Confronting the New Cyber Security Reality: Part 1

During the peak of the 2016 U.S. presidential election cycle, two groups of hackers accessed the Democratic National Convention servers. The leak made public emails detailing the DNC’s interactions with the media, both primary candidates’ campaigns and campaign contributions, and personal information about DNC donors, including credit card and Social Security numbers. This historical breach will forever be known for its impact on the 2016 Presidential election. Recently, we’ve seen the frequency of breaches like the DNC attack skyrocket—and no organization is safe. Over the past two years, sixty-six percent of organizations report experiencing five or more breaches, according to…

What’s Next from Google Cloud: Scenes from Google Next

Google Cloud last week had their big event in San Francisco, gathering Partners, customers and Googlers alike to talk about Google Cloud and its bright future. Centrify was proud to sponsor this event, and we had a presence in the Partner Playground, which allowed us to visit with hundreds of Google Next attendees to understand what they were doing with Google Cloud. Of course we spoke with Centrify customers, Google customers and some prospective customers, but interestingly, most of these conversations were with those who are already using software as a service (SaaS) or identity as a service (IDaaS) today….

Researchers: Action Required to Protect Against IoT Threats

Recently, Pwnie Express researchers released their third annual report on the wired, wireless, Bluetooth, IoT and BYOD challenges facing IT security professionals. It’s not your typical study. These researchers combine a survey of hundreds of IT security pros with “on-the-ground” data captured from Pwnie Express sensors, distributed across a number of businesses. This mix of human perspective and real-world data offers a more accurate picture of what’s really going on out there. This year’s report had some interesting findings that I wanted to point out. If you have time to read the report — and I recommend it — you…

More Thoughts on Vendor Consolidation in the Security Market

In my last blog post, I discussed a new major trend in the security market, which is that security buyers are increasingly looking to consolidate vendors and want more of a platform approach to security versus stitching together point solutions. Besides hearing this directly from customers over the last few months, I documented in the blog how two different analysts, who were both doing comprehensive security customer surveys, both independently found that around “70% of enterprise security buyers are consolidating vendors.”  In this blog post I want to further elaborate on this trend and share some additional data points that…

It’s About Time (For Compliance with PCI DSS 3.2) — Are You Ready?

2017 hit the ground running in a fast and furious way, for obvious reasons. But wait a second — it’s suddenly March?!? Events and deadlines that seemed far into the future are suddenly right around the corner, with less time than you thought to cover everything in that intricate plan. Oh, if only time machines really did exist. One critical deadline on the near horizon applies to businesses who work with payment cards — merchants, financial institutions, point-of-sale vendors and developers who create and operate infrastructure that processes payments. And every one of those businesses needs to pay attention to…

How to Stop the Breach in a Hybrid Enterprise

Has your enterprise experienced a data breach in the past two years? If so, it’s time for a wake-up call. In fact, 66% of organizations reported falling victim to a breach an average of five or more times during that time span. The security status quo is a slippery slope. Enterprise networks have expanded beyond the well-defined boundaries that used to protect our important assets from falling into the wrong hands and a new security reality has set in. Traditional security methods can’t protect your organization from breaches, and failure to recognize this new reality leaves your business at risk…

Mobile World Congress 2017: It’s Not About the Phones Anymore

I’m here at Mobile World Congress 2017, and of course all the big names have new phones, but we expect that now. This year the theme is decidedly more about the future. Every year MWC has a theme, which is usually some sort of catchy marketing phrase. However, this year the theme is “The Next Element,” and I think it fits. Things like 5G connected cars, drones, VR and IoT are the showcase of many of the companies here. This is all great, and I like the progress the industry has made in just the last year. However, for me being…

Centrify Renews Commitment to Federal Information Processing Standards

The new release of Centrify Server Suite (CSS) 2017 contains an updated version of the Centrify Cryptographic Module, which provides the cryptographic services used within the suite. Just as we did with the previous version, this new crypto module has also received FIPS 140-2 validation, and its certificate #2844 has been posted on the NIST validation list. The Federal Information Processing Standard (FIPS) Publication 140-2 is a standard set by the US Government to approve cryptographic modules, and all software used within federal networks that perform encryption are required to be FIPS 140-2 validated. Centrify has hundreds of federal customers…

New Trend in the Security Space: Customers Want Vendor Consolidation and a Platform Approach

Starting late last year, I kept on hearing a growing drumbeat from customers that they were highly interested in consolidating the breadth of security vendors and products that they use internally to secure their enterprise. In past years, the talk by customers regarding “vendor consolidation” typically had been more in terms of the purchasing process and not having to deal with getting contracts and negotiating with yet another vendor. This time it was different — it has become clear to customers that having disjointed point solutions leave significant air gaps with regard to securing their enterprise, and that customers are…

Top 3 Takeaways from the 2017 RSA Conference

Last week was the 2017 RSA Conference in San Francisco. Having attended, I can report that the number of vendors at the conference was nothing short of mind-boggling. While there are many challenges facing the security industry, there are also a lot of innovative ideas about how to respond to them. Here are my top takeaways from the conference: #1 Organizations Should Consolidate Security Vendors While it was great to see so many vendors at RSA, it was also indicative of just how many point security tools are on the market today — many of which provide very specific solutions…