National Cyber Security Centre Opens: Why UK Firms Need to Rethink IAM

Today the UK’s National Cyber Security Centre (NCSC) opened to great fanfare. But it will have its work cut out to fulfil its mission of making the UK “the safest place to live and work online.” UK organisations of all shapes and sizes are under continual attack – whether from state-sponsored spies, hacktivists or financially motivated cyber gangs. So this is a great chance to marshal our response and make sure we are all able to take advantage of what NCSC boss Ciaran Martin has called a “new era of online opportunity.” Organisations should use the occasion to revisit and reinvigorate…

How to Keep Active Directory Active in a Hybrid IT World

For enterprise IT, “hybrid” is the word of the year. You’re either operating a hybrid infrastructure model already or you’re teetering on the edge. It’s getting easier now that AWS, Microsoft, Google et al are improving their services in support of such a model. At the Amazon AWS re:invent show in November, every other sentence contained the word “hybrid.” This was in stark contrast to last year where Amazon still firmly believed a total migration was the only logical choice. Some of our customers are very aggressive with plans to dissolve all their data centers and migrate everything to IaaS. The…

Solving DHS Continuous Diagnostics and Mitigation (CDM) Phase 2

The Department of Homeland Security (DHS) established a $6B blanket purchase agreement (BPA) to improve the cyber defenses for federal, state, local, tribal and territorial governments. The DHS Continuous Diagnostics and Mitigation (CDM) program helps protect government IT networks from cyberthreats and enhances risk-based decision making by providing a consistent and proven set of solutions. Centrify is the selected solution for CDM Phase 2 CRED that ensures all federal agency associates only have access to servers, applications or network resources based on their unique identity, role and responsibility within their organization. Centrify Server Suite offers a robust Active Directory bridge…

The Great Gig in the Sky: Secure Hybrid Cloud

Every day I hear from companies concerned and frustrated over a specific challenge — how to stand up workloads in the cloud while maintaining privileged access security (PAS). Infrastructure-as-a-Service (IaaS) has become the great equalizer. It doesn’t matter whether you’re large or small, in finance, healthcare or government — we all share the same worries when it comes to securing access to, and in, the cloud. I was pondering this the other day while sipping a short, dry cappuccino and listening to Pink Floyd’s Dark Side of the Moon. I had an epiphany. Thanks to Roger Waters & Co, I walked away with…

Top Three New Year’s Security Resolutions

When it comes to setting New Year’s resolutions, most people shoot for the moon. We tell ourselves we will give up carbs, go running every morning, become a vegan or even give up drinking alcohol. Inevitability, three weeks later, we find ourselves right back where we started. As security professionals, responsible for keeping the bad guys out and reducing the risk of data breaches, we find ourselves right back where we started too — we fundamentally do not really improve our security posture, and then wonder why not. We are very similar to our consumer counterparts, because we set lofty…

3 Ways to Ensure You Are Not the Next Company Breached

There is a superstition that bad things happen in “threes.” This month, we mourned the loss of three national icons — Astronaut, John Glenn, Actor, Alan Thicke and TNT Sideline Reporter, Craig Sager. Similarly, this week, I received an email from Yahoo! announcing they had been breached again — affecting over 1B users — including me. On Friday, I received another notification from Bleacher Report, informing me that their users had been compromised. Do you see where this is going?… STOP! Is this Superstition True? The short answer is No. Are superstitions true? Most rational people would agree that they…

Good Cyber Hygiene: Everyone is a Privileged User

Yesterday, ICIT published the first in a series of research reports as part of an identity management and cyber hygiene initiative, entitled, “ICIT Analysis: Identity and Access Management Solutions: Automating Cybersecurity While Embedding Pervasive and Ubiquitous Cyber-Hygiene-by-Design.“ Wow, what a title. But worthy of the topic. ICIT Sr. Fellow James Scott and Researcher Drew Spaniel did a thorough job identifying the various pitfalls of cybersecurity and ensuring everyone in the organization cares about cyber hygiene and is on top of their game. They offered several good ideas to meet the needs of today’s environment,  such as use a digital representation…

Changing the Game: Simplified Authentication to IaaS

I am pleased to introduce the Identity Broker capability of the Centrify Privilege Service. Identity Broker for Linux enables a new paradigm in user authentication to Linux systems, which seamlessly integrates your choice of directory service, including Active Directory, LDAP directories or cloud directories such as Google G Suite Directory. This is a significant advancement in Centrify’s identity consolidation capabilities and delivers freedom of choice when deciding where to store your identities. For 12+ years, Centrify has focused on delivering some of the best possible integration of Linux servers into Active Directory. Our customers are successfully securing identity, authentication and privilege across…

Cybersecurity in 2016; predictions for 2017

It’s that time of year again. The holiday season is upon us and with it, online shopping will no doubt take another bite out of traditional brick-and-mortar holiday sales. With a colorful new president taking office shortly thereafter, 2017 promises to be an interesting year. But before we get to predictions, let’s take a look at the year that was. 2016: The year in review After a series of high-profile breaches in 2015 that involved criminal and state-sponsored attacks against the personal data of hundreds of millions of people, our prediction last year was that 2016 would bring the increased…

How to Avoid a Snowden-esque Security Breach at Your Company

What would happen to your company’s reputation or market share if its data was hacked? This article originally appeared on Inc. Magazine and is reprinted with permission. The recent release of Snowden, the 2016 film about exiled former cyber-security contractor Edward Snowden, highlights some of the inherent cyber-security risks that organizations face. These concerns have been reinforced by the controversy over hacked emails during the current election cycle. In Snowden’s case, it was the National Security Agency (NSA) that was breached, but the vulnerabilities he exploited exist in many enterprise-level companies as well. Security Breaches in recent memory While I worked at Symantec for the…