Wait? What did I just say?
Yes, it sounds like I've gone completely crazy, but the kind of zero I'm talking about is huge. For everyone!
I'm talking about Zero Sign-On. You might be saying "I've heard of Single Sign-On (SSO) Grant, but what the heck is Zero Sign-On?". Zero Sign-On is the idea that if you can identify the device being used to connect then you can assume that device belongs to and is controlled by someone you know, and as such can let them connect without actually having to type a password. It's physical security, much like a door key or pass-card is. If I know that your mobile phone or tablet is owned and controlled by you, then I should have no problem using that device as the unique identifier indicating that you are the one trying to connect. Better yet, if I know the device is controlled by both you and me, I can be very comfortable in asserting to anyone that I can control access of both the device and the end-user.
"So Grant, how does all of this work?". In short, by uniquely identifying and then "tagging" that device, be it a phone, tablet or even a netbook, then you can use that as a pass-key to getting into protected resources without having to type a password. The device uniquely identifies you as you, rather than a user/password combination. Not only can it not be "hacked" without the actual device, but it can't be easily "shared" like a user/password can.
"Yeah Grant, but what if someone steals it?". Well, with a proper service like Centrify's IaaS Cloud service for this then all of that should be taken care of. Centrify's offering lets the user register their own devices under their user account. In addition to using it for Zero Sign-On and changing forgotten passwords, it also lets them find the device on a map, lock it remotely, wipe it remotely, and even see what the battery charge level is. But more importantly it lets you, the IT or Security Administrator do important things like apply group policy to the device (like encrypting storage, screen-lock time, passcode length/complexity, etc), unenroll the device and disable Zero Sign-On, and lock or wipe the device.
Finally, it let's you see and report on the device's activity and even see if it's been jail-broken and is being backed-up to the Cloud!
"So what about the user's laptop?". Well, if that user has a laptop capable of IWA then the user can use that for Single Sign-On, allowing them to access their services without typing their password again. Centrify DirectControl for Macs will enable IWA on Apple Macs and it's built into Windows, so they just login to the laptop and they're done.
So a few of the best "Zero"s are: Zero support, Zero audit findings, and Zero shared credentials. And that all translates into infinitely better security and tighter controls over your valuable corporate resources.
For more information on Centrify Identity Service or other great products from Centrify just contact us at TheExperts@napc.com and we'll be happy to give you a full demo. We'll also be having a Webinar on Elegant 6 SAML and Centrify's Cloud service on November 19th, 2015 at 2:00 PM EST. Register here to join us for an hour!