It is still quite easy to think of Identity Management as a very specific, narrowly defined part of the overall security regime a business needs to apply, particularly if it is operating much of its information management services in the cloud. But in practice, the ID of users is now fast becoming the key component in providing a complete suite of security services, all driven by the definition and management of ever-more granular operational policies.
The control of any user’s ID, on any device, operated over the cloud from anywhere in the world that an Internet connection can be made, is now the start point for the application of full management on what applications and services that user can access, where and when they can be accessed, what they do with the data, and what privileges they are allowed as users.
It also provides a one-stop-shop for the de-provisioning of any individual as soon as that function is required.
What is more, this moves control of all the core aspects of how the IT resources are used back to the IT Department, which instead of being in charge of the daily machinations of the technology in use – that role now largely slipping away to many different types of third party hosted service providers – now become the guardians of the overall `business process’.
This is certainly the view of Darren Gross, the European Director of ID management specialist, Centrify, a view that he would suggest is borne out by the company’s growth rate.
“IT is now getting back control as it can now provide finely granular privilege management for controlling appropriate access to users, and this is being taken up globally,” he said. “We are now growing our partner programme geographically with local partners, the ones that understand the local culture, language and issues in their regions.”
The company has recently announced that it has expanded in Europe, Middle East and Africa, doubling the company's own headcount in the region and growing its partner channel by 139 percent. And Gross is still on the look-out for others.
One of the keys to this growth rate is the fact that Centrify delivers ID management capabilities as a cloud service – IdaaS. This makes it an easy deliverable to partners, and an easy management issue for the company itself. Centrify can itself provide the service to end user businesses that have been identified and sold the service by a partner. It can also allow some partners, particularly those with hosting capabilities in place, to host and manage service delivery themselves.
The control of ID authentication and user access means that IT now has full control over what the company calls Unified Access. This covers who is provisioned on a service, what applications they are allowed to use, where and when they are used, and what client devices are used to access them. And because it is a cloud-based single sign on (SSO) process, it is possible for individual users to choose just about any practical device they want, and at the same time, allow IT to identify the actual device being used as part of the overall user authentication process.
The equally important corollary to access authentication in an IDaaS is the ability to then fully audit the activities of individual users. This does mean that reactive investigations of security breaches can become both thorough and straight forward, with the processes and individuals concerned being readily identifiable.
But it also means that proactive, policy-based security regimes can be established based on the application of real-time analytics to the comprehensive audit data that the Centrify system produces. This does suggest that it can form the foundation of a policy-based `stop activity’ operation, where any unusual operation by an individual user can be terminated as it is begun.
According to Centrify’s European Technical Director, Barry Scott, the company has already moved some way along this path, with the development of a `stop and justify’ routine, where user actions can be suspended and the user asked to justify their actions. This, at least, can capture the activities of malware such as GOzeuS and CryptoLocker which operate in the background without direct user knowledge.
“In practice, however, this type of development is something we would leave to our partners, as they are often the specialists in such areas,” he said. “For example, we already have a partnership with Splunk on the use of audit data to help identify issues and problems with the operation of complex, cloud-based infrastructures.
“We also have a close partnership with Samsung, where we provide the enabling technology for Samsung Knox.”
This introduces the use of containerisation into the smartphone and tablet world to provide complete separation of the personal and work environments on the same client device.
Gross is also aware that the potential of Centrify opens up a number of different opportunities for its partners to not just resell the IDaaS, but build useful services on top of it. For example, there is an oft-discussed trend towards more individuals becoming self-employed contractors rather than salary-earning company staff. That way they get to use their skills across a number of different businesses, and the businesses get to only pay for the time the contractor commits to their specific projects.
Loose `federations’ of this type could benefit from a service that exploits IDaaS to allow the creation and disbandment of groups of contractors where the access privileges can be tightly defined and controlled, and the workflow fully audited for both security and billing processes.
Centrify has recruited a number of additional partners across EMEA, expanding its channel by 46 new partners. These include Nebulas, Quru, Somerford Associates, SecurityMatterz and AT Computers in the UK. The company has further expanded in EMEA East and the DACH region (Germany, Austria, and Switzerland), building new partnerships with Fujitsu Technology Solutions, Science+Computing (a Bull Group Company), Cross Media and Mint. Centrify has also recruited three new Value Added Distributors, Hermitage Solutions in France, IREO in Spain and Portugal, and Inforte in Turkey.