Centrify delivers integrated software and cloud-based solutions that centrally control, secure and audit access to cross-platform systems, mobile devices and applications by leveraging the infrastructure organizations already own - Microsoft Active Directory. From the data center and into the cloud, more than 4000 organizations, including over 40% of the Fortune 50, rely on Centrify's identity consolidation and privilege management solutions to reduce IT expenses, strengthen security and meet compliance requirements.
In the following interview, Tom Kemp, Chief Execeutive Officer of Centrify Corporation, discusses 1:1 with Info Security PG, Editor-in-Chief of Info Security Products Guide, what CISOs, Compliance Officers and IT Operations need from a mobile security offering.
Info Security PG, Editor-in-Chief: Mobile devices are shipping in larger numbers than PC’s, clearly we have reached some kind of turning point, what trends and impacts do you see?
Tom Kemp: Clearly more and more information workers are following the BYOD (“Bring Your Own Device”) trend and accessing critical corporation information from their mobile devices. Given the ease in which a device can be lost or stolen, and the often inconsistent security policies that are applied to mobile devices (if even applied at all), there is a significant demand by IT organizations to lock down and secure mobile devices accessing their corporate networks. These challenges are compounded by the fact that users have their own device preferences - heterogeneity will certainly exist with mobile devices as it does today for systems in the data center.
Info Security PG: What do CISOs, Compliance Officers and IT Operations need from a mobile security offering?
Tom Kemp: Tablets, for example, are new computing devices for organizations. Organizations want employees to be productive with these new devices, but not expose the company to additional risk associated with losing information or if the device is lost or stolen. Also, provisioning and de-provisioning systems is an important concern, as is detecting if a device has been jail-broken by the user which can compromise security. In the end, customers really want complete control over all the device security and management controls exposed by mobile vendors such as Apple. These policies are fairly common across devices. Policies can configure settings for Exchange email as well as Passcode policy and device restrictions, like which applications can be installed, use of camera, or wiping data if the device is lost. In addition, Centrify DirectControl for Mobile automatically sets up profiles that enforce the customer’s policies for Wi-Fi and VPN access, authentication, and protocol settings. Whenever you are dealing with end users it helps to make the process as automated as possible - reducing helpdesk calls makes it easier for everyone.
Info Security PG: Why would customers be interested in Centrify’s approach to Mobile Device Management?
Tom Kemp: We’ve made it easy for customers to quickly and reliably manage mobile devices in their network - whether those devices are provided by the company or brought in by the employee. It’s easy and reliable because it is tightly integrated within AD, and so they already know how to manage our offering. They don’t have to deploy another complex infrastructure which creates yet another identity and policy silo in the organization. Additionally, Centrify understands what it takes to address security and compliance issues, as I mentioned over 4000 customers rely of Centrify to manage access to their server and endpoint systems.
Also, our Cloud-based service is a quicker way to deploy MDM and provides secure communications from your on-premise Active Directory to your user’s mobile devices. This means there is no appliance to deploy and no firewall configuration changes to make. When you think about it, customers already own half of the solution given they have AD. They just need to set up the cloud service that integrates with AD, and they are up and running.
Customers also like the fact that we secure access to many platforms and applications, not just mobile devices. I mentioned Macs earlier and we’ve seen time and time again that where there are iPads you tend to find Macs to, as well as Linux, UNIX and SAP and web applications as well. So we increase IT’s return on investment by handling access and controls for all their systems and devices and lower their costs.
Finally, we are the only mobile security provider that offers a free solution. Let’s face it, traditional MDM solutions are expensive, and force you to go through an exhaustive sales cycle to even evaluate a solution. We provide Centrify Express for Mobile for free, and there is no limit on usage or number of devices you can manage. Customers can upgrade to the paid subscription to get technical support and feature enhancements when and if their business dictates.
Info Security PG: So you talked about users and the architecture, can you describe briefly how it works ‘under the hood?’
Tom Kemp: Centrify’s unique approach allows customers to enroll devices in Active Directory through a self-service process. The owner or user of the device enrolls their device by simply entering their Customer ID and their AD username and password via a web-based form or via a Centrify mobile application that they can install on their device. Using either method, a trusted over-the-air connection is made from the device to the Centrify Cloud Service, which in turns communicates to the customers on-premise AD via our on-premise Cloud Proxy Server. The end result is that a computer object within AD is created, and the device is associated in the directory with the user that enrolled the device. Because the device is in the directory, group policies can then be automatically applied to the device via the Cloud Proxy Server back to the Cloud Service and then to the device. The company has already invested all that time and energy creating these policies and user groups for their PC’s, why not extend them to the mobile environment? These policies are implemented on the mobile phone as device profiles, and typical policies include passcode policies, device restrictions (e.g. disable camera) and VPN and WiFi settings. This process joins the device to Active Directory and applying the pre-defined policies takes just a minute or so to complete.