In my last two blog posts I discussed how the four top of mind items for CIOs are Big Data, Mobile, Cloud and Security, and how Centrify is innovating in the areas of Big Data and Mobile. In this blog post I will discuss how we are innovating in the Cloud — specifically how we are leading the charge to deliver Identity-as-a-Service with the utmost flexibility to store identity where you want it and also allow remote users to seamlessly access on-premises apps via the Cloud.
Clearly the Cloud market, like the Mobile market, is also growing by leaps and bounds. Check out these crazy big stats from Rackspace and Spiceworks:
Gartner is in fact predicting (per this photo from the Gartner IAM summit this past November) that in a few years a fourth of an organization’s data traffic will actually be outside the corporate network:
With this “de-perimeterization” occurring, it clearly puts more onus on securing users’ identity, as the traditional ways of “securing the network” with firewalls, A/V, etc., are no longer applicable when your employees are using their mobile devices over public WiFis to talk to Office 365, Salesforce, Box, etc.
Another interesting trend is that the Cloud coupled with Mobile is also driving this whole “consumerization of IT” trend, where users or departments are buying and deploying apps (i.e. BYOA) vs. the classic central IT organization. Here’s another photo from a Gartner slide, this time at the last Gartner Data Center Summit, where they say 50 percent of business technology spending will be outside of traditional IT by 2017.
This results in “shadow IT” where it is difficult to know who really has access to what, and combined with all the multitudes of new Cloud-based apps, it also means that users are invariably drowning in a sea of passwords, again drawing a spotlight on the heightened need for robust Identity and Access Management for the Cloud.
Given all this it is no surprise that Gartner says that the market will grow to over $1 billion for Cloud Identity alone in the next few years.
Cloud Identity … with Identity where you want it
Centrify is considered a leading vendor in the market for Cloud-based identity, and the momentum we have had in this space has been significant over the past 12 months — with more than 2000 customers adopting our Identity Service offering, and technology vendors such as AVG and Samsung also leveraging our technology. So as more Cloud-based apps are deployed, that represents an even greater opportunity for Centrify to address customers’ concerns about password sprawl and lack of visibility and control over who has access to what vis a vis cloud apps.
Clearly Centrify has a strong Cloud story, and it is obvious we should be topical to any CIO given that the Cloud is one of the top 4 items they are thinking about, but I want to use the rest of the blog to draw attention to some of the areas where I think we are doing some neat and innovative stuff vis a vis securing the Cloud.
The first area is what we call “identity where you want it.” The reality is that most customers today have Active Directory, and many want to leverage this pre-existing identity store that is on-premises as the means to authenticate their users to Cloud apps.
At the same time we are also seeing that there are more and more companies (mainly startups) that are “Born in the Cloud” and don’t have Active Directory ― or any on-premises infrastructure for that matter — and in fact don’t have a master source of identity, and are perfectly happy having a Cloud-based solution for storing identity.
We have also seen organizations want partners or customers to also authenticate to some of their apps, but those identities are stored in on-premises LDAP directories from a multitude of vendors (Sun/Oracle, NetIQ/Novell, CA, OpenLDAP, etc.).
And finally we see instances where a customer wants to mix-and-match where identity is stored, e.g. customers in LDAP, contractors in the Cloud, and employees in AD.
Given the need for flexibility where identity is stored, it is puzzling that most of the other vendors in the Identity-as-a-Service (IDaaS) space force you to store identity data in only their Cloud directory. They talk a good game about AD or LDAP, but in reality it is their identity store or the highway, and under the covers they are constantly replicating data back and forth between on-premises and their proprietary cloud-based directory. And frankly some customers don’t want that being done to their “keys to the kingdom.” In another case we see that a platform vendor will say it is OK to store data in the cloud or on-premises, but as long as it is their directory in either case. Either way, I see this approach as being Stalin-like, as no doubt they are trying to lock you the customer into their directory.
Centrify takes a more open and flexible approach. We let you leverage your identity in Active Directory without forcing you to replicate to the cloud. Want to have all your identity in the cloud? No problem. Want to leverage a LDAP directory from XYZ vendor as a data source for identity? Also no problem (this great LDAP support is coming out this weekend in an update to the Centrify Cloud Service ― more about this great functionality next week!). And finally, if you want to have some users in AD, some users in the cloud, some in LDAP — again no problem.
Choice is good, and Centrify delivers that. Who would you vote for from the two choices below?
The App Gateway
Another area of innovation for Centrify vis a vis the Cloud is our ability to let users who are out in the Cloud to be able to seamlessly and securely access on-premises applications without the hassles of a VPN.
Huh you say? Let me explain … clearly there is a need for users to access SaaS apps irrespective if the users are on the corporate network or at a Starbucks. At the same time, the same user probably also has to access on-premises apps, and IT organizations want to deliver a single click access to those on-prem apps just like SaaS apps. At the same time, end users may not want to fiddle with a VPN (or be on a device that has a VPN). Or in other instances you want customer or partners or vendors to access this on-premises app, but you don’t want to give them VPN access or put the app in the DMZ or poke a bunch of holes in the firewall etc.
“With this feature, IT can give users remote access only to the on-premises apps they need, without changing a single line of code, anywhere. End users can access both SaaS and on-premises apps all from Centrify User Portal or Centrify Mobile apps without having to install anything, or firing up a VPN session. …. The App Gateway is available for applications such as Sharepoint sites, IIS-based apps, more than a dozen application templates available in the application catalog, and any web application running inside your internal network. This feature is also available to use with any of our custom templates (Bookmark, SAML, Username and Password, Ws-Fed, etc.) which are used often to configure internal applications.”
The bottom line is the App Gateway provides easy and secure access to on-premises apps without requiring configuration of a VPN client or a VPN concentrator, or modifying firewall policies. With Centrify, IT can give users remote access only to the apps they need, without changing a single line of code, anywhere. IT can manage user identity and access to on-premises and cloud apps, and secure users’ mobile devices, all from a single console.
Hopefully that gives you a feel for how Centrify not only helps secure the Cloud but is also delivering innovative Cloud-based solutions. In my next and final blog of this four part series, I will discuss how Centrify is addressing the fourth big “top-of-mind” item with CIOs ― Security.