Password Vaults Alone Are Not Enough to Stop the Breach

A recent Forrester study examined four levels of identity and access management (IAM) maturity and found a direct correlation between the number of privileged identity management (PIM) best practices implemented and the number of security incidents encountered by an organization. Wait, Isn’t Privileged Identity Management == Password Vault? Nope. Centrally controlling shared access to non-human accounts and automating periodic password rotation for shared accounts reduces risk, no doubt. This is a critical component when minimizing your attack surface and will make it harder for hackers to get in to your environment (initial compromise) — it is a best practice. However,…

Role-based Access Control: Keeping Your Business Out of Harm’s Way

When our baby first started crawling, we installed gates in all the doorways.  This kept her in safe, baby proofed areas.  We didn’t have to worry about her accidently wandering into a room and getting into something that could harm her.  It also allowed us to keep some things “nice” that a toddler would normally want to “play” with. Controlling Access for Security Best Practices But, what does this have to do with role-based access control (RBAC)?  Well everything.  As she grows and gains more skills, we adjust her access to the house.  It might be low tech, but it…

Undue Privilege Costs Cash and Undercuts Security

Few managers would throw their employee the keys to a big rig with two loaded trailers to pick up a pint of milk from a nearby convenience store. Apart from the problem of parking, the vehicle is massively over-specced for the job at hand, which creates unnecessary safety risks, both to the driver and to other road users. However, this is essentially what occurs each day in businesses around the world as employees are given access to privileged computer accounts that massively exceed the needs of their jobs. The result is often devastating in terms of corporate security with many…

How to Stop the Breach in a Hybrid Enterprise

Has your enterprise experienced a data breach in the past two years? If so, it’s time for a wake-up call. In fact, 66% of organizations reported falling victim to a breach an average of five or more times during that time span. The security status quo is a slippery slope. Enterprise networks have expanded beyond the well-defined boundaries that used to protect our important assets from falling into the wrong hands and a new security reality has set in. Traditional security methods can’t protect your organization from breaches, and failure to recognize this new reality leaves your business at risk…

New Trend in the Security Space: Customers Want Vendor Consolidation and a Platform Approach

Starting late last year, I kept on hearing a growing drumbeat from customers that they were highly interested in consolidating the breadth of security vendors and products that they use internally to secure their enterprise. In past years, the talk by customers regarding “vendor consolidation” typically had been more in terms of the purchasing process and not having to deal with getting contracts and negotiating with yet another vendor. This time it was different — it has become clear to customers that having disjointed point solutions leave significant air gaps with regard to securing their enterprise, and that customers are…

Ponemon 2017 Report: The Need for a New IT Security Architecture

It’s annual cybersecurity reporting season and first up in 2017 is the Ponemon Global Study, “The Need for a New IT Security Architecture” sponsored by Citrix. The study reveals global trends in IT security risks and reasons why security practices and policies need to evolve in order to deal with threats from disruptive technologies, cybercrime and compliance. Changes in the workplace and problems managing IT security are also increasing risks to the organization. This report surveyed more than 4000 global IT and security practitioners and discusses the findings that concern risks created by cybercrime, employee negligence and organizational dysfunction and…

RSA: Centrify Survey Reveals Almost Half of Respondents Lack Confidence in Their Company’s Cybersecurity Strategies

Yesterday, we conducted an onsite survey of IT professionals attending the RSA Conference, being held this week at Moscone Center, San Francisco. The poll asked respondents how their companies secure applications and infrastructures in the age of access, and it revealed that only slightly more than half (55%) believe their company’s current technology investment ensures their company’s cybersecurity. This leaves about half of respondents with a lack of confidence in their own organization’s corporate security! While this fact is startling, it shouldn’t be too surprising, since a recent Forrester study, commissioned by Centrify, confirms that in the past two years, two-thirds…

National Cyber Security Centre Opens: Why UK Firms Need to Rethink IAM

Today the UK’s National Cyber Security Centre (NCSC) opened to great fanfare. But it will have its work cut out to fulfil its mission of making the UK “the safest place to live and work online.” UK organisations of all shapes and sizes are under continual attack – whether from state-sponsored spies, hacktivists or financially motivated cyber gangs. So this is a great chance to marshal our response and make sure we are all able to take advantage of what NCSC boss Ciaran Martin has called a “new era of online opportunity.” Organisations should use the occasion to revisit and reinvigorate…

The Cybersecurity Tipping Point Nears

If we’d take a moment to pull our heads out of the sand and look around, we’d quickly see that we’re on an ominous trajectory. There’s no arguing that over the last several years, we’ve been suffering from increasing numbers of breaches, cyberhacks and data leaks. What’s truly puzzling is the fact that we’ve grown so used to the headlines, they no longer seem to impact us: Target spent $250 million to manage a breach? A massive 1 terabytes per second attack against a DNS provider that knocks out major websites? One billion Yahoo identities hacked? Even a hacked election?…

Does Multi-Factor Authentication Have to Be Difficult?

Before we go into how Multi-factor authentication (MFA) has changed, let’s have a quick look at what MFA is. With MFA, users must provide two or more “factors” of authentication when they access applications, networks and resources. MFA implementations use a combination of the following factors: Something you know: such as a username, password, PIN or the answer to a security question. Something you have: such as a smartphone, one-time pass token or smart card. Something you are: biometrics like your fingerprint, retina scans or voice recognition.   Now that we understand what MFA is, I’d like to point out that in today’s IT…