Reshuffled Centrify team to focus on Privileged Access, as it spins out IDaaS unit

Centrtiy has opted to spin out its IDaaS business as a standalone company named Idaptive, and is honing its strategic focus around its Privileged Access Management approach with cloud-architected Zero Trust Privilege to stop privileged access abuse – the leading cause of breaches.

Centrify said Idaptive will deliver Next-Gen Access to protect employees, partners and customers with its IDaaS offering.

In addition, Centrify confirmed that CFO Tim Steinkopf has been named CEO – effective January 1, 2019. “During his seven years as CFO at Centrify, the company has evolved to become a global leader in Zero Trust Security solutions for Identity & Access Management, ” Centrify added.

Danny Kibel, who currently leads development of Centrify’s IDaaS suite as VP of Engineering and Operations, will assume the CEO role at Idaptive effective January 1, 2019.

The executive leadership teams for both companies will be comprised of existing Centrify executives to take each business forward with consistency and ensure a seamless transition for customers.

“The more we looked at our business, the clearer it became that a huge opportunity existed to create two organizations that can each better focus on innovation, accelerate their respective roadmaps, and ensure customer success,” said Steinkopf. “Our new relationship with PE firm Thoma Bravo gives us the flexibility to execute this strategy and positions both companies for organic and inorganic growth to strengthen their market positions and offer even better PAM and IDaaS solutions, respectively, to secure the enterprise.”

Tom Kemp, who is transitioning out of the role of CEO as part of this evolution, co-founded Centrify 14 years ago and has led the company through a number of industry milestones, such as combining Enterprise Mobility Management (EMM) and Identity-as-a-Service (IDaaS) as a unified service and pioneering Privilege-as-a-Service. He will transition to an active strategic advisory role.

“We saw a tremendous opportunity for both Centrify and Idaptive to drive core product focus in each of their respective markets, while continuing to fulfill the mission of Zero Trust and Next-Gen Access,” said A.J. Rohde, a partner at Thoma Bravo. “Customers will become the major beneficiaries by having two companies with distinct and already well-known leadership, capital for rapid expansion, and accelerated investments in product and support.  We share the companies’ collective vision for this, and we are very excited to be a part of it.”

Investment firm Thoma Bravo takes ‘significant majority interest’ in Centrify

Centrify has inked a definitive agreement with Chicago-based private investment firm Thoma Bravo, under which the latter will acquire a major stake in the Santa Clara based cyber security specialist from its current venture capital investors led by Mayfield, Accel, Jackson Square Ventures and Index Ventures.

“We couldn’t be more thrilled to partner with this world class investor who has invested in other great cybersecurity companies like SailPoint, McAfee, Barracuda and others,” said Centrify CEO and co-founder Tom Kemp. “We believe that this transaction optimally positions us to accelerate our pace of innovation in the areas of Privileged Access Management and Identity-as-a-Service, and will further our ability to implement our vision of Zero Trust Security.”

Kemp said the move would enable Centrify to focus on its core mission of helping enterprises protect themselves from the top cybersecurity attack vector — compromised user identities.

“As an independent, private company with an experienced, like-minded investor, we will have the financial backing and flexibility to continue investing in customer success, product innovation (organically or through acquisition), and growth in support of our long-term vision and roadmap,” he added.

“It’s also worth noting that we did not make this move out of necessity. Centrify just closed another very successful fiscal year, with bookings in the final quarter exceeding bookings we have achieved in any prior fiscal quarter,” Kemp noted.

Centrify expects the investment to close in the third quarter of this year, subject to usual and customary closing conditions and regulatory approvals.

‘Cyber attackers to hit APAC, ANZ after Brexit and US, France election meddling’ : Centrify CEO Tom Kemp

And so we arrive at the very last installment of my convo with Centrify CEO Tom Kemp, a few weeks ago in Silicon Valley.  We hope you enjoyed this three-part serial.

Telecom Times  How do you see the ANZ market developing for Centrify in the longer term? And how do you target that market as compared to your broader APAC strategy?

