A Common Architecture for Cross-Platform Identity Management

Built on a common architecture, Centrify Suite 2008 helps you improve IT efficiency, strengthen regulatory compliance initiatives, and centrally secure your heterogeneous computing environment

Centrify Suite 2008 is provided in three editions to address organizations' different needs for cross-platform identity management leveraging Microsoft Active Directory.

• Standard Edition. Includes Centrify DirectControl and Centrify DirectAuthorize, plus our DirectControl-enabled version of OpenSSH.
• Enterprise Edition. Includes everything in the Standard Edition, plus Centrify DirectAudit.
• Application Edition. Includes everything in the Enterprise Edition, plus any number of application modules to support single sign-on, including web servers (both Apache and J2EE-based), DB2 and SAP.

Why The Centrify Suite Matters

Government and industry regulatory compliance requirements such as SOX, PCI, HIPAA, GLBA and FISMA dictate that users should not share accounts (especially the root or other super-user accounts common on UNIX and Linux systems), but instead should log in with a personal account that uniquely identifies them to the system. They should then gain privileges based on their role within the organization, and all of their administrative actions should be audited.

For example, the Payment Card Industry Data Security Standard (PCI DSS) states in Section 8 that an organization must "identify all users with a unique user name before allowing them to access systems components." Section 7 asserts that organizations must "limit access to computing resources … only to those individuals whose job requires such access." Furthermore, the PCI DSS states in Section 10 that "all actions taken by any individual with root or administrative privileges" not only need to be controlled but also audited as well. These requirements are common for other compliance and industry standards such as SOX, HIPAA, GLBA and FISMA.

Centrify DirectControl facilitates compliance by allowing each user to log in to a UNIX or Linux system and/or log in to an application such as SAP using their individually assigned Active Directory account. DirectControl's patent-pending Zone technology provides further granular access control by restricting who (which UNIX-enabled Active Directory user or group member) can log in to which set of systems. DirectAuthorize builds on top of the scalable and robust DirectControl architecture by providing further granular delegation of what actions can be performed on a given system by a given user, and further controls when and how that user can access the system. Centrify DirectAudit also builds on top of this common architecture by auditing all actions taken by any individual with root or administrative privileges, another key compliance requirement. Together these three integrated security and compliance solutions make up the Centrify Suite.