V E N D O R P R O F I L E
C e n t r i f y P r i v a t e V e n d o r W a t c h l i s t P r o f i l e : B r i d g i n g
L i n u x / M a c / M o b i l e P l a t f o r m s f o r I n c r e a s e d S e c u r i t y
a n d M a n a g e d A c c e s s C o n t r o l v i a M i c r o s o f t A D
Sally HudsonI D C O P I N I O N
Today, companies' IT investments are driven largely by compliance regulations. Increasingly, existing identity and access management (IAM) solutions have to integrate/interoperate with Microsoft AD at some point in the installation and deployment process. Coupled with the increase in Linux-based servers and appliances, and the increase of bring your own device (BYOD) such as Macs, iPhones/iPads, and Androids, there is a growing opportunity for ISVs to deliver cross-platform management platforms that deliver interoperability across Windows/Linux/Mac and mobile devices, operating both on-premise and in the cloud, in a secure and centrally managed fashion. We believe Centrify is a company to watch because:
Opportunities exist in the departmental and divisional levels of enterprise organizations with Microsoft AD and Linux/Mac/mobile integration needs as well as with SMBs.
Centralized management and automated audit and access control are becoming requirements to meet government and industry compliance regulations.
The proliferation of users, systems, and applications in the cloud will create new challenges for organizations in achieving consistent access policies and driving additional requirements for visibility and control.
Privileged identity management (PIM) is critical, for both security and compliance, to every successful enterprise today. Many organizations are just beginning to evaluate PIM strategies and are looking for proven solutions from reliable vendors. Centrify has proved itself reliable over the past several years and is deployed in many high-profile organizations.
More than a year ago, Centrify successfully introduced a suite of five free Active Directory–based integration solutions called Centrify Express that deliver authentication, single sign-on, remote access, file sharing, and reporting capabilities for cross-platform systems deployed on-premise or in the cloud.
I N T H I S V E N D O R P R O F I L E
This IDC Vendor Profile analyzes Centrify, a company playing in the identity and access management market, and reviews key success factors: market potential, technology/solution, corporate strategy, force multipliers, and customers. Leveraging IDC's expert understanding of the competitive landscape and future of IAM, this
G lo ba l H ea dq ua rt er s: 5 S pe en S tr ee t F ra m in gh am , M A 0 17 01 U S A P .5 08 .8 72 .8 20 0 F .5 08 .9 35 .4 01 5 w w w .id c. co m
document highlights company and market information tailored to the investment professional's needs.
S I T U A T I O N O V E R V I E W
C o m p a n y O v e r v i e w
Centrify, based in Sunnyvale, California, plays in the identity and access management market. Centrify is well positioned to take advantage of the ongoing need to integrate Microsoft and Linux/Mac/mobile solutions in the IAM space. It provides an easy-to-implement, centrally managed, cost-effective approach. This market opportunity will continue to expand globally and across industries over the next several years as companies move to meet regulatory requirements, embrace cloud and mobility, and secure access control at ever-more granular levels.
Company details are provided in Table 1.
T A B L E 1
C e n t r i f y C o m p a n y S n a p s h o t
Category Details
Functional and secondary markets Identity and access management
Founding year 2004
Number of employees 150+
Number of customers More than 4,000
Company location Sunnyvale, California
Web site www.centrify.com
Funding initiatives Successful $16 million Series D funding announced in August 2011
Investors Accel Partners, Mayfield Fund, INVESCO Private Capital, Sigma Partners, and Index Ventures
Sales channels Over 50 signed VAR, SI, and reseller partners
Revenue estimate For CY11, approximately $30 million
Supplier info — Is this a minority-owned business? No Supplier info — Is this a woman-owned business? No
Note: The terms minority-owned business and woman-owned business are defined in the Definitions section of the Learn More section.
