop by for some refreshing cocktails and lively conversation with our identity management experts. You'll also receive a free Centrify t-shirt! Here's a list of customers, partners and Centrify experts who are among the featured speakers.
In support of today's launch of Windows 2008, Centrify is pleased to announce that DirectControl is the first (and only!) identity and access management solution to receive Windows Server 2008 software certification. We will be showing off DirectControl and its support for Windows 2008 at a number of "Heroes Happen Here" Microsoft launch events in cities throughout the U.S.
As many of you know Centrify DirectControl provides a comprehensive solution for global policy enforcement by extending Windows Group Policy services to Linux, UNIX and Mac systems. I want to use this blog entry to describe in a bit more detail how Centrify DirectControl implements Group Policy in a heterogeneous environment.
Back in October of 2007 I blogged about the launch of the Kerberos Consortium and how Centrify was a "Founding Sponsor" of the Kerberos Consortium, joining fellow sponsors and supporters such as industry vendors Google, Sun and Apple in supporting this important initiative. Since then a number of universities and US government agencies (e.g. NASA and the DOD) have joined the Consortium, but probably the biggest news of late is that Microsoft has also signed up as a Founding Sponsor and joined the Consortium's Executive Board.
Looks like Centrify is officially on a roll. We are pleased to see that we just won the 2008 Global Excellence Award for Best Identity Management Software from Info Security Products Guide.
We recently updated our Samba package on our support site to reflect some of the updates coming from the Samba team, and I wanted to use this blog to discuss what we offer with respect to how DirectControl can better integrate Samba into Active Directory.
Having recently blogged on how Wyeth Research migrated from Sun ONE Directory Server as to using Active Directory and Centrify DirectControl as the underlying identity infrastructure for their UNIX and Linux servers (as well as naturally for their Windows infrastructure), I want to discuss in this blog post how one of our customers is integrating their large number of UNIX-based desktop systems with their Windows environment leveraging Centrify DirectControl.
Now that I've posted on some of our recent awards, let me go back to focusing on some recent customer case studies ala how I highlighted Wyse. The first one I'll focus on is Wyeth Research. We recently posted a case study on Wyeth that discusses their migration from a Sun ONE Directory Server for their Linux and UNIX systems to using Active Directory and Centrify DirectControl as the basis of UNIX authentication, and I want this blog post to highlight a few interesting points.
Wow, right on the heels of earning a spot on Linux Magazine's "Top 20 Companies to Watch," we are pleased to see that SearchEnterpriseLinux.com has just named DirectControl its Security Product of the Year. In selecting Centrify as the Gold winner, the editors noted, "Centrify Corp.'s DirectControl 4 makes it drop-dead simple to incorporate Linux, UNIX, Mac, Web and database platforms into a pre-existing Microsoft's Active Directory (AD) schema, enabling Linux administrators to eliminate redundant identity management systems and standardize on a single enterprise-wide identity management platform."
It was neat to see that Linux Magazine has published its annual list of "Top 20 Companies to Watch" and Centrify was on the list. We were the only security software company and the only one focusing on delivering Windows and Linux interoperability on the list. Centrify was touted for helping Linux, Windows, and Mac OS X "all just get along" and providing "the glue" to enable interoperability between these heterogeneous systems. The editors further recognized Centrify's DirectControl solution by noting "…anything that fosters interoperability is going to be a hot technology."
In my last blog post I described the benefits of reducing identity "silos" and moving toward a single directory for your heterogeneous infrastructure. In this blog post I will describe some of the technical and business reasons why organizations should consider leveraging Active Directory to be "the" central directory for UNIX-based systems and applications, as well as non-Microsoft applications running on Windows.
I was recently interviewed by Art Wittman, Editor at InformationWeek, and one of the questions he asked me was regarding the technical soundness of leveraging Active Directory as the basis for Linux identity management. That question motivated me to articulate in this two-part blog entry the various technical and business reasons why customers should deploy our DirectControl solution on non-Microsoft platforms to enable Active Directory to become the central identity and access management "hub" for cross-platform systems (e.g. Windows, UNIX, Linux and Mac) and applications (e.g. IIS, Apache, JBoss, WebLogic, DB2, SAP, etc.). But before I do, let me first articulate why reducing identity stores and moving toward a single directory is highly beneficiary.
