Centrify's AD-centric solution controls access, manages privileges
Centrify this week announced DirectAuthorize, a security solution that leverages Active Directory (AD) to control access on non-Windows platforms (http://www.centrify.com). The product integrates with Centrify's other AD-centric cross-platform security products—Centrify DirectAudit, an auditing solution for UNIX and Linux systems, and Centrify DirectControl, an authentication solution for cross-platform systems, web applications, databases, and storage systems.
Use Active Directory?
"Why not use AD? It offers a single point of control," Centrify CEO Tom Kemp says. "When \[it\] came out in Windows 2000, AD was pretty serious. It took time to migrate to. Now AD is part of the infrastructure. I think as the economy heads sideways, an approach that allows customers to leverage an existing investment and skill set and extend that across various platforms is invaluable."
"Windows has a better paradigm for controlling permissions," Kemp says. "Better than Linux and UNIX. We took the AD-centric paradigm and extended it." DirectAuthorize offers granular, role-based access control to help organizations secure systems and lock down privileged accounts. The solution leverages Microsoft Authorization Manager; roles and rights are managed centrally from within AD, and the solution requires no changes to the AD schema and no additional servers.
Compliance Drives Big Guys, Efficiency Drives Small Guys
For large organizations with thousands of non-Windows and Windows systems, he says, compliance is a driver for choosing DirectAuthorize. For smaller organizations, "Security is a 'nice-have' but the driver is more efficiency and productivity. Say you're a small firm, some partners use Macs, maybe the marketing person uses a Mac, others use PCs. The IT guy knows Windows but he's not a Mac guy—he doesn't want to set up Mac's open directory. He can use the same skills and tools to administer Macs" by deploying Centrify's solution. Not coincidentally, Centrify has also added additional Group Policy support for Macs.
Embracing Extending Platforms
"The reality is, the world is heterogeneous," he says, citing the Apple iPhone in addition to the use of Linux and UNIX. "Mobility has an impact on the enterprise. Windows will be the core infrastructure but people will be carrying phones that have as much power as their desktops. There'll be a need to integrate Windows with non-Windows systems. That's our area."
3 on AD: Click the links below to learn more about Active Directory:
"Active Directory: An Overview" http://www.windowsitlibrary.com/Content/155/07/toc.html
"Q. I read that I should never log on to a Read-Only Domain Controller (RODC) with a domain administrator account. Why?" http://windowsitpro.com/article/articleid/99208/q-i-read-that-i-should-never-log-on-to-a-read-only-domain-controller-rodc-with-a-domain-administrator-account-why.html
"Active Directory Enhancements in Windows Server 2008" http://windowsitpro.com/article/articleid/98061/active-directory-enhancements-in-windows-server-2008.html