One of the driving forces behind the emerging bring your own identity movement (commonly abbreviated as BYOI or BYOID) is the fact that many professionals today rely on a mix of technologies that includes on-premise enterprise and line of business apps, cloud services provided and managed by their employer, personal cloud services, mobile apps and the devices that run them, and traditional PCs running traditional productivity and business applications.
That means many users rely on several identities and their related login credentials to gain access to the resources and tools they need. Keeping track of those sprawling identities and credentials can be a complex and disjointed task, particularly when user naming conventions and password policies can vary widely. Centralizing around a single identity can make things significantly easier for employees and has the upside of improving security through the use of a single set of consistent policies for passwords and other account--related policies.
The BYOI concept, in which an identity and its related credentials are provided by a public service that users have already adopted in their personal life -- like Facebook, Twitter, or Google -- is one way to achieve that unified identity goal.
That approach has some drawbacks, however. It places identity management outside of the IT organization and infrastructure -- an approach that could make it hard to enforce or manage key identity features and policies like password requirements and account or device reset or unlock capabilities. As much as consumerization is causing a re-evaluation of the roles and requirements of IT and security within an organization, this may be a red line that organizations won't cross, particularly in regulated sectors like healthcare, finance, and government.
Earlier this week, Centrify unveiled an alternative option for achieving unified identity services that doesn't require organizations to cede authority.
That solution is a new product in the company's Direct Control lineup that is designed to extend enterprise identities beyond the corporate network to a range of public and private cloud services. Known as Direct Control for SaaS, it joins Centrify's Direct Control solutions for Macs, iOS and Android devices, various Unix and Linux distributions, and web apps and databases (including SAP).
Like Centrify's existing solutions, Direct Control for SaaS leverages the existing identities provided by an organization's Active Directory infrastructure without requiring administrators to extend or alter the Active Directory schema. In leveraging Active Directory, Centrify's solutions allow administrators to work directly with Active Directory management tools and group policies rather than forcing them to work in a separate console that syncs or pulls data from Active Directory. That approach, which sharply reduces the learning curve, install, and initial configuration time, streamlines identity/account management as well as the process of setting and enforcing policies. The result is a unified identity across internal and external resources that can be used for corporate-issued or personally-owned devices.
Direct Control for SaaS integrates with a broad range of services because it can support any system built around the Security Assertion Markup Language (SAML) and other single sign-on standards like OAuth and OpenID as well as forms based authentication. Out of the box, there's support for several well known services including Box, Dropbox, Evernote, Google Apps, Office365, Salesforce, WebEx, and Yammer (see a full list of supported apps).
Beyond unifying identities, BYOI lets users manage their personal and professional details, accounts, services, and devices. In fact, it effectively requires a level of self-service that takes account management burdens off of IT. Centrify's My Centrify portal extends some of that self-service approach to Active Directory with the following features:
- MyApps — one--click interface for SaaS Single Sign--on
- MyDevices — self--service passcode reset, device lock, and remote and device location mapping
- MyProfile — self--service for selected AD user attributes, account unlock and password reset
- MyActivity — detailed activity that helps users self--report suspicious activities on their account
To manage devices, apps, and resources beyond the corporate network, Centrify offers a cloud-based service that provides integration an on-premise Active Directory infrastructure without requiring Active Directory in the cloud as well as offering a secure management portal for Centrify services.
Centrify has been a long time player in the identity and user/workstation/device management market and offers many of its solutions on a freemium basis that lets organizations pilot and test them with no commitment. Organizations can even fully deploy them at no cost, though there are support and feature limitations when doing so. The extension of their administrator-friendly native Active Directory approach to mobile and cloud solutions is a natural approach to the consumerization trends and it's one that many IT leaders should consider because it has the potential to deliver a lot of value around these emerging enterprise needs without discounting or disposing of some core IT strengths.