Centrify extends Active Directory control to iPhone, iPad and Android

Management vendor Centrify is aiming to address enterprise concerns over the consumerisation of IT and the bring-your-own-device (BYOD) trend with a new service that brings Apple iOS and Android mobile devices under the control of Active Directory.

Currently available as a public beta, Centrify DirectControl for Mobile is designed to extend Active Directory to key mobile platforms, enabling administrators to secure corporate data on smartphones and tablets using the management tools they are already familiar with.

"We're building technology that allows people to take their iOS devices and their Android devices and enrol them with our cloud service, which in effect joins them into Active Directory on their organisation's domain," Centrify chief executive Tom Kemp told V3.

This enables administrators to use a group policy to set rules governing passwords, plus device and application restrictions, as if mobile devices are any other computer on the network, and to wipe lost or stolen devices, Centrify said.

In addition, Active Directory control allows the IT department to provision the user's device with the necessary settings to connect to their Exchange mailbox, plus corporate Wi-Fi and VPN access.

Centrify has already built its business on bringing platforms such as Mac OS X, Unix and Linux under Active Directory control, and DirectControl for Mobile is a logical extension that brings mobile devices under the same control.

However, because iOS and Android devices are by their nature highly mobile, the system makes use of a cloud-based service operated by Centrify so these can be reached while users are not connected to the corporate LAN.

Customers need to install a Centrify Cloud Proxy Server on premise, which links their Active Directory infrastructure to Centrify's cloud service.

The cloud also provides a self-service portal through which end users can add their device and download a Centrify agent, through which policies are applied.

DirectControl for Mobile can detect and block jail-broken or rooted devices during enrolment, since these could pose a security threat to the corporate network, Centrify said.

Centrify works by creating a computer object within Active Directory for each device, and associating it with the user that enrolled it, according to Centrify product marketing director David McNeely.