I D C W a t c h F a c t o r S c o r e s
IDC Watch Factor scores measure private companies based on a set of five defined success factors. Each of the five key success factors is made up of detailed subquestions, which are assigned a value from 1 (weak) to 4 (strong). The average of the subcategories is then applied as the overall score for each category:
Market potential: Competitors to Centrify include CA Technologies Access Control, Quest Software, and BeyondTrust. To a lesser degree, Centrify also sometimes competes with CyberArk and Lieberman Software. In the privileged identity management submarket of IAM, Centrify has strong appeal to companies looking for a software product proven to work in the Linux/Mac/mobile environments. As the company has now entered the mobile security/managed access control market, we anticipate Centrify will be competing with mobile device management (MDM) companies such as AirWatch and MobileIron. Technology/solution: Centrify offers one of the few pure-play and proven
Linux/Mac/mobile identity management and integration solutions on the market. Historically, companies have had to develop their own solutions within this market or hire an outside consulting firm to do it for them.
Corporate strategy: The company has both direct and channel sales and a number of strong partnerships. Management is both experienced and aggressive and has demonstrated both insight and focus in the IAM market over the past several years.
Force multipliers: Apple and Microsoft are Centrify's primary partnerships. The company also has relationships with all the system OS vendors and SAP.
Customers: Centrify has more than 4,000 customers worldwide, and these include many of the Fortune 500.
Figure 1 shows the Watch Factor scores for Centrify versus the Watch Factor average scores for all companies ranked by the Private Vendor Watch Service in the applicable market at the time of publication. The sections that follow detail the reasons for those scores.
F I G U R E 1
C e n t r i f y W a t c h F a c t o r S c o r e V e r s u s W a t c h F a c t o r A v e r a g e S c o r e
Notes:
The Watch Factor average score reflects the average score for all private companies scored by the Private Vendor Watch Service at the time of publication.
Scores are based on a scale of 1–4, where 1 = weak and 4 = strong. Source: IDC, 2012
M a r k e t P o t e n t i a l
Market
Centrify is part of the identity and access management market. In Worldwide Identity and Access Management 2010–2014 Forecast Update: Secure Access Control, Compliance, and Cloud Computing Drive Sales of Identity and Access Management Software (IDC #226248, December 2010), IDC shows 2010 IAM revenue at $3.7 billion and forecasts that the market will reach $5.5 billion by 2014. This is license and maintenance revenue only and is exclusive of managed service provider revenue (e.g., Accenture and Deloitte).
Centrify also plays in the privileged identity management market; IDC sees this is a competitive market within IAM. PIM is critical to companies today as implementation drives the ability to monitor, track, and evaluate how access rights are being used deeper by focusing on the privileged user environment within an organization. A PIM system takes into account that while security best practices differ from company to company, employing proper monitoring and management of privileged accounts is paramount to passing an audit. Corporate IT access controls must incorporate very robust controls on privileged account operations, including those at the application-to-application level. As a competitive market, PIM is projected to reach $425 million in software revenue by 2015. This growth will be experienced on a worldwide basis, with the most immediate market growth concentrated in North America and EMEA. The
need to comply with government and industry regulations including Sarbanes-Oxley, PCI-DSS, and HIPAA is the primary market driver in this space.
With Centrify's recent entry into the mobile device management/mobile security market, IDC believes the company's opportunities will continue to expand in the growing identity ecosystem.
IDC estimates that Centrify generated approximately $30 million in revenue in 2011, and we believe that the percentage of revenue from existing versus new clients is approximately 50:50 at this point.
Market Disruption
Centrify, with a datacenter solution that integrates the IAM of Unix/Linux systems to AD, is more of a market enabler than a disrupter. It provides a technology solution that cannot easily be found off the shelf at the same levels of access granularity and auditability. Most software solutions of this nature require a fair amount of customization at the user site. With the adoption of the Centrify software, companies can focus more on using the software to address business needs and worry less about security and access control issues. With its entry into mobile security, Centrify has the potential to be more disruptive, given its product architecture (cloud-based service integrated with customers' on-premise AD) and its go-to-market model and freeware offerings that could significantly disrupt pure-play MDM vendors and force market consolidation.
