We previously posted a blog looking at the recent spate of high-profile hacks, and posed the question, “Are celebrities any worse at choosing their passwords, or are we all as bad as each other?” The question now seems to be “Who’s next?” The recent iCloud hacks proved that we are all at risk of a security breach, whether we are a celebrity, with a large or small organization, or are simply a consumer using an online service or application. In reality, the question should not be “Who’s next?” Instead, our main considerations should be “How do we learn from this?”, “How do we ensure that history doesn’t repeat itself?” and “How do we avoid becoming tomorrow’s headline?” There is no definitive means of securing sensitive data, and the burden of protecting personal information seems to be a challenging issue resting on the shoulders of many. Password protection has been the…
Last week’s #GartnerIAM Summit was a great event – and has scaled up to 1200 attendees and 37 analysts this year.
I personally took away a couple of key – and inter-related – trends from the multiple sessions I attended. They were:
The “death” of #LeastPrivilege over the next 5-6 years (more on that to come, with some important clarification), and
The growth of “people-centric #IAM”.
It was only a matter of time before the headlines changed. We’ve been reading “Megacorp Hacked – Millions of Passwords Stolen” for years – and savvy consumers have taken notice. Those folks have moved away from reusing a single username and password across multiple applications and have started using password managers to store unique passwords for each site and app they use, locked up with a single master password. What does this mean for SMBs? It means the bad guys know that our passwords are the route to our money. It means businesses should be keenly aware of the risks associated with employees storing their work credentials in password managers such as Dashlane, LastPass, etc. Once an employee’s master passwords get breached in these types of apps, criminals have the keys to unlock any business app, thereby providing a direct path to sensitive corporate data. Rather than relying on consumer solutions, companies…
My first years out of college were spent as a Unix administrator, during which time I learned many amusing acronyms, such as sed, NAWK, and PEBCAK. One of my favorites was Yacc, which stands for Yet Another Compiler Compiler. After many years now in IT Security I’ve created my own ‘YAC': Yet Another Compliance. It seems there’s a new compliance mandate hiding around every corner, with most offering little in terms of new insights and existing merely to waste time and resources proving the same thing in a different way. But every now and then a promising new compliance program comes along that demands attention. In part 1 of this 3 part blog I discussed how the Centrify Server Suite assists with compliance to NIST 800-53, and in my third blog I will map Centrify to The SANS Institute’s “Top 20 Critical Controls.” However here I’ll be discussing the new…
Occasionally I get asked by prospective customers how our Centrify Server Suite compares to a “free” offering such as Red Hat SSSD for the integration of Linux systems with Active Directory. Usually this question pops up whenever a Linux OS vendor (e.g. Red Hat) introduces a new version of Linux (e.g. RHEL 7) that has a new or improved feature (e.g. SSSD) that claims “Improved Active Directory integration” in the “New Features” document for that release of the OS.
Questions we’re asked by new Centrify Server Suite for Windows (CSS) customers often center on the “how” of implementing granular Windows privilege management. How do we deploy it? What are some of the best practices you’ve found? How can we get some broad controls in place now, without waiting to boil the ocean of every last detailed right for each of our hundreds of admins? In this blog, I’ll try to give some straightforward answers. Let’s start by taking a common implementation use case and learning how to configure Centrify Server Suite for Windows to handle it. The use case: Enable a user/admin to install with local admin rights any application digitally signed by Adobe. Server Suite for Windows can do this easily. CSS uses role-based access control to manage the assignment of privileges (the rights to elevate privilege on applications), so we’ll create a role, assign it to a…
There’s a humorous saying I often hear in IT Security circles that goes something like this: “If a CISO has the choice between being compliant or being secure, compliance always wins because that’s what will keep them out of prison.” The reality is that most organizations need to increase both as efficiently as possible, and this is where Centrify can help. The Centrify Server Suite leverages your existing Active Directory to secure your systems from identity related risks and attacks. Additionally it helps with compliance for a large number of federal and industry standard security controls, such as those found in : (1) NIST 800-53 Security Control Requirements, (2) DHS’ Continuous Diagnostics and Mitigation (CDM) Functional Area Requirements, and (3) SANS Top 20 Critical Controls. In this three-part blog I’ll be discussing how the Centrify Server Suite maps to specific requirements of each, beginning with NIST 800-53. The National Institute…
I am tired of hearing about company’s losing customer data and how it’s becoming a commonplace expectation that a customer should expect this to happen. In this day and age with all of the technology available it seems we can’t get the simple principles of security right. Pick any of the breaches that have happened in the last couple of years and had those corporations followed good security practices those breaches would not have never happened.
Centrify got our start in the security and identity business many years ago by starting in the datacenter and focusing on the problems of too many identity silos, disparate privilege management policies, and difficulty in tracing activity back to individuals. We saw back then that identity would be a key element of an IT strategy as system environments continue to get more diverse and deployed in more dynamic ways.
Back in my IT days, I was – among various responsibilities – tasked with managing user access from the time they were hired to the time they moved on (or were fired.) As I will discuss, this was often the most stressful part of my day-to-day. Now with the explosion of mobile users and SaaS applications such as Google Apps, Office 365 and hundreds of other apps, managing access has become even more error-prone and stressful. But they don’t have to be.
Keep up to date with Centrify and with current IT Security best practices by subscribing to our blogs. Topics include:
Centrify CEO Tom Kemp, an industry expert in security and infrastructure software, discusses market and technology issues around the disruption occurring in the Identity and Access Management market due to the cloud, mobile and consumerization of IT trends occurring in today's IT environment.
CTO - EMEA, Sales & Support
Senior Director of Business Development
SVP of Products and Chief Product Officer
Senior Product Manager, Centrify Server Suite
Senior Manager - Product Marketing, Marketing
VP of Product Management
Director of Product Management
Technical Marketing Director
Senior Director of Product Management
Chief Technical Officer and Founder
SVP Business Development
Director of Product Management