Centrify Focuses on Mobile Security; Ships ‘Derived Credentials’ and Partners with BlackBerry’s Good Mobility

Centrify has cracked the code on a vexing problem for mobile users that need ultra-tight security, especially those in the government or highly-regulated environments.  Thanks to Centrify's approach to ‘derived credentials,’ it offers smart card, 2-factor authentication.

Tags: 2-factor, apps, authentication, Blackberry, Centrify, derived credentials, Good, MDM, MFA, mobility, PIV, security, smartcards, SSO,

Enabling secure single sign-on on mobile devices in highly regulated environments is a tough nut to crack for enterprise security organizations.


Centrify has cracked the code on a vexing problem for mobile users that need ultra-tight security, especially those in the government or highly-regulated environments.  Thanks to its approach to ‘derived credentials,’ it offers smart card, 2-factor authentication.


Centrify rolled out smart card support for desktop and laptop users late last year.  This latest mobile-optimized approach goes one step further, removing one of the biggest barriers – eliminating the need for cumbersome mobile smartcard readers. 


With Centrify’s ‘derived credentials’ approach users simply log into a portal (or desktop / laptop) with their smart card and PIN.  Once the user is validated, a derived credential will be created and pushed down to their mobile device.  Users then get secure mobile access to apps, websites and services that require smart card authentication.


Centrify’s derived credentials allow common access card (CAC) and personal identity verification (PIV) based authentication via mobile devices, without requiring dedicated smart card readers.


Bill Mann, chief product officer of Centrify, said, “We are very excited that Centrify now offers derived credential authentication from mobile devices, which historically has failed to move beyond the proof of concept stage.” This new capability extends Centrify’s integration of identity-based security to mobility, offering secure single sign-on (SSO) in even the most highly regulated environments, he added.


Jonathan Bensen, Centrify’s director of product management, explained the value and the importance of the project in a recent blog post:

Users that are issued smart cards as their primary means of authentication have to physically insert a card into a reader on their desktop/laptop and then enter a PIN.  This form of authentication replaces the username and password, and also covers the 2-factor requirement as well. (The card is something you have, and the PIN something you know.)

This method of authentication is also how many government and military users access applications and websites crucial to their day-to-day activities and duties.

This works great if all you are using is a computer with a reader attached — but what about mobile devices?

Under the covers, Centrify’s ‘derived credentials’ offer a rich set of security and ease-of-use benefits:

  • Secure CAC/PIV based SSO to cloud and on-premises apps
  • Integrated device management to manage and lock down devices
  • The ability to enroll devices and provision derived credentials to them
  • Derived credential issuance from popular certificate authorities
  • Compliance with FIPS 201-2 and NIST SP 800-157 to satisfy HSPD-12 and OMB-11-11, allowing mobile access to apps, websites, and services that require smart cards authentication
  • App provisioning to set up user accounts within target applications
  • Workflow to ensure only the right users get access
  • Easy deployment into existing enrollment and issuance portals

Centrify Partners with BlackBerry’s Good Dynamics for Secure Mobility

In another Centrify mobile security news, the company entered into a partnership with BlackBerry to provide secure access to cloud and on-premises applications and servers on the Good Dynamics Secure Mobility Platform.


Under the partnership, Centrify’s smartcard-based mobile derived credentials are now certified “Secured by Good” on mobile devices, allowing for easy and secure single sign-on (SSO) to apps and privileged password access to servers.


The Centrify partnership is good – for Good and for customers, according to Mark Wilson, chief evangelist at BlackBerry. “With the support of Centrify’s solution, we are expanding the portfolio of third party business solutions for Good Dynamics. These applications give users alternative strong authentication-based choices in accessing data on their devices,” he said in a statement. 


Here’s what the Centrify solution delivers to the Good platform:


MFA for cloud and on-premises apps and servers from mobile devices, based on context of app, device, location, user role and more. Now companies can secure access from mobile devices with a second factor including smartcard/derived credentials, certificates, and biometrics.


Secure SSO to cloud and on-premises apps from within the Good Dynamics mobile container. Customers can leverage from the enhanced Centrify portfolio on Good Dynamics. Centrify offers SSO access to thousands of cloud and on-premises apps, all from within the Good secure container. It also adds support for accessing custom apps from the Good secure container without the need to redeploy or recompile the app with specialized SDKs.


Privileged secure remote access to servers. Customers can leverage secured mobile devices for MFA to server resources, or retrieve break-glass access to mission critical server passwords from their Good-secured mobile devices.


Now that the Centrify mobile app now available in the Good Dynamics marketplace, any customer can install Centrify on Good-secured devices.