New Trend in the Security Space: Customers Want Vendor Consolidation and a Platform Approach

Starting late last year, I kept on hearing a growing drumbeat from customers that they were highly interested in consolidating the breadth of security vendors and products that they use internally to secure their enterprise. In past years, the talk by customers regarding “vendor consolidation” typically had been more in terms of the purchasing process and not having to deal with getting contracts and negotiating with yet another vendor. This time it was different — it has become clear to customers that having disjointed point solutions leave significant air gaps with regard to securing their enterprise, and that customers are…

Federated Identity Management vs. SSO

Last time I wrote about how much it costs to protect yourself, so I want to follow up  with another topic that hits close to home: your wallet. Federated identity management (FIM) and single sign-on (SSO) are not synonymous — FIM gives you SSO, but SSO does not give you FIM. That minor detail is very important to understand, as you make the leap to the cloud and adopt more SaaS applications. While you will have some initial startup cost with FIM by building out an identity service provider (IDP), it is cheaper in the long run than using simple SSO with FIM….

Announcing Centrify’s New Analytics Service

After about two years of incredible hard work from the Centrify team, I am excited to announce the Centrify Analytics Service! Our goal for Centrify Analytics Service is to extend the Centrify Identity Services Platform to provide risk-based access management across apps and infrastructure. We all by now agree that IT and security teams in any enterprise are challenged with the risk of being breached in an enterprise that spans across cloud, mobile and data center. Traditional perimeter-based security is not good enough anymore, and the industry supports this claim: PwC in Information Security Breaches Survey 2016 titled, “A matter of when,…

Pass(word)ing the buck!

The start of the New Year is always an interesting time in the security community. Out come the statistics and stories about the worst passwords and the most common ones chosen by online users during the previous year. A recent story in the UK national press suggests that half of all online users worldwide use just 25 passwords between them — and of course, none of the passwords are very secure and hackers could easily crack them. In what seems like Groundhog Day the most common password is once again 123456, followed by 123456789 (so we can assume some popular…

Commission on Enhancing National Cybersecurity: Implement MFA

At the end of 2016, the Commission on Enhancing National Cybersecurity, a nonpartisan committee charged with developing actionable recommendations for securing and growing the digital economy, presented its report to then President Obama. While Obama has left office, the report still provides a valuable path towards ensuring cybersecurity, mapped out in a series of key action items. The most relevant for readers of this blog are found in Recommendation 1.3, summarized below. Recommendation 1.3: The next Administration should launch a national public–private initiative to achieve major security and privacy improvements by increasing the use of strong authentication to improve identity…

Does Multi-Factor Authentication Have to Be Difficult?

Before we go into how Multi-factor authentication (MFA) has changed, let’s have a quick look at what MFA is. With MFA, users must provide two or more “factors” of authentication when they access applications, networks and resources. MFA implementations use a combination of the following factors: Something you know: such as a username, password, PIN or the answer to a security question. Something you have: such as a smartphone, one-time pass token or smart card. Something you are: biometrics like your fingerprint, retina scans or voice recognition.   Now that we understand what MFA is, I’d like to point out that in today’s IT…

Will “Security Fatigue” Inevitably Overwhelm Your Organization?

“Security fatigue” is a growing concept within cybersecurity circles: experts report that the sustained threat of malicious attacks is causing end users to feel defenseless and hopeless. There’s a growing frustration about online account security, as the mounting frequency and severity of attacks is creating a bunker mentality that is difficult to escape. In many cases, organizations and employees are taking the fatalistic attitude of hoping they’re not a high enough value target to attack, rather than acting definitively to bolster their defenses. What can you do to keep security fatigue from stunting your security posture? Here are three key…

Top Three New Year’s Security Resolutions

When it comes to setting New Year’s resolutions, most people shoot for the moon. We tell ourselves we will give up carbs, go running every morning, become a vegan or even give up drinking alcohol. Inevitability, three weeks later, we find ourselves right back where we started. As security professionals, responsible for keeping the bad guys out and reducing the risk of data breaches, we find ourselves right back where we started too — we fundamentally do not really improve our security posture, and then wonder why not. We are very similar to our consumer counterparts, because we set lofty…

Single-factor Authentication (SFA) vs. Multi-factor Authentication (MFA)

This blog will discuss the what single-factor authentication (SFA), two-factor authentication (2FA) and multi-factor authentication (MFA) are, and why more than one factor of authentication is vital to security. What is Single-factor Authentication (SFA)? Single-factor authentication is the simplest form of authentication methods. With SFA, a person matches one credential to verify himself or herself online. The most popular example of this would be a password (credential) to a username. Most verification today uses this type of authentication method. What is Two-factor Authentication (2FA)? Two-factor authentication uses the same password/username combination, but with the addition of being asked to verify who a person is by using…

Why Organizations Need Adaptive Multi-factor Authentication (MFA)

We hear about high profile security breaches frequently. Most of these breaches exploit the system login credentials of end users to get into the company’s network. Leading organizations are recognizing this and are beginning to focus on better securing end user identities. Multi-factor authentication (MFA) is becoming a very popular method for doing this as MFA requires a user to provide more than just a password to access the network. These additional factors of authentication require the user to provide something that only the user knows, has and is. As a best practice, when implementing MFA, it should be setup across…