Illinois Cyber Security Plan is Only a Partial Solution

Recently, Illinois Governor Bruce Rauner unveiled a broad-based cyber security plan. He announced the framework of his team’s plan for better cyber security, but it only covers the executive branch agencies. This approach of only implementing a plan to provide cyber security tools to select areas and users because they are deemed more important is known as a “privileged user.” This is only a partial solution because everyone in the organization is a “super user” in today’s technology driven organizations — everyone has a need to access technology that contains some level of meaningful information. All technology in organizations are…

Role-based Access Control: Keeping Your Business Out of Harm’s Way

When our baby first started crawling, we installed gates in all the doorways.  This kept her in safe, baby proofed areas.  We didn’t have to worry about her accidently wandering into a room and getting into something that could harm her.  It also allowed us to keep some things “nice” that a toddler would normally want to “play” with. Controlling Access for Security Best Practices But, what does this have to do with role-based access control (RBAC)?  Well everything.  As she grows and gains more skills, we adjust her access to the house.  It might be low tech, but it…

Confronting the New Cyber Security Reality: Part 2

Since 2013, breaches have compromised nearly six billion records—that’s an average of almost four million records every day and over 162,000 records every hour! It’s time to face the facts. Today’s security is no longer secure. Enterprise networks have expanded beyond traditional perimeters to include more devices, apps (on-premises and in the cloud) and people. In the absence of these boundaries, the identities that make up modern enterprises are easier to compromise than ever before, and hackers are targeting these identities at an alarming rate. In fact, Forrester estimates 80% of security breaches involve privileged credentials. Traditional security approaches, like passwords…

PWN2OWN 2017 Outcome: Implement Multi-factor Authentication & Least Privilege

Zero Day Initiative, a security research program that offers rewards for successful hacks, reported that on last day of their recent “PWN2OWN 2017” competition, a team of contestants pulled off an unique and challenging feat: they compromised a virtual machine and managed to “escape” to the host system running the virtualization software.  The hack involved three distinct and challenging tasks: Compromising Microsoft’s Edge Browser Compromising the Guest Operating System (running Windows 10) Compromising the VMware Workstation virtualization software And this was all accomplished through a controlled website. Although this may not be the first time each individual layer was compromised, this…

Mirai Lingers, Passwords Fail as IoT Devices Proliferate

A few weeks ago, the Wall Street Journal ran a story about a laundromat in Carbondale, Colorado that was infected with the Mirai internet virus. Unbeknownst to the business owner, an internet-connected video recorder had been infected and was scanning the web for places to spread itself. The only sign that something was amiss was the fact that the device was regularly acting up — disconnecting the remote viewing app and forcing the owner to reconnect it by restarting the digital video recorder. While the story didn’t reveal any new developments, it does serve as an important reminder that malware…

Undue Privilege Costs Cash and Undercuts Security

Few managers would throw their employee the keys to a big rig with two loaded trailers to pick up a pint of milk from a nearby convenience store. Apart from the problem of parking, the vehicle is massively over-specced for the job at hand, which creates unnecessary safety risks, both to the driver and to other road users. However, this is essentially what occurs each day in businesses around the world as employees are given access to privileged computer accounts that massively exceed the needs of their jobs. The result is often devastating in terms of corporate security with many…

What is Adaptive Authentication?

Adaptive Authentication: Why Should You Care? Before going into what adaptive authentication is I want to answer why you should care first. In today’s IT world, relying on a simple username and password authentication is not enough to protect critical business data and systems against the growing number of sophisticated cyber attacks. Just do a quick search online or have a look at one of my previous blogs, “How Much Does It Cost to Protect an Organization from Cybercrime?” to get an idea of how expensive a hack can be and how sophisticated attacks have become. That ever-growing number of…

SPI: Centrify Professional Services are “Best of the Best”

Today, leading technology services research firm SPI named Centrify a 2017 Best-of-the-Best professional services organization. We were among 21 selected from a field of over 400 companies. SPI is a global research, consulting and training company that helps professional service organizations improve profit and productivity. The company’s PS Maturity Model™ planning and management framework has become the industry standard for service organizations. According to SPI, a key characteristic shared by this year’s winners was something Centrify genuinely strives for: A unique, employee-centric culture in an ethical work environment focused on customer satisfaction. It’s not easy to build, but it is…

Confronting the New Cyber Security Reality: Part 1

During the peak of the 2016 U.S. presidential election cycle, two groups of hackers accessed the Democratic National Convention servers. The leak made public emails detailing the DNC’s interactions with the media, both primary candidates’ campaigns and campaign contributions, and personal information about DNC donors, including credit card and Social Security numbers. This historical breach will forever be known for its impact on the 2016 Presidential election. Recently, we’ve seen the frequency of breaches like the DNC attack skyrocket—and no organization is safe. Over the past two years, sixty-six percent of organizations report experiencing five or more breaches, according to…

What’s Next from Google Cloud: Scenes from Google Next

Google Cloud last week had their big event in San Francisco, gathering Partners, customers and Googlers alike to talk about Google Cloud and its bright future. Centrify was proud to sponsor this event, and we had a presence in the Partner Playground, which allowed us to visit with hundreds of Google Next attendees to understand what they were doing with Google Cloud. Of course we spoke with Centrify customers, Google customers and some prospective customers, but interestingly, most of these conversations were with those who are already using software as a service (SaaS) or identity as a service (IDaaS) today….