Tom Kemp I think what’s happening is, there are going to be new drivers for security in the form of compliance. We’re seeing that with GDPR in Europe and we saw that with the Monetary Authority of Singapore.

No doubt you’re probably more familiar than I am with some of the new privacy rules and regulations that will be coming out, not only in ANZ but in Singapore and Korea as well.

tkkkk copy

I think increasingly, there is going to be awareness of the need to protect users’ privacy and security. I think that will be a big driver for us.

Historically we haven’t seen that in Asia-Pacific, but now I think GDPR is going to loom over APAC, and I think people will look to adopt something comparable that should further drive the deployment of technologies that can secure users and their privacy.

I also think that the same nation states that first focused their attacks in Europe – and as we saw with Brexit and some of the recent – the French elections – and of course in the US – I think they’re probably going to take their act and start looking at, see if they can disrupt democracies in APAC as well.

I think the combination of new regulatory compliance, as well as the nation states going – you know, first they did Brexit, then they did the US, now they’re going to go to Australia and New Zealand, to try and take advantage of the same vulnerabilities that exist.

A lot of the vulnerabilities exist with the fact that we’re dealing with humans here, who can be phished and have their usernames and passwords stolen.

qqww copy

I mean someone would probably just love to steal – much like they stole John Podesta’s [data], the campaign manager of Hillary Clinton – they would love to steal the password for your Prime Minister.

Telecom Times  Sure. As one of the founders can you tell me a bit more about the start-up days. Just looking back, what were some of the aspects of founding a significant company that turned out to be easier than you had imagined?

And also what were some things you found surprisingly difficult?

Tom Kemp  The key thing when you’re a founder is to have very good founders. And I’m very blessed to have two great co-founders. The second thing is that once you have the initial set of your founding team, you need to bring in really good people. In technology, it’s so critical because it is all about building, coding – building product.

So the most important thing is: Hire good engineers that can build the product and implement the vision that you have as a founder. If you don’t have the right people, it’s not like I can sit there and code everything myself, right?

I think the most important thing in a software company is: it’s about the most valuable asset [that] walks out the door every night, right?

The lesson that I’ve learned is – it really revolves around hiring the right people, and that’s never easy, right?

You have to spend a lot of time investing in interviewing people – trying to see not only if people are competent, but if there is the right cultural fit.

If you’re fortunate to put together the right team, you can go very far because the reality is, a lot of companies have the same ideas. But it’s: what team can better execute?

Telecom Times  Just out of interest –  I’ve heard different theories about why the location of Silicon Valley has been such a hotbed of innovation, technology and progress. I wonder if you have a theory of your own that you’d like to leave me with?

Tom Kemp  There are many reasons why Silicon Valley has had such amazing success. I mean, first of all, you have the Universities that have put out great technical engineers, not only in computer science but mechanical engineering in all forms; chemical engineering.  All forms of technology.

When you have a hub of great universities like Stanford and UC Berkeley, you just have a lot of smart people coming here.

The second thing that was very valuable is access to capital – you have a set of people who were willing to invest.

I think another thing that is very important is the fact that in California the non-competes are not enforceable, [which] gives the flexibility for people to move to different jobs.

You find in other regions that an employer says, ‘Oh, you can’t do something comparable at another company.’ But here… [it] allows people to freely move and cross-pollinate like a bee going from company to company, as opposed to just having the ideas being locked in one company under lock and key.

And I think the other thing is, is that Silicon Valley is the ultimate meritocracy where, from a cultural perspective we don’t care about your race, nationality or sexual orientation. We value merit.

We value great ideas. And this is one of the few places in the world where, if you’re smart, have a great idea and want to work hard, you can monetise that and no-one’s going to discriminate against you for any reason because people value hard work and great ideas.

And you don’t see that in a lot of different places in the world.



‘End-user network access still weakest link in enterprise security’ Q&A with Centrify CEO Tom Kemp – Part II

Hey presto, as promised we present the second part of my recent conversation with Centrify CEO Tom Kemp at the firm’s head office in Santa Clara. To kick things off, Tom addressed some ways in which machine learning and artificial intelligence look set to seriously impact most organisations’ productivity as well as their security.


