Monday, August 17, 2015

Opinion: On Centrify's Value Proposition - Part I

My take on Centrify's value proposition

Non-IT people often ask me:  “What is it that Centrify does…?” the answer to that question is becoming increasingly broad, because the product portfolio is growing; what I typically like to say  is this:  “we provide Active Directory-centric Access Controls(*)”; however, in the past 3 years we have released capabilities that expand beyond the basic premise of a heterogeneous data center.  The overwhelming response to some of the briefings we have with prospects or customers is this:  "Wow, I didn't know you did that much?"

I've expanded the definition to:  “We help you with your existing access control challenges in the data center, in the cloud and with mobile devices” this is regardless of directory bias especially in the context of Cloud (IaaS, SaaS) we are dealing with extended borders where Active Directory may not exist. However, ultimately common sense dictates that organizations should be aiming to reduce identity stores, not increase them.  However, when I look at our customer successes, and I'm a bit more bullyish.  Perhaps the answer should be: "We allow you to implement strong access controls in your systems and apps, regardless of location while promoting usability and operational efficiency" 

In this long entry, I'm going to present Centrify’s value proposition in 3 major areas:
  • The diverse data center (using Active Directory to conquer AAA challenges with non-Windows platforms:  UNIX, Linux and Macs)
  • Privileged Identity Management (using Centrify software and Services and Active Directory) to conquer the Super User Privilege Management (SUPM), Shared Account Password Management (SAPM), and Privileged Session Management (PSM) for Windows, UNIX, Linux, Macs and Network Devices.
  • Web application and Software as a Service (SaaS) access controls, single sign-on (SSO), mobile access and mobility management

The subsequent posts will consist of “problem statements” or “challenges” that our customers and prospects provide us, and I will deliver a series of technical briefings (or demos) to cover each problem set.  As always, the intended audience is typically architects, security professionals, systems administrators and application owners.

In summary, and in business terms Centrify’s value proposition is around these principles:
  • Implementing Strong Access Controls to protect your systems regardless of location
  • Eliminate or consolidate identity stores
  • Use what you have:  de-duplicate processes and infrastructure 
  • Promote operational efficiency
  • Be strategic, rather than tactical - solve the problems of today and tomorrow.

The goal is not to go in depth in technical terminology but to look at problem sets and solution sets "a la Centrify" - If you're just a visitor, it's a great way to look at Centrify in a non-technical way, although the demos will be somewhat technical.

(*)Why not use “Identity Management”?   Centrify uses the term too.

I personally refrain from using the “Identity Management” term because years ago, the term was intimately linked with Gartner’s definition AND for too many IT professionals it is synonymous with software that was expensive, consultant-heavy and projects that showed very little results.  
I think Centrify is in the identity space, but our approach is much simpler and integrated (producing faster results), besides, prospects often have unrealistic expectations if they think a single solution can solve all their Identity-related problems.  What I’m willing to concede (and I’m BIASED) is that if an organization is committed to Active Directory as their main identity store, using Centrify will provide “pound-per-pound” the best capability return per dollar invested, however, I’m also able to recognize that not all organizations are the same; there are complexities, political battles, biases and the simple commitment to use Active Directory is a tough decision to get to.
I also don’t want to have to tell people what they don’t want to hear.  If you were to ask me “Can you synchronize between PeopleSoft and target “X” system” – my answer is basically “No. user provisioning happens upstream and we try to avoid synchronization at all costs”  - sometimes briefings become a contest of “what can you do?” vs. “what problems can you help me with?” and this is the most frustrating part of being in technical sales.

No comments:

Post a Comment