Centrify for Mobile, SaaS for 2013 Takes Control of BYOD Management

By Frank Ohlhorst  |  Posted 2013-03-27

Centrify for Mobile, SaaS for 2013 Takes Control of BYOD Management

Centrify is taking on the task of mobile device management with two products that work together, Centrify for Mobile 2013 and BYOA (Bring Your Own Application) with Centrify for SaaS 2013.

With these products Centrify brings unified identity management to networks that are supporting multiple mobile devices and applications while providing administrators with a single pane of glass to view the managed devices.

The intuitive interface offered by Centrify in these products solves one of the biggest problems facing administrators today: managing multiple devices that are used by different individuals and that may run different operating systems and applications. This is a chore that gets more complicated once mobile users and bring-your-own-device (BYOD) initiatives are added to the mix.

Taking control of devices for security purposes and to provision or de-provision applications is one of the most important jobs in IT. Nowhere is that more important than with the BYOD initiative that is sweeping across many enterprises, where contrary to traditional IT policies, users are encouraged to use personally owned devices to access corporate resources and software-as-a-service (SaaS) applications to do their jobs.

While promising enhanced productivity and end-user flexibility, BYOD brings a multitude of challenges to IT administrators, ranging from security concerns to managing application deployments to enforcing appropriate use policies. However, these are far from easy tasks that are further complicated by the fact that organizations increasingly don't own the device or the SaaS applications they use every day.

Nevertheless, it all comes down to identity—properly identifying the device, the user, their role in the organization—while providing secure access to network and approved applications. Centrify has its roots in identity management, giving it a head start in the world of mobile device management and mobile application management.

A closer Look at Centrify for Mobile and SaaS 2013:

When I last looked at what Centrify had to offer, the company was just starting to support BYOD and mobile devices with an identity-based paradigm. Since then, Centrify has added a multitude of features that moves the product squarely into the mobile security spectrum—creating a management product that handles identity, as well as provisioning, and all other aspects of mobile device management in a single product.

The benefits of integrating complete device management with identity management and application management are numerous, ranging from providing a single pane of glass view to offering an integrated end-user portal—whether the user is on a PC or their mobile device—making life easier for both end users and administrators.

Centrify Unified Identity Services accomplishes that by unifying security across multiple platforms, including cloud services, devices, directories, Web applications and so on. The idea here is to provide a single sign-on capability to end users, while providing a single management interface for administrators.

The real question is "Does Centrify deliver?" The short answer is yes; the long answer takes a deeper dive into the technology. I tested Centrify for Mobile 2013 and Centrify for SaaS 2013 with a number of devices and applications and found that for the most part the cloud-based service was easy to deploy, use and manage—thanks to intuitive administration screens and several configuration wizards that take the guess work out of setup.

Centrify for Mobile, SaaS for 2013 Takes Control of BYOD Management

Installation of the platform offered no surprises, which in today's technically complex world is a welcome occurrence. Nevertheless, base configuration is very important and installers should follow the company's directions and recommendations to make sure the service is configured properly and available to remote users.

When configured properly, Centrify offers:

·         Authentication/ single sign-on

·         Auditing and reporting

·         Self-service portal

·         Mobile application management

·         Encryption of data-in-motion

·         Policy enforcement

·         Authorization and role-based access control

·         Mobile zero sign-on

·         Mobile device management

One of the most important aspects of Centrify is its integration with Active Directory (AD), which then works as the repository for all of the identity information, as well as a central repository for policies and other information needed to provide identity control to Windows and non-Windows devices.

That approach has several advantages. First and foremost is that most IT administrators are very familiar with Active Directory, meaning that they have the skills to be instantly productive with Centrify. What's more, Centrify works hand in hand with Windows group policy controls, further simplifying policy definition, provisioning and security definitions.

My testing focused on the ease of use for BYOD users and the management of those devices for administrators, which is exactly what Centrify for Mobile brings to the single sign-on equation. Beyond basic mobile device identity management, Centrify adds the following:

Mobile authentication services that consists of zero sign-on for Mobile and Web applications, the MyCentrify application for SSO capabilities and an SDK for integration of in-house custom applications.

Mobile application management, which consists of integrated mobile and Web application management, role-based access control leveraging Active Directory users and groups, and mobile app auto-provisioning/de-provisioning.

There is also mobile container management, including Active Directory-based management of virtual device containers, which enables zero sign-on across all apps in the defined container.

I found that defining and deploying those new capabilities was relatively easy, which is an important aspect for administrators. I particularly liked how simple it was to create policies that provide single sign-on services for hosted SaaS applications. Simply put, with a few mouse clicks and by inputting basic information, I was able to create an end-user portal accessible from any browser or from the native Centrify app on a mobile device, which provided access to both in-house applications and hosted applications, such as Salesforce.com and Microsoft Office 365. The consistency across tablets, smartphones and PCs is slick from an end-user perspective.

You build portals using the policies defined and stored in Active Directory. Following the defined policies, the platform assembles the appropriate apps and options for the end user, based upon groups, security assignments and application definitions. In short, portals use a Lego-like paradigm to assemble access on the fly.

Management of mobile devices proves to be just as straightforward. Administrators will find it easy to generate reports that exemplify setup parameters, usage and so on. This brings added simplicity to auditing and control.

Available now, Centrify for Mobile and SaaS 2013 are part of Centrify's suite of SaaS-based offerings that offers multiple options, configurations and integrations with other Centrify products. Centrify for Mobile 2013 is priced at $3 per device per year, which includes technical support and access to feature updates. Centrify for SaaS 2013 is priced at $4 per user per month.

Rocket Fuel