Tom Kemp A key problem that we have with security is trying to find that right balance between productivity and security. Your very first question was: ‘What can Machine Learning do?’ Machine Learning can help strike that proper balance between productivity and not putting up too many hurdles and gates for a user to jump over in the name of security.

But you still want to have security and make sure that that user is secure. I think Zero Trust, coupled with Machine Learningreally provides the path forward and Centrify wants to be seen as a leader in this new movement towards Zero Trust.

Telecom Times Excellent. Maybe building on that, I’m told that out of all cyber threats the single biggest security headache for organisations still centers very much on password access for employees and former staff members.

Given that the main threat still seems to be mostly human-driven, would you say that any strictly technological attempt to address this issue will be limited in its efficacy?

Tom Kemp Yeah, I mean look, users are the weakest link, right?

It turns out that the way that we’ve set up computers is that most access is controlled by a single thing – a password, right? The hackers have figured that out, and that’s why according to Verizon’s Data Breach Report, 80 per cent of breaches involve stolen or compromised credentials.

So, how do we move away from passwords? Well, we can’t because all our applications and all our systems are hard-coded into using passwords. But what we can do is, we can layer on multi-factor authentication, and tie multi-factor authentication into something we [already] have, which is a mobile device. I really think that MFA is going to dramatically improve the problems with stolen or compromised credentials.

Then from there, you need that intelligence to take into account and factor in the devices being used by the user, coupling that with Machine Learning by unifying the verification of the user with that of the device. Looking at access and privilege, you can provide a significantly more secure environment.                                                                                                         

We did a study with Forrester Research where people who were farther down the path of deploying Zero Trust actually found out that they got breached half as many times as people that were not implementing a Zero Trust concept.

Telcom TimesHow big a piece of the investment budget for Centrify is made up of innovation and R&D, and how will this change over the next 10 years?

Tom Kemp: Because of the significant pain point that customers are seeing with stolen and compromised credentials – and by the way, it’s not just only end-users like you and me whose usernames are being stolenit’s also the privileged accounts that an organisation has. The keys to the kingdom; the admin accounts, et cetera.

There is a reason why this identity is the top attack vector, and increasingly more and more spend is being [allocated] to address this. We see just a great market opportunity there, and almost half our R&D budget is just in new innovations.

We see a great opportunity to add a lot of value to customers and make them more secure. We’re innovating and investing in – not only the go-to-market by putting more resources outside the US – but also doubling down on our product development roadmap and really focusing on, emphasizing, and developing towards this concept of Zero Trust Security.

Telecom Times Going forward, will mergers and acquisitions be a major part of the focus in APAC markets? And if so, which are some of the added capabilities to the companies you are looking at first and foremost?

Tom Kemp Yeah, we don’t talk about potential acquisitions but we do think that we have a very robust product portfolio that doesn’t have any significant gaps to it. We’re very proud of the fact that we’ve organically built this broad platform for Zero Trust.                  

We’re not actively looking to go out and acquire, to add stuff. If something comes along that could be a good tuck-under, we’ll certainly explore that.

We’re definitely trying to go on the offence in the market in terms of taking our broad platform for Zero Trust, and selling it beyond the US, and looking to penetrate in a greater way the Asia-Pacific market, both leveraging more people in the field but also trying to leverage more channel partners as well.

Telecom Times What are your thoughts on the markets of China and IndiaDo you envisage access to those markets to become at any point inaccessible to Western companies? And if so, what might be some of the drivers for them for putting up such barriers?

Tom Kemp: Yeah, I mean we’ve done some business in both. It’s a very small percentage of our overall business. It’s something that we are just going to have to it do a little bit more exploration and [then] determine whether or not it is open for us.

We’re not there yet in terms of making the decision to really try to further penetrate either marketClearly, I think, India probably would be an easier market to enter than China, but both countries are areas of investigation for us.

Telecom Times: Watch this space?

Tom Kemp Yes.