Back in October I attended the Goldman Sachs' "Building Great Security Companies 3.0" conference, which covered trends impacting the future of information security. One of the highlights for me was Sarah Friar from Goldman Sachs discussing the results of the fifth installment of Goldman's security spending survey that was published in September 2007. Over the holidays I had the opportunity to catch up on some reading material, and I was able to finally review the 2007 survey in detail, and was curious what had changed from the 2006 security spending survey edition that I blogged about previously.
In this blog post I want to feature a few more of our enterprise customers who have graciously agreed to publicly share some of their experiences with Centrify DirectControl. The first Centrify customer I want to highlight is Wyse Technology. Wyse is riding the virtualization wave big-time and is a leader in thin computing, so it is not a surprise that Wyse is internally a big VMware shop. Faan DeSwardt is Wyse's Director of Enterprise Architecture, and Faan was kind enough to drive up from Wyse's headquarters in San Jose to San Francisco to be interviewed with me by InformationWeek on their experiences with DirectControl.
Recently I visited a large enterprise organization that has over 30 Network Information Services ("NIS") domains in their UNIX and Linux environment. Microsoft was kind enough to introduce us to this account, which is looking at integrating Windows with UNIX/Linux. The customer is now looking to deploy Centrify DirectControl to de-commission their NIS infrastructure and move to using Active Directory as the central directory identity store for not only their Windows environment but their thousands of UNIX and Linux systems as well. I have done a video chalktalk with our Director of Engineering, Mike Patnode, on how Centrify DirectControl delivers NIS Migration and Interoperability, and we have a nice whitepaper on Migrating UNIX Directories (e.g. /etc/passwd, NIS/NIS+, LDAP directories, etc.) to Active Directory, but I thought it would be nice to complement this material with this blog entry on how our customers are migrating NIS services to Active Directory with DirectControl.
This is the third and final installment of a set blog posts on some of the major new features of DirectControl 4, which shipped in early November. In this post I am going to highlight some of the enhancements we have made in the areas of extending Active Directory to additional non-Microsoft systems and applications, as well as discuss our new LDAP Proxy feature in DirectControl and improvements we have made to DirectControl's NIS support.
This is the second of a few blog posts on some of the highlights of DirectControl 4, which we shipped last week. In this post, I am going to highlight some of the enhancements we have made in the areas of Group Policy for UNIX, Linux and Mac, as well as improvements we have made to our DirectControl Report Center that delivers important compliance reporting capabilities.
On Nov. 6, Centrify shipped DirectControl 4, a major update to our flagship solution that delivers secure access control and centralized identity management by seamlessly integrating your UNIX, Linux, Mac, web and database platforms with Microsoft Active Directory.
Over the last few weeks we have made some enhancements to our customer support portal, including making the Knowledge Base easier to search and fine-tuning our great product download center. But the enhancement I am most excited about is the new Centrify Customer Forums. The forums provide a way for our customers to discuss issues with other customers and with Centrify staff. I encourage customers to use them to get advice, share your best practices, and make recommendations on product features.
On Tuesday October 9th at 1 pm EST we are doing a joint webinar with Apple on the topic of deploying Macs in the enterprise. Joining us from Apple is Joel Rennich, aka MacTroll, who runs the great website AFP548.com, and is the Consulting Engineering Manager in Apple's Enterprise group. So if there is anyone who can speak on this topic from Apple, Joel is the right guy. David McNeely, Director of Product Management, will be presenting on Centrify's behalf. We will be showing a lot of our unique Group Policy capability for the Mac environment.
Doug Barney and the folks at Redmond Magazine have been great to work with over the years. Last August in a feature spread on "Working with Microsoft" they were kind enough to run a sidebar article on Centrify and my approach to working with Microsoft entitled "Two-Time Winner." It is always great to see our ability to successfully execute a partner relationship with Microsoft recognized in a public forum. Fast forward a year or so, and I am depicted as one of the industry's "Windows Gurus" on the cover of the October 2007 issue of Redmond Magazine.
