EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015



Similar documents
EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

1 Introduction Product Description Strengths and Challenges Copyright... 5

ObserveIT User Activity Monitoring

NextLabs Rights Management Platform

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

Speeding Office 365 Implementation Using Identity-as-a-Service

1 Introduction Product Description Strengths and Challenges Copyright... 5

An Overview of Samsung KNOX Active Directory and Group Policy Features

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Connecting Users with Identity as a Service

RFP BOR-1511 Federated Identity Services - Response to Questions / Answers

Cloud User and Access Management

Centrify Identity Service and Mac - Online Training

SINGLE & SAME SIGN-ON ASPECTS

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Protecting the keys to your kingdom against cyber-attacks and insider threats

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

Centrify Cloud Connector Deployment Guide

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

Roadmap to Solving Enterprise Mobility

IBM Security Access Manager for Web

Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution

Mobile device and application management. Speaker Name Date

How To Make Your Computer System More Secure And Secure

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

VENDOR REPORT by Martin Kuppinger April Atos DirX. KuppingerCole

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

Solve BYOD with! Workspace as a Service!

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Identity in the Cloud

Infrastructure Deployment for Mobile Device Management with Microsoft System Center Configuration Manager and Windows Intune

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Apps. Devices. Users. Data. Deploying and managing applications across platforms is difficult.

The increasing popularity of mobile devices is rapidly changing how and where we

Citrix Enterprise Mobility more than just device management (MDM)

RSA Identity Management & Governance (Aveksa)

Centrify Mobile Authentication Services for Samsung KNOX

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

AVG Business SSO Partner Getting Started Guide

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

How to Get to Single Sign-On

nexus Hybrid Access Gateway

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

A Security Overview of the Centrify Cloud

RSA Identity and Access Management 2014

STRONGER AUTHENTICATION for CA SiteMinder

Direct Control for Mobile & Supporting Mac OS X in Windows Environments

Identity. Provide. ...to Office 365 & Beyond

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

An Oracle White Paper Dec Oracle Access Management OAuth Service

Moving Single Sign-on (SSO) Beyond Convenience

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Dell World Software User Forum 2013

The Top 5 Federated Single Sign-On Scenarios

Microsoft Enterprise Mobility Suite

Flexible Identity Federation

MS 20532B - Developing Microsoft Azure Solutions

New Features: What s new in Windows Intune?

expanding web single sign-on to cloud and mobile environments agility made possible

Azure Active Directory

SAP Cloud Identity Service

How To Manage A Plethora Of Identities In A Cloud System (Saas)

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

BYOD How-To Guide. Securely deliver business applications and data to BYOD using Workspace as a Service

Microsoft Azure for IT Professionals 55065A; 3 days

Ondřej Výšek Sales Lead, Microsoft MVP.

Enterprise Mobility Suite (EMS) Sean Lewis Principal Partner Technology Strategist

Microsoft Enterprise Mobility Suite

How To Manage A Cloud System

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

NCSU SSO. Case Study

Centrify Mobile Authentication Services

Andrej Zdravkovic Regional Vice President, Platform Solutions Intellinet

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Conditional Access and Mobile Application Management explained

Enterprise Mobility Suite Overview. Joe Kuster Catapult Systems

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner

SAP HANA Cloud Platform. Technical Overview Uwe Heinz

Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity

Enterprise Mobility Services

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

Centrify Cloud Management Suite

Best Practices for Adding Macs to Microsoft Networks

Configuration Guide BES12. Version 12.1

People-Focused Access Management. Software Consulting Support Services

Transcription:

KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger January 2015 by Martin Kuppinger mk@kuppingercole.com January 2015

Content 1 Introduction... 3 2 Product Description... 4 3 Strengths and Challenges... 6 4 Copyright... 7 Page 2 of 8