Competitive Landscape
At present, CA Technologies and Quest Software are probably the most direct competitors on the IAM Unix/Windows front. As previously noted, IDC believes additional competitors will emerge in the MDM space. Potential disrupters could evolve from the use of mobile devices within the corporation and the widespread need for enhanced security in social networking. This will drive the adoption of newer and emerging computing standards (SCIM, OpenID, etc.) and create rapidly changing business dynamics and ecosystems for users and providers that previously did not exist. Centrify has a history of adopting open source solutions.
M&A
Historically, the IAM market has experienced quite a bit of M&A activity. Oracle Corp. is probably the most extreme example here as the company's IAM offerings have been achieved mostly by acquisition as opposed to organic growth. Oracle, for example, has acquired IAM technology over the past several years by buying Sun Microsystems, BEA Systems, Thor, Passlogix, Bridgestream, Bharosa, and others. Symantec Corp. entered the IAM market with the acquisition of VeriSign. NetIQ purchased Novell, and Quest Software continues to acquire one or two smaller companies each year.
Companies most likely to make an acquisition in IAM in 2012 include Intel Corp., Symantec and, again, Oracle — and possibly Cisco and Juniper Networks as well. Companies likely to be acquired in the coming year include Symplified or Okta, both of which offer Federated SSO technology as a service.
Table 2 displays recent M&A deals in the IAM market.
T A B L E 2
I A M M & A D e a l s
Date Acquirer Target Company Deal Value Specific Market/Solution Type January 2012 Quest Software BitKoo Undisclosed XACML (fine-grained entitlements) February 2011 Quest Software e-DMZ Undisclosed Privileged identity management October 2010 Oracle Corp. Passlogix Software Undisclosed ESSO
NA Attachmate/NetIQ Novell Inc. Undisclosed IAM software suite and Linux Source: IDC, 2012
T e c h n o l o g y / S o l u t i o n
Centrify Suite 2012
Centrify Suite 2012 is the aggregation of several of the company's existing modules (DirectControl, DirectManage, DirectAudit, and DirectAuthorize) into a packaged offering with several different levels of service and support. These include Express (free) and Platinum and are tailored to meet the needs of a spectrum of client needs, from small to large and simple to complex. For customers, the Centrify Suite 2012: Offers centralized management of complex and disparate Unix and Linux
systems with the ability to easily migrate legacy Unix and Linux identities into Active Directory. This greatly reduces both cost and complexity for the customer in mixed Unix/AD environments and increases an organization's ability to meet security audit requirements. In mid-2011, the company introduced its first products for Windows servers, called DirectAudit for Windows, as part of the Centrify Suite. This allows Centrify to extend its footprint within the datacenter by adding regulatory compliance value to Windows servers in addition to Unix/Linux. Expands to include cloud and mobility, based on Centrify's vision that
organizations' IT environments will be a hybrid model of on-premise and off-premise resources. Centrify is augmenting and building on the market foundation described and plans to equally support, manage, and enable secure BYOD environments by adding mobile tablet and smartphones to the currently supported Mac OS X products.
Establishes an enforced "least access" model for privileged users, protecting a company from insider threat, and strengthens compliance profile.
Provides easy deployment and administration of non-Windows systems with new DirectManage capabilities. Customers can expect greater operational efficiency by quickly discovering, configuring, and linking new systems and updating existing systems. This is usually a painstaking and error-prone process in any organization.
One of Centrify's strengths is that its solution set supports over 300 platforms. All of the Suite 2012 editions include free Centrify-enabled versions of OpenSSH, PuTTY, Kerberized FTP, and Telnet as well as other open source tools. All editions provide the customer the option of purchasing SSO modules for JBoss, Tomcat, Apache and J2EE Web applications, SAP's NetWeaver, and IBM's DB2.
Express 2012 includes Centrify Insight, a unique application powered by Splunk delivering out-of-the-box dashboards, reports, and analysis for Unix and Linux users' identity, authentication, and authorization data. Centrify Insight specifically adds the ability to monitor and report on Unix user log-in activity for Active Directory and local users, successful/failed log-in attempts, and log-in methods including SSH, telnet, and su (switched user). This system access intelligence ensures that only authorized personnel are accessing critical business systems on-premise and in cloud environments.
