Centrify Renews Commitment to Federal Information Processing Standards

The new release of Centrify Server Suite (CSS) 2017 contains an updated version of the Centrify Cryptographic Module, which provides the cryptographic services used within the suite. Just as we did with the previous version, this new crypto module has also received FIPS 140-2 validation, and its certificate #2844 has been posted on the NIST validation list. The Federal Information Processing Standard (FIPS) Publication 140-2 is a standard set by the US Government to approve cryptographic modules, and all software used within federal networks that perform encryption are required to be FIPS 140-2 validated. Centrify has hundreds of federal customers…

New Trend in the Security Space: Customers Want Vendor Consolidation and a Platform Approach

Starting late last year, I kept on hearing a growing drumbeat from customers that they were highly interested in consolidating the breadth of security vendors and products that they use internally to secure their enterprise. In past years, the talk by customers regarding “vendor consolidation” typically had been more in terms of the purchasing process and not having to deal with getting contracts and negotiating with yet another vendor. This time it was different — it has become clear to customers that having disjointed point solutions leave significant air gaps with regard to securing their enterprise, and that customers are…

Top 3 Takeaways from the 2017 RSA Conference

Last week was the 2017 RSA Conference in San Francisco. Having attended, I can report that the number of vendors at the conference was nothing short of mind-boggling. While there are many challenges facing the security industry, there are also a lot of innovative ideas about how to respond to them. Here are my top takeaways from the conference: #1 Organizations Should Consolidate Security Vendors While it was great to see so many vendors at RSA, it was also indicative of just how many point security tools are on the market today — many of which provide very specific solutions…

Federated Identity Management vs. SSO

Last time I wrote about how much it costs to protect yourself, so I want to follow up  with another topic that hits close to home: your wallet. Federated identity management (FIM) and single sign-on (SSO) are not synonymous — FIM gives you SSO, but SSO does not give you FIM. That minor detail is very important to understand, as you make the leap to the cloud and adopt more SaaS applications. While you will have some initial startup cost with FIM by building out an identity service provider (IDP), it is cheaper in the long run than using simple SSO with FIM….

Ponemon 2017 Report: The Need for a New IT Security Architecture

It’s annual cybersecurity reporting season and first up in 2017 is the Ponemon Global Study, “The Need for a New IT Security Architecture” sponsored by Citrix. The study reveals global trends in IT security risks and reasons why security practices and policies need to evolve in order to deal with threats from disruptive technologies, cybercrime and compliance. Changes in the workplace and problems managing IT security are also increasing risks to the organization. This report surveyed more than 4000 global IT and security practitioners and discusses the findings that concern risks created by cybercrime, employee negligence and organizational dysfunction and…

RSA: Centrify Survey Reveals Almost Half of Respondents Lack Confidence in Their Company’s Cybersecurity Strategies

Yesterday, we conducted an onsite survey of IT professionals attending the RSA Conference, being held this week at Moscone Center, San Francisco. The poll asked respondents how their companies secure applications and infrastructures in the age of access, and it revealed that only slightly more than half (55%) believe their company’s current technology investment ensures their company’s cybersecurity. This leaves about half of respondents with a lack of confidence in their own organization’s corporate security! While this fact is startling, it shouldn’t be too surprising, since a recent Forrester study, commissioned by Centrify, confirms that in the past two years, two-thirds…

National Cyber Security Centre Opens: Why UK Firms Need to Rethink IAM

Today the UK’s National Cyber Security Centre (NCSC) opened to great fanfare. But it will have its work cut out to fulfil its mission of making the UK “the safest place to live and work online.” UK organisations of all shapes and sizes are under continual attack – whether from state-sponsored spies, hacktivists or financially motivated cyber gangs. So this is a great chance to marshal our response and make sure we are all able to take advantage of what NCSC boss Ciaran Martin has called a “new era of online opportunity.” Organisations should use the occasion to revisit and reinvigorate…

The Cybersecurity Tipping Point Nears

If we’d take a moment to pull our heads out of the sand and look around, we’d quickly see that we’re on an ominous trajectory. There’s no arguing that over the last several years, we’ve been suffering from increasing numbers of breaches, cyberhacks and data leaks. What’s truly puzzling is the fact that we’ve grown so used to the headlines, they no longer seem to impact us: Target spent $250 million to manage a breach? A massive 1 terabytes per second attack against a DNS provider that knocks out major websites? One billion Yahoo identities hacked? Even a hacked election?…

Announcing Centrify’s New Analytics Service

After about two years of incredible hard work from the Centrify team, I am excited to announce the Centrify Analytics Service! Our goal for Centrify Analytics Service is to extend the Centrify Identity Services Platform to provide risk-based access management across apps and infrastructure. We all by now agree that IT and security teams in any enterprise are challenged with the risk of being breached in an enterprise that spans across cloud, mobile and data center. Traditional perimeter-based security is not good enough anymore, and the industry supports this claim: PwC in Information Security Breaches Survey 2016 titled, “A matter of when,…

Pass(word)ing the buck!

The start of the New Year is always an interesting time in the security community. Out come the statistics and stories about the worst passwords and the most common ones chosen by online users during the previous year. A recent story in the UK national press suggests that half of all online users worldwide use just 25 passwords between them — and of course, none of the passwords are very secure and hackers could easily crack them. In what seems like Groundhog Day the most common password is once again 123456, followed by 123456789 (so we can assume some popular…