Last week, Idaptive officially launched their new identity as a service platform, which they’re calling Next-Gen Access Cloud. This is the final step in a process that began last year when Centrify announced that it was splitting into two companies. The move was official on January 1st; Centrify is continuing on with privileged access management, and Idaptive is doing IDaaS.
I wanted to learn what was new in the Next-Gen Access Cloud, follow up on their machine learning progress, and see what else was on the roadmap, so last week I talked to Danny Kibel, CEO of Idaptive, and Corey Williams, VP of product marketing.
Spitting a company in two was obviously a huge task. First, they divided up all their customer data. Then, the IDaaS services for Next-Gen Access Cloud were implemented with a brand new architecture, using of a mixture of AWS and Azure. They basically did what anyone would want to do given the chance—re-architect the platform for better scaling, redundancy, geographic coverage, and automation.
Analytics and machine learning are one of the main focus areas in Next-Gen Access Cloud (as you can see in the press release). You’ll remember that just about two years ago, we saw the beginning of this effort with Centrify Analytics. Machine learning for user behavior analytics was just starting to get a lot of buzz then. The promise is better security (with MFA), a better user experience (the analytics figure out when it’s safe to skip MFA prompts), and less admin overhead (instead of writing lots of policies and exceptions manually, the analytics start from a strict default and then figure out where to be more permissive).
So, did Centrify Analytics, now Next-Gen Access Cloud deliver? They’ve built out some dashboards in the product, and one of the metrics they can look at is how many MFA prompts the machine learning has helped you avoid, versus what it would have been with a more rigid policy. There are always lots of ways to spin the numbers, but Danny and Corey said that seeing these numbers gets customers excited.
Since the launch of Centrify Analytics, they’ve added functionality to look horizontally across user accounts. So instead of just comparing a user’s access attempt to their own history, the analytics can see things like a hacker trying to break in with a bunch of user accounts.
On the roadmap, Idaptive is working on the ability to “seed” user behavior models for new employees. For example, a new user who is in sales in your San Francisco office wouldn’t have to wait for their own history to accumulate before they get the benefits of reduced MFA challenges; instead, they could start with the model trained by all the other San Francisco sales reps. (Of course, you’d probably want to add in a bit of conservativeness at the very beginning, but remember, the idea with all of this is that you can default to MFA unless the analytics are confidant. And really, if you’re using modern MFA with lots of different options for mobile and push, it shouldn’t be that painful anyway.)
Also on the roadmap, Idaptive is looking at pulling in more data from partner security products. Today, they have webhooks that can push data out externally, but the plan is to take more data in Next-Gen Access Cloud (as we’ve seen with similar products, such as Workspace ONE Intelligence and Microsoft Intelligent Security Graph.)
I asked about the client side, as Centrify always had an endpoint management business as well, and all of this has been carried over into Idaptive. Danny and Corey said that one big trend has been bringing MFA and Yubikey support to endpoint logins. Their latest Windows access product has been in the market since last year, and they’ve just started testing the Mac version.
Lastly, it goes without saying, but all of this is built on the conditional access / zero trust concepts that are central to all of end user computing now. (For the record, they’re using the term zero trust. That one seems to be winning!)
Congrats to the Idaptive team on launching Next-Gen Access Cloud—we’ll be sure to keep following what they’re up to.