Other Products/Solutions Offered by Centrify
Centrify also recently announced the release of DirectAudit 2.0, its privileged identity management software designed to audit privileged user sessions on Windows, Unix, and Linux platforms. This release is designed to be highly scalable and more competitive with pure-play auditing offerings. It offers load balancing and failover as well as the ability to archive large amounts of data, which is communicated and stored in encrypted formats.
Most recently, the company unveiled Centrify DirectControl for Mobile. This software integrates mobile devices that operate both on and off the corporate network (iOS, Android, etc.) into Microsoft AD. Importantly, it allows customers to leverage their existing AD infrastructure and support procedures while providing enforced group policy–based security settings and detection of "jailbroken" or "rooted" devices. This enables IT to control the environment. Using the product, end users can enact self-service enrollment and provisioning access. Conversely, end-user termination automatically triggers a deprovisioning of the device. Consistent with the Express strategy identified, Centrify has also introduced the first free mobile security offering leveraging deep integration with Active Directory.
C o r p o r a t e S t r a t e g y
Leadership
Centrify was founded in 2004 by Tom Kemp, Adam Au, and Paul Moore. Kemp was one of the founding team members of NetIQ. Executives and senior staff come from NetIQ, Microsoft, Legato, CA Technologies, BlueCoat, Novell, and Netscape. Centrify has successfully raised more than $50 million from top-tier venture capital firms,
including Mayfield, Accel, and INVESCO. Centrify acquired 150 customers in its first 18 months of shipping product, and 8 of these were Fortune customers.
Centrify continues to grow its list of partners and resellers and has sales teams in London; Munich, Germany; New York; Washington, D.C.; Dallas; and Sunnyvale, California. Offices were recently opened in Germany and Australia.
A current sample of Centrify's more than 4,000 customers includes AMD, Coach, GEICO, the U.S. Army, Johnson & Johnson, Societe Generale, Tyco, Toyota, the U.S. Veterans Administration, Microsoft, and Pfizer.
Go-to-Market Strategy
Early on, Centrify diversified its direct sales strategy and focused on partnering with systems integrators (SIs) and value-added resellers. Centrify has established a strong relationship with Apple. The company has a strong relationship with Microsoft, which is important, given the AD centricity of its software. When Centrify entered this market, Quest Software was the only direct competitor. As the industry has grown, Centrify has broadened its product portfolio to offer software solutions to solve key pain points in IT security such as compliance, audit, and privileged access management control.
A key element of Centrify's go-to-market strategy centers on offering the freemium Express solution, for Unix/Linux/Mac and now mobile. With 130,000+ downloads of its free Express offerings in the past 12 months, the company's investment in automation, processes, and community to support these users has proven to be a well-planned and executed overall strategy.
Exit Strategy
Centrify plans to continue to grow both customer base and revenue with the expansion of its product line to embrace cloud deployments and mobile technologies. Key Acquisitions
To date, Centrify has not made any acquisitions. Current Investors
Centrify received a round of funding in August 2011. Table 3 displays a detailed funding history for Centrify.
T A B L E 3
C e n t r i f y D e t a i l e d F u n d i n g H i s t o r y Round Date Amount ($M) Investors
A July 2004 7 NA
B August 2005 14 INVESCO Private Capital, Accel Partners, and Mayfield Fund
C April 2007 15 Mayfield Fund, Sigma Partners, Accel Partners, and INVESCO Private Capital D August 2011 16 Index Ventures, Mayfield Fund, Accel Partners, INVESCO Private Capital,
and Sigma Partners Source: IDC, 2012, and Crunchbase.com
F o r c e M u l t i p l i e r s
Partners Apple Microsoft SAP HP Partnership OpportunitiesCentrify will be acquiring more partners worldwide, especially with SIs looking to provide cloud deployment solutions to specific verticals and government agencies. Channel/Sales Strategy
Centrify has evolved its channel sales strategy and will be using its latest round of funding to address the young but rapidly growing cloud and mobile markets. This has already started with the release of Centrify Suite 2012, Centrify Express 2012, and Centrify DirectControl for Mobile. The products are not just about cloud; the software is for on-premise Unix/Linux/Mac as well. This gives the company a complete market delivery approach.