Last week I was at the Massachusetts Institute of Technology (MIT) in Cambridge, Mass. participating in the launch of the Kerberos Consortium. Centrify is proud to be a founding sponsor of this consortium, joining fellow sponsors and supporters such as industry vendors Google, Sun and Apple; large financial firms are represented by the Financial Services Technology Consortium; as well as universities such as MIT, Stanford and the University of Michigan (my alma mater - Go Blue!) in supporting this important initiative.
Shortly on the heels of our shipment of DirectControl 3.0.7 (which adds over 20 new platforms and other features such as a bunch of new Mac Group Policies), today we released an update to DirectControl's web application support.
I just received the September issue of Windows IT Pro Magazine, and was pleased to see our very own Centrify DirectControl featured in a comparative review of "Cross-Platform Identity Management Solutions for Single Sign-On." Suffice to say, the in-depth review figured out the same thing that over enterprise customers have discovered in the last two years (including ) — DirectControl is the best solution on the market for integrating UNIX, Linux and Mac systems into Active Directory. DirectControl won the Editor's Choice award, and was the only solution awarded 5 of 5 stars.
Today Centrify released version 3.0.7 of DirectControl. New features include: support for 20+ additional platforms, additional Mac capabilities, new group policies to control our Centrify'd version of OpenSSH, and additional platform support for our console and tools. At the same time we are releasing DirectControl version 3.0.7, we are also releasing new versions of our PuTTY and OpenSSH support.
Centrify is very proud to be leading the innovation wave of integrating cross-platform systems and applications together leveraging Microsoft Active Directory. For example, Centrify was the first solution to offer Group Policies for the Mac environment and the first to offer Active Directory Federation Services web single sign-on agents for non-Microsoft web platforms, among many others.
Today we announced some results from our second full fiscal year of selling products on the market. We run a July 1 to June 30 fiscal year, so our crack accounting team is now done counting the numbers for our last fiscal year. Suffice to say we are very pleased with the results, having basically exceeded our expectations across the board. Some of the highlights from the last 12 months include...
As you know, Centrify DirectControl provides secure access control and centralized identity management by seamlessly integrating UNIX, Linux, and Macintosh OS X computers, and J2EE and web platforms, with Microsoft Active Directory. Just recently Centrify shipped our DirectControl DB2 Agent, which extends this capability to IBM DB2, allowing users to access DB2 databases using their Active Directory user identity. Hence, you gain the benefits of centralized authentication and access control with a well established, secure solution.
Just recently we announced the shipment of an updated version of our Centrify DirectControl for Mac OS X solution. I wanted to use this blog post to provide some color commentary on what actually is in this new release, discuss what Computerworld had to say about it, and give a concrete real-world example of how one our customers is using our product to lock down their Macs.
As an aside from my regular discussion of identity management, I wanted to mention that Centrify was a proud co-sponsor of this year's Palo Alto High School Robotics team. From building control systems for quadriplegics to designing and constructing award-winning robots that use teamwork to play a complicated game, Paly Robotics tries it all. Winning the 2006 Las Vegas Regional competition, they fought their way to the top this year as well, making the semi-finals and defeating NASA Engineering.
On April 18 we announced another major company milestone: the raising of $15 million in Series C funding. To date, Centrify has raised $36 million in venture funding from some of the leading venture capitalists in the world. This makes Centrify the most well funded company focused on delivering cross-platform interoperability and integration of Windows systems with non-Microsoft platforms such as Linux, and I believe it makes us the most well funded identity and access management software vendor in the market since Oblix.
Recently a number of Centrify customers have been featured in press articles from publications such as NetworkWorld, SearchEnterpriseLinux and ComputerWorld. It is really neat to see customers talking to the press about the positive experiences they are having with our products, and we really appreciate these customers taking the time to publicly talk about our company and products. As a company, we like to back our products with records of deployments that demonstrate our solutions' ability to scale across a diverse set of environments. It is always nice to be able to see press articles that offer proof to potential new customers of our large deployment base of satisfied enterprise customers.
