How Centrify is Innovating in the Four Biggest Trends in IT … #2 Mobile

In my last blog post I discussed how the four top of mind items for CIOs are Big Data, Mobile, Cloud and Security, and how Centrify is innovating in the area of Big Data. In this blog post I will discuss how we are innovating in Mobility — specifically how we are leading the charge to integrate identity and mobility management delivered entirely in the cloud.


Mobile-3.3 devices per person per yearClearly the mobile market is exploding.  Some analysts are claiming that we are now up to 3.3 devices per business user this year (I assume that includes one’s laptop or Mac).

Analyst groups such as IDC are also saying that the number of devices in enterprises (i.e. businesses) is growing from 200 million in 2013 to nearly 400 million in 2017, with the vast majority being “employee liable.” Viva BYOD !

This boom in mobile devices in the enterprise is causing a boom in the Enterprise Mobility Management market (formerly Mobile Device Management). I was personally on the ground floor of that boom as a board member of Zenprise for 7 years (before Zenprise got bought out by Citrix). IDC expects that market to grow from $1.2 billion in 2013 to $2.2 billion in 2017 which is nice 15% per year growth.

Mobile - source IDC

The Integration of Identity and Mobility Management … Delivered via the Cloud

Having witnessed firsthand the Mobile Device Management (“MDM”) market as part of Zenprise and the Identity and Access Management (“IAM”) market as part of Centrify, it became clear to me that key elements of these two markets should and would merge together. I wrote about this as early as 2012. Per that blog post, I believed these two markets would come together for the following reasons:

  1. Mobile devices are increasingly becoming the de facto client for user’s access. e. if IAM is about making sure the right people have access to the right resources, and mobile devices are where people are doing the access from, then it is incumbent from a compliance and security perspective to ensure that the underlying device is also secure (e.g. requires a PIN, is not jailbroken, can be remotely wiped if lost, etc.) and being used by the right person. The device needs to be trusted just like the user needs to be trusted.
  2. Given the problem we have with passwords, mobile devices are also becoming the de facto “something you have” for multi-factor authentication (“MFA”). Mobile was key to IAM as it was the best place to provide MFA.
  3. Location is now part of the new definition of identity. Clearly you want to have location factor into whether or not a user can access an app.
  4. Provisioning a user’s access to a cloud service also requires provisioning the rich mobile app for that cloud service to the user’s device. It is not good if you don’t do one without the other.

So with that belief that MDM (now EMM) and IAM should come together and be delivered as a single solution, Centrify delivered on that vision, with enterprise mobility management being a standard feature of our Identity-as-a-Service (IDaaS) offering as of a few years ago. And the cool thing is we delivered both Identity and Policy ― for both Apps and Mobile — as a fully cloud-based solution and/or hybrid solution (where you could have identity and/or policy on-premise, in the cloud, or mix and match). For example, see this blog post from early 2014 describing our integrated identity and mobility management solution delivered entirely in the cloud.

Gartner recognized what we did in their IDaaS Magic Quadrant from June of last year when they wrote: “The integrated Centrify for Mobile capabilities provide many of the features of stand-alone enterprise mobility management vendors. Notable features include security configuration and enforcement, device certificate issuance and renewal, remote device location and wiping, and application containerization.”

And: “The enterprise mobility management features are unique in the market, and Centrify has a strong relationship with Samsung. Centrify hosts Samsung’s own offering, and Centrify leverages the Samsung Knox containerization capability.”

[By the way it is ironic that other vendors in the IDaaS space are just now releasing basic mobility management capabilities and are claiming that they are the “first integrated identity and mobility management solution delivered entirely in the cloud” or even forgetting the checkmark next to Centrify’s name for mobile device management in their competitive battlecards. This is even after members of their marketing teams sat through demos of our functionality at various events and Gartner clearly documented the above in the Magic Quadrant. All this reminds of the Upton Sinclair quote that, “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”]

So What Has Centrify Added vis a vis Mobility?

So you may be asking me…what has Centrify done lately vis a vis integrating Mobile Management with Identity Management? And my answer is…a lot!

Here are three recent examples:

  1. Robust support for Samsung KNOX 2.4 and latest Samsung devices. As Jonathon Benson described in this recent blog post, the Centrify Identity Service will support the bulk enrollment feature of Samsung devices that will enable IT admins to stage and enroll a large number of devices automatically by configuring device information in the cloud. This end-to-end bulk enrollment feature for corporate devices is a great benefit to IT departments as it saves time and eases ongoing device and app management. Centrify will also support the KNOX enterprise billing feature that facilitates separate billing management for personal and enterprise data usage. This will enable enterprises that are looking for ways to effectively manage data usage and cost by distinguishing business and personal device usage. Centrify also announced day-one support for the next Samsung flagship phone launched at Mobile World Congress 2015. Take into account that the few Identity vendors who do claim mobile management either don’t support KNOX or don’t support these type of features.
  2. Support for fingerprint scanners.   The Centrify Identity Service will support both the Samsung and Apple built-in fingerprint scanners, marrying the security of policy-based single sign-on (SSO) with multi-factor authentication (MFA), thus creating a better and more convenient user experience. This new functionality includes push notifications to Android and iOS devices, integration of multi-factor authentication for SaaS and mobile apps with Android Wear devices, and the industry’s simplest multi-factor authentication with one-tap verification. This capability will be generally available by the end of March.
  3. Further enhancements to our Mac Management support. Remember most MDM vendors don’t support the Mac and if they do, the support is quite light. And no Identity vendors support the Mac from a Mac management perspective. This is a huge differentiation as increasingly more and more Macs are making their way to the enterprise. Some of our recent enhancements include group policies for:  applying proxy settings according to location; making mobile accounts the default options for network users; configuring energy saving options; and disabling automatic login for FileVault. Plus other enhancements including more robust smart card support.

This slide below sums up what we do with respect to Mobile Management.

mobile-centrify offers user-centric EMM

So hopefully that gives you a feel for how we are innovating in mobility by integrating management of phones and tablets and Macs with our Identity-as-a-Service (IDaaS) offering. In my next blog, I will discuss how we are innovating vis a vis the Cloud ― one of the top 4 IT trends that CIOs are focusing on today.