1 Introduction Centrify is a US based Identity Management software vendor that was founded in 2004. Centrify has achieved recognition for its identity and access management solutions for web and cloud-based applications, as well as management for Mac and mobile devices and their apps. The company is VC funded and has raised significant funding from a number of leading investment companies. The company as of today has more than 5,000 customers. Centrify has licensed key SaaS and mobile components to Samsung for the Samsung KNOX platform and to AVG for the CloudCare Single Sign-on offering, including the cloud service that supports both offerings. Centrify is best known for their capability of integrating UNIX and Linux account management into Microsoft Active Directory, but also supports integration of Mac OS X. This still is at the core of their Centrify Server Suite. However, the overall portfolio of Centrify has grown, adding the Centrify Identity Service for access to Cloud applications, while the features of the Centrify Server Suite and its various editions have been significantly extended. Both Cloud computing and Identity and Access Management (IAM) can trace their beginnings to the late 1990 s. Cloud computing began as web services then developed into Software as a Service (SaaS) later expanding to cover areas such as Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) even, within the last couple of years, Identity (Management) as a Service (IDaaS/IDMaaS). IAM began with Provisioning applications and later expanded to include some, or all, of: Single Sign-On (SSO); Federation; Various forms of Access Control (AC) Role-based, Attribute-based, Rules-based, Risk-based, etc.; Governance, Risk and Compliance (GRC) including Access Governance; Authentication (AuthN) and Authorization (AuthZ); And a number of other services, depending on who is defining them. Without specifically looking at functionality, we can see that many different architectures are being described when talking about Cloud IAM (aka IDaaS): Is the service on-premises, in the cloud or a hybrid? Is the service controlled by the enterprise or by a third party as a managed service? Are only employee s covered, only external users, a partial mix (employees and partners, but not vendors or customers for example) or are all entities managed within the single system? Is access managed for only on-premise services, cloud-based services or both? If there are multiple identity data stores, are they synchronized or federated, and are they only cloud-based or can they be hybrid on-premise and cloud? Kuppinger-Cole believes that in the future there will be at least two distinct approaches to Cloud IAM that overlap in their core functionality. One is Cloud-based IAM/IAG that provides Identity Provisioning and Access Governance capabilities as a Cloud service. These services in fact are a direct counterpart to established on-premises Identity Provisioning and Access Governance solutions. These types of solutions Page 3 of 8

also provide good out-of-the-box integration with on-premise systems, allowing management and governance for identities and access to these services. The second group of solutions primarily focuses on managing what we call the new ABC: Agile Businesses Connected. They focus on managing external users, such as business partners and customers, and their access to Cloud services and on-premises web-based applications. Commonly, these services are a combination of identity federation, self-service registration, directory services, and access management solutions, all provided as a Cloud service. While both groups of solutions might converge in the long run, both provide far more functionality than just Cloud Single Sign-On, which will not remain sufficient for success in business. The fits well into the emerging market for Cloud User and Access Management. While its primary focus is on internal users, adds some interesting capabilities to common approaches for Cloud IAM. One is their integrated support for MDM and MAM (Mobile Device Management, Mobile App Management). The other is their tight integration with various types of devices, including Apple Macintosh systems, and the integration with Active Directory Group Policy management. The latter capability comes as no surprise when looking at the history of Centrify, where support for Apple and tight Microsoft Active Directory integration have always played a central role. 2 Product Description Centrify positions its Identity Service as Unified Identity Management for Cloud and Mobile. This approach is still rather unique, despite the fact that there has been a recent announcement by another vendor also providing integrated capabilities, and with others being expected to follow this strategy. However, Centrify is well-positioned due to its longer history and the strong integration already available, including the support for the leading-edge Samsung KNOX platform. supports a number of functional areas. One is support for Cloud Single Sign-On (SSO). Centrify names some 2,500 cloud applications that are supported out-of-the-box, with a continuously growing number and an expert team available supporting customers integrating further applications. Thus, the common cloud services are supported without further customization of connectors. Additionally, there are several types of generic applications for rapid integration of custom applications. One is a SAML (Security Assertion Markup Language) app, another for WS-Federation (required for certain applications such SharePoint), while the other supports username/password over HTML forms, NTLM or BASIC. These will work for SSO to most applications. For username/password apps, Centrify delivers a browser plugin to discover such apps, and support for auto-detection with manual fallback. Aside of the strong standard feature set, the also provides a number of native plugins for popular app servers, including Apache, Weblogic, Websphere, JBoss, Tomcat, and SAP Netweaver. When it comes to managing user identities, Centrify supports both its own cloud directory as well as Active Directory. Notably, there is no replication of on-premise Active Directory user data to the cloud directory, only on-premise integration, based on Centrify s long-standing experience with Active Directory integration. Both approaches can be combined. Page 4 of 8