C u s t o m e r s
Key Customers
AMD
GEICO
Johnson & Johnson Societe Generale Tyco
Toyota
U.S. Veterans Administration Microsoft
Pfizer Key Audiences
Key audiences include pharma, finance, retail, petrochemical, government, and education — just about any company needing to "centrify" identities and achieve granular access control in mixed Microsoft AD and Linux/Mac/mobile environments and with a compelling need to meet regulatory requirements. Further, the consumerization of IT, or BYOD, is a phenomenon that is driving IT decisions across all industries.
Geographic Reach
Centrify has a global reach and is currently strongest in North America and EMEA, with offices recently opened in Germany and Australia (APAC). The company expects further expansion into new markets during 2012.
F U T U R E O U T L O O K
C h a l l e n g e s a n d O p p o r t u n i t i e s
Challenges
As more and more companies come to market in both IAM and GRC, and larger vendors expand their reach, it becomes more difficult to rise above the crowd noise and large incumbent players.
Opportunities
Centrify has an excellent product track record and strong customer references, both of which can be leveraged to attract new customers in traditional IAM and newer identity-as-a-service (IaaS) models.
E S S E N T I A L G U I D A N C E
R e a s o n t o W a t c h
The market opportunity is very large as most enterprise IT environments have both AD and heterogeneous systems, apps, and mobile devices in their environment. All companies, regardless of size and industry, face the need to continually refine their access control mechanisms, especially with the delivery of newer deployment models (e.g., IaaS, SaaS, and PaaS) and the rapid rise of the smartphone as an access device.
Centrify has an established, proven record of accomplishment in this space. Customers to date have been pleased with both the software and the support offered by the company as well as the company's strategic direction.
D i f f e r e n t i a t o r s
Centrify's ability to grow out and expand its product line to meet the emerging needs of the customer has been insightful and impressive. Centrify has successfully identified existing and emerging customer pain points, such as management, audit, and PIM, and focused on delivering appropriate solutions.
Centrify has successfully focused on what was an underserved market and has grown with the industry to continue to meet customer needs for security, compliance, and integration.
A d v i c e f o r I T M a n a g e r s a n d E n d U s e r s
Merger and acquisition activity will continue to create opportunity for companies such as Centrify to provide secure, integrated identity management and granular access control solutions in mixed AD/Linux/Mac/mobile environments.
Centrify technology should also greatly appeal to cloud service providers as they look for ways to host and provide services to a wide variety of industries with compliance and audit regulatory mandates.
L E A R N M O R E
R e l a t e d R e s e a r c h
Worldwide Mobile Security 2012–2016 Forecast (forthcoming)
Worldwide Cloud Security 2011–2015 Forecast: A Comprehensive Look at the Cloud/Security Ecosystem (IDC #230389, December 2011)
Worldwide Web Security 2011–2015 Forecast and 2010 Vendor Shares: From Surfing Police to Strategic Security Platform (IDC #229725, November 2011)
Worldwide Identity and Access Management 2011–2015 Forecast: The Three Cs — Cooperation, Collaboration, and Commitment — Are Key for Identity-Driven Cloud (IDC #228914, June 2011)
D e f i n i t i o n s
A minority-owned business is a proprietorship, partnership, corporation, or joint venture that is 51% owned, operated, and controlled by U.S. citizens who are members of the following racial groups: African American, Asian American, Hispanic American, and Native American.
A woman-owned business is a proprietorship, partnership, corporation, or joint venture that is 51% owned, operated, and controlled by U.S. citizens who are female.
C o p y r i g h t N o t i c e
This IDC research document was published as part of an IDC continuous intelligence service, providing written research, analyst interactions, telebriefings, and conferences. Visit www.idc.com to learn more about IDC subscription and consulting services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or sales@idc.com for information on applying the price of this document toward the purchase of an IDC service or for information on additional copies or Web rights. Copyright 2012 IDC. Reproduction is forbidden unless authorized. All rights reserved.