OK, I admit it, I like the Payment Card Industry ("PCI") compliance standard. Now when I say the word "audit" or "compliance" and the expression "I like" I know a whole host of reactions will emanate from IT personnel, most of which are probably negative. So before I tell you why I like PCI, I am going to step back and give you my thoughts on the pros and cons of compliance in general.
Today we are really excited to announce a major new product, Centrify DirectAudit. In a nutshell, Centrify DirectAudit addresses regulatory compliance requirements for auditing, logging and reporting on user activity within your UNIX/Linux environment in an easy-to-use, secure and reliable manner. DirectAudit helps you detect suspicious activity and lets you granularly track activity down to which users accessed what systems, what commands were executed and what changes were made to key files and data. DirectAudit also provides in-depth diagnostic troubleshooting capabilities by letting you replay and report on user activity that may have contributed to system failures, as well as lets you perform real-time monitoring of who is currently accessing all of your UNIX/Linux systems.
It has been quite gratifying to hear the positive responses we get from customers regarding our current product offerings, and sometimes this will lead to the question of "What's next from Centrify?" or "Where are you going with your products?" So I thought I would spend some time painting a high-level picture of our vision that can help answer those questions. Obviously I am going to hold myself back a good deal because this is a public forum and I don't want to tip our hat too much, but suffice to say we have a lot of great stuff coming down the pike, including some really cool new innovative products. In this blog post I will mention one such new innovative product that is now in beta called DirectAudit, which will ship in May. Given that we won't publicly announce DirectAudit until mid-March I will not publish this blog entry that I am now writing in February until we announce it.
I recently came upon a survey authored a few months ago by Sarah Friar over at Goldman Sachs entitled "Security Spending Survey: Security Spending on the Offensive." In this particular survey Sarah had surveyed "50 managers with decision-making authority for security spending at multi-national Fortune 1000 companies."
At the RSA show on February 5 we announced DirectControl for Mac OS X, SmartCard Login Option, which enables Mac OS X users to join Microsoft Active Directory environments that require two-factor authentication via smart cards. The first smart card standard that we are supporting is for Department of Defense Common Access Cards (CAC), used pervasively throughout the DoD and related agencies to authenticate both military personnel and contractors to systems around the world.
In Part 1 of "Why was Centrify formed?" I discussed how I and my fellow co-founders identified a need for Identity Management for the growing Linux market, and in Part 2 I described how we translated that need into a solution we thought customers would want — the ability embrace and extend Active Directory to non-Microsoft systems, applications, databases, etc. to address their identity and access management needs. But would customers buy it?
In Part 1 of "Why was Centrify formed?" I discussed how I and my fellow co-founders identified a need for Identity Management as well as policy and configuration management for the growing Linux market. Yet as we looked at what we could do in this market we were worried that we did not want to offer yet another directory that a customer would have to manage. Even if we built the best directory for Linux and beyond (e.g. UNIX), the reality was, and still is, that at least half of most organizations' infrastructure runs on Windows and, by default, they would have to be using Microsoft Active Directory.
As CEO and a co-founder of Centrify, I am sometimes asked what the inspiration was behind the formation of Centrify. So I figured that would be a good topic for my first blog entry. Like many entrepreneurs in Silicon Valley and beyond, I really love working with a great bunch of people and building something from scratch that delivers lasting value to employees, customers and shareholders. There is nothing cooler than having your startup company and its product just suddenly appear in the market after being in stealth mode, and then if you execute and hit a sweet spot in the market, having in a relatively short span of time 100s of customers.
Hello, this is Tom Kemp, and welcome to my Centrify blog. This is my first blog and my first blog posting ever. So "hello world"! Please excuse the training wheels, and my apologies in advance if I am not following proper blogoquette. I have had a few weeks to think about what topics I would blog on and how I would go about writing the posts, and I would like to start off by sharing those thoughts with you.