Tom Kemp's Centrify Blog

The Centrify Vision (as of March 2007)

Tuesday, March 13, 2007

It has been quite gratifying to hear the positive responses we get from customers regarding our current product offerings, and sometimes this will lead to the question of "What's next from Centrify?" or "Where are you going with your products?" So I thought I would spend some time painting a high-level picture of our vision that can help answer those questions.

Obviously I am going to hold myself back a good deal because this is a public forum and I don't want to tip our hat too much, but suffice to say we have a lot of great stuff coming down the pike, including some really cool new innovative products. In this blog post I will mention one such new innovative product that is now in beta called DirectAudit, which will ship in May. Given that we won't publicly announce DirectAudit until mid-March I will not publish this blog entry that I am now writing in February until we announce it.

So let me first begin answering these questions by giving the proverbial "elevator pitch" on what our vision is, and then explain it a bit more detail below. Again, imagine you are on an elevator listening to me. So here goes:

"Our vision is that no matter how heterogeneous your underlying IT infrastructure is, Centrify delivers solutions that provide a consistent and secure way to meet compliance requirements as well as control access to and audit your heterogeneous infrastructure - and we do so by leveraging a de facto standard technology you already own, Microsoft Active Directory."

Assuming that you, the customer, have not gotten off the elevator on the second floor and I have a few more seconds, I would then basically rephrase what I just said to allow it to sink in:

"So what we do is, in effect, make a heterogeneous environment look and feel and act as if it were a homogeneous environment from an auditing, access control and identity management perspective. And to make this happen, instead of boiling the ocean with proprietary technology that will take years to deploy and cost bundles of money, we allow you to move toward a secure, connected computing environment in an easy-to-deploy and cost-effective manner by elegantly extending an existing technology you have already deployed."

And assuming I am not in an elevator with you but actually doing a presentation, I would show this graphic, which visually describes what I just said:

Figure 1.  Centrify's vision of a secure, connected computing environment.

And then I would show this slide, which articulates how DirectControl and DirectAudit map to this vision. I will write more about DirectAudit in the next blog post.

Figure 2.  Centrify is the only vendor that delivers the 3A's of Identity Management with an Active Directory-centric solution for non-Microsoft platforms. (Click to see an enlarged version.)

Now let me explain this in a bit more detail now that I too have gotten off the elevator and am back in blog-land.

Our vision is based on the reality of today's IT environment, which is that environment is completely heterogeneous. Unlike the 1960s and 1970s, when IBM delivered a single vendor solution with the mainframe and dumb terminals connected to it, not one vendor today can deliver a complete solution for hardware, operating systems, storage devices, networking devices, security, databases, web applications, ERP applications, etc. This is an environment we typically see at customer sites:

  • Operating systems: Windows, various flavors of UNIX, various flavors of Linux, some Macs, etc.
  • Storage: EMC, NetApp, some misc. Samba, etc.
  • Web applications: IIS, Apache, JBoss, WebLogic, WebSphere, etc.
  • Databases: Microsoft SQL Server, Oracle, DB2, etc.
  • ERP: SAP, etc.

You get the picture. Not surprisingly, achieving interoperability among the system and application platforms complicates life for IT managers. Organizations want heterogeneous servers and applications to be plug-and-play, so that IT does not have to spend time acting as a systems integrator or having to manually - and expensively - administer an ever-growing number of systems and applications individually. In addition, organizations want to leverage existing investments to get economies of scale, as budgets force the companies to do more with less. But most system and application vendors spend very little research and development efforts trying to make solutions play nicely with other, often competing, products.

Until recently, most organizations dealt with the lack of cross-platform interoperability by leaving the islands of infrastructure as is and paying the overhead to administer systems in a separate and decentralized manner. Not only does this approach impact IT productivity, but it often forces end users to have multiple usernames and passwords for different applications, which can significantly impact productivity and make the IT environment less secure, as passwords are often lost or stolen. Still, many customers learned to live with this, where each platform has in effect its own identity store, as shown in the slide below:

Figure 3.  The fragmented enterprise before Centrify. (Click to see an enlarged version.)

But over the last few years there is a new sheriff in town: compliance. Regulations such as Sarbanes-Oxley, HIPAA and the Payment Card Industry's Data Security Standard (aka PCI DSS) call for standardized and centralized ways of controlling which users can access which systems, applications and data, and for auditing what those users did when they were granted that access. Continuing to have separate and non-integrated mechanisms to control access to key systems is no longer an option, as regulations clearly dictate that organizations should have a centralized mechanism to grant users appropriate access to corporate resources - regardless of the platform that is being used. Some think only large and/or public companies need to meet the requirements. But, in fact, the requirements can be equally applicable to small retailers that accept credit cards and must now comply with the payment card industry's data security requirements or risk fines for failure to do so.

Faced with these issues - compliance requirements; heterogeneous platforms; expensive, decentralized management; security vulnerabilities; multiple IDs and passwords per user; and pressure to reduce costs - we think we offer a compelling solution that allows a customer to leverage a technology they already have heavily invested in, namely Microsoft Active Directory. Our solution set is much easier to deploy given that we are an agent to an existing infrastructure versus a whole new infrastructure. And given the wide range of operating systems, applications, databases, etc. that our products support, customers will find meaningful reductions in costs to administer and maintain islands of identity. So in the end we offer a customer something like this:

Figure 4.  The integrated enterprise after Centrify. (Click to see an enlarged version.)

Doesn't our vision and current product offering make for a much better "after" shot? And there is more good stuff to come from Centrify that builds on this uber-vision …

In my next blog entry, I will talk more about our brand new product, DirectAudit.

< Previous Article: IdM: Top Intend to Spend
> Next Article: Now Entering the Room: DirectAudit