Centrify Perspective

Centrify Perspective

As a leader in unified identity management, Centrify offers helpful information for organizations to enable greater user productivity, improved IT efficiency, better regulatory compliance and lower TCO of their identity infrastructure.


By , February 22, 2017

It’s annual cybersecurity reporting season and first up in 2017 is the Ponemon Global Study, “The Need for a New IT Security Architecture” sponsored by Citrix. The study reveals global trends in IT security risks and reasons why security practices and policies need to evolve in order to deal with threats from disruptive technologies, cybercrime and compliance. Changes in the workplace and problems managing IT security are also increasing risks to the organization. This report surveyed more than 4000 global IT and security practitioners and discusses the findings that concern risks created by cybercrime, employee negligence and organizational dysfunction and…

By , February 9, 2017

The start of the New Year is always an interesting time in the security community. Out come the statistics and stories about the worst passwords and the most common ones chosen by online users during the previous year. A recent story in the UK national press suggests that half of all online users worldwide use just 25 passwords between them — and of course, none of the passwords are very secure and hackers could easily crack them. In what seems like Groundhog Day the most common password is once again 123456, followed by 123456789 (so we can assume some popular…

By , February 7, 2017

At the end of 2016, the Commission on Enhancing National Cybersecurity, a nonpartisan committee charged with developing actionable recommendations for securing and growing the digital economy, presented its report to then President Obama. While Obama has left office, the report still provides a valuable path towards ensuring cybersecurity, mapped out in a series of key action items. The most relevant for readers of this blog are found in Recommendation 1.3, summarized below. Recommendation 1.3: The next Administration should launch a national public–private initiative to achieve major security and privacy improvements by increasing the use of strong authentication to improve identity…

By , February 2, 2017

I had the honor of attending the Amazon Web Services (AWS) re:Invent 2016 and wanted to highlight some of my key takeaways from the conference. Since Centrify was a sponsor, I was able to talk with many folks with an interest in learning more about Centrify’s announcement, “Centrify Delivers Innovative Capabilities and Best Practices to Streamline and Secure Adoption of Hybrid Cloud.” 1. AWS is Innovative as a Large Company A good proxy for innovation is the number of features and products a company releases. AWS currently has tens of thousands of employees, and AWS announced 24 new products at the AWS Re-Invent show….

By , February 1, 2017

It’s a time of conflict There’s a battle within businesses, and the battleground is your applications. Employees – in the name of productivity – are adopting new cloud and mobile applications every day.  IT – in the name of security – is trying keep private data secure against breaches. Both groups often think the other “doesn’t get it.”  Users complain about complex password policies, and security-related “hoops” they have to jump through.  IT complains about endless helpdesk calls for password resets, shadow IT introducing risk, and an inability to secure an ever-changing hybrid environment. But both groups have more common…

By , January 18, 2017

The recent Institute for Critical Infrastructure Technology (ICIT) White Paper titled “Cybersecurity Show Must Go On: Surpassing Security Theatre and Compliance and Minimal Compliance Regulations,” authored by James Scott, Sr. Fellow, ICIT, and Drew Spaniel, Researcher, ICIT, highlights organizations’ lack of commitment to invest in strong security tools that have real impact to their organization’s security position. Despite the cyber breaches over the last several years that confirm that identities are the root of most breaches, organizations fail to deal with the real problem head on. Organizations leverage technology to increase the productivity of associates that expand the perimeter to…

By , January 17, 2017

“Security fatigue” is a growing concept within cybersecurity circles: experts report that the sustained threat of malicious attacks is causing end users to feel defenseless and hopeless. There’s a growing frustration about online account security, as the mounting frequency and severity of attacks is creating a bunker mentality that is difficult to escape. In many cases, organizations and employees are taking the fatalistic attitude of hoping they’re not a high enough value target to attack, rather than acting definitively to bolster their defenses. What can you do to keep security fatigue from stunting your security posture? Here are three key…

By , January 12, 2017

The Department of Homeland Security (DHS) established a $6B blanket purchase agreement (BPA) to improve the cyber defenses for federal, state, local, tribal and territorial governments. The DHS Continuous Diagnostics and Mitigation (CDM) program helps protect government IT networks from cyberthreats and enhances risk-based decision making by providing a consistent and proven set of solutions. Centrify is the selected solution for CDM Phase 2 CRED that ensures all federal agency associates only have access to servers, applications or network resources based on their unique identity, role and responsibility within their organization. Centrify Server Suite offers a robust Active Directory bridge…

By , January 4, 2017

When it comes to setting New Year’s resolutions, most people shoot for the moon. We tell ourselves we will give up carbs, go running every morning, become a vegan or even give up drinking alcohol. Inevitability, three weeks later, we find ourselves right back where we started. As security professionals, responsible for keeping the bad guys out and reducing the risk of data breaches, we find ourselves right back where we started too — we fundamentally do not really improve our security posture, and then wonder why not. We are very similar to our consumer counterparts, because we set lofty…

By , December 28, 2016

This blog will discuss the what single-factor authentication (SFA), two-factor authentication (2FA) and multi-factor authentication (MFA) are, and why more than one factor of authentication is vital to security. What is Single-factor Authentication (SFA)? Single-factor authentication is the simplest form of authentication methods. With SFA, a person matches one credential to verify himself or herself online. The most popular example of this would be a password (credential) to a username. Most verification today uses this type of authentication method. What is Two-factor Authentication (2FA)? Two-factor authentication uses the same password/username combination, but with the addition of being asked to verify who a person is by using…