The third functional area is Identity Provisioning, i.e. user lifecycle management. This must not be mixed up with what commonly is understood as Identity Provisioning, i.e. support for joiner, mover, and leaver processes across a variety of target systems. supports the lifecycle of users that want to access certain services with their PCs, Macs and mobile devices. All management of permissions within the scope of is supported. Furthermore, some 15+ SaaS applications are supported for full provisioning and deprovisioning of users. However, this is focused on provisioning and deprovisioning users to existing roles, but not managing role definitions and other authorizations (which, notably, no other tool in the Cloud User and Access Management market does today). One of the most compelling features, and a differentiator against the competition, is the support for mobility management, with a number of features. These include, among others: Mobile User Self-Service including device location, lock and wipe Device Management (MDM) for Mac, ios, KNOX and Android devices Container Management, based on Samsung KNOX and Apple Open-in management Application Management (MAM) Authentication Services, including support for multifactor authentication Integrated sign-on for apps, named app zero sign-on Device identification These features are controlled by policies. supports per app authentication policies that can take context information into account. Aside from the integrated multifactor authentication based on various approaches, supports also step-up authentication. Another interesting feature is the App Gateway service which allows an administrator to publish internal web applications such as Microsoft SharePoint to external users without requiring a VPN connection to the network. Being part of the emerging Cloud User and Access Management market, is delivered as a cloud service. In the Cloud, Centrify User Service for user management and Centrify Policy Service for policy management run as central services. Centrify Cloud Services provides the interface to these services, delivered through the Centrify Cloud Manager. Access for the client system happens through the Centrify User Portal that supports access to cloud services from a variety of devices, including mobile devices, PCs and Apple Macs. Additionally, there is the Centrify Cloud Proxy Server as an on-premise component that connects back to the existing Microsoft Active Directory infrastructure. The proxy delivers authentication, group policy and on-prem reverse proxy services. This proxy component is installed behind the corporate firewall and only uses outbound port 443 (commonly open for HTTPS) allowing organizations to quickly get up and running. Multiple proxies can be deployed with automatic failover and load balancing. For its Cloud deployment, Centrify relies on IaaS providers. Thus, the company can offer a number of data-centers across the world, covering various regions. While the service has a number of certifications, this construct might require further explanation particularly for customers from the EU (European Union) and other regions with strong data privacy and protection requirements. However, Centrify claims that the customer can rely on regional datacenters and no data flowing through or being stored in the US or other regions. Page 5 of 8

3 Strengths and Challenges is a very interesting offering in the Cloud User and Access Management market segment. Strengths are the leading-edge integration with Microsoft Active Directory, the strong support for Apple devices, and the built-in support for mobile security management. Additionally, the product delivers strong support for policy-based security management. However, even while there is the Centrify Cloud Directory, the primary focus as of now is support for both on-premise enterprise users accessing cloud services and mobile users. From our perspective, adding support for external user communities such as business partners and customers, based on services like inbound Identity Federation, self-registration, and self-service management, would further extend the scope of the solution and add value. Nevertheless, the can be listed among the solutions customers should closely look at when moving to Cloud User and Access Management. It goes well beyond plain Cloud Single Sign-On and offers a number of well thought-out and leading-edge features in this market, combined with strong on-premise integration. Strengths Excellent built-in support for existing cloud services Apps for simplified and rapid onboarding of both SAML connectivity, WS-Federation and username/password authentication to cloud services Integrated, leading-edge support for mobile security management Integrated support for multifactor authentication Strong policy-based management Strong on-premises application support with App Gateway feature Leading-edge integration back to Microsoft Active Directory infrastructures, not requiring synchronization of Active Directory content to the cloud Challenges Primary focus on enterprise users, with limited support for external user groups such as business partners and customers No own datacenters, approach might raise questions particularly from EU customers Page 6 of 8

4 Copyright 2015 Kuppinger Cole Ltd. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. Page 7 of 8

The Future of Information Security Today KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision making processes. As a leading analyst company KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business. KuppingerCole, founded in 2004, is a leading Europe-based analyst company for identity focused information security, both in classical and in cloud environments. KuppingerCole stands for expertise, thought leadership, and a vendor-neutral view on these information security market segments, covering all relevant aspects like Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), IT Risk Management, Authentication and Authorization, Single Sign-On, Federation, User Centric Identity Management, eid cards, Cloud Security and Management, and Virtualization. For further information, please contact clients@kuppingercole.com Kuppinger Cole Ltd. Am Schloßpark 129 65203 Wiesbaden Germany Phone +49 (211) 23 70 77 0 Fax +49 (211) 23 70 77 11 www.kuppingercole.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information