Modernizing Legacy Apps to Boost Security: Part II

As we discussed in part I of this article, many companies are still in the process of modernizing their legacy apps. There are a number of reasons to do this, but securing your environment is typically the main goal. We’ve already identified that a (software) token-based system as essential. Let’s continue with a couple more best practices. Provide for User Provisioning An application needs user data — not for authentication, but because it needs to know the role and responsibilities of the person logging in so that privileges inside the app can be managed and regulated. Therefore, a database of…

Modernizing Legacy Apps to Boost Security: Part I

The subject of modernizing apps has been around for years, but while talking to a partner organization recently, I was reminded that there are a number of companies with legacy apps that are just now getting around to dealing with them. What Apps Need Modernization? The commercial apps you’re implementing into your environment today should not need to be modernized. If, however, you’ve developed your own apps or you continue to use legacy commercial apps developed several years back, you may have some work to do. Why Modernize an App? Companies most often modernize apps as a method of improving…

Password Reset on World Password Day

Well, I forgot another holiday. As I get older, it just happens more and more. Good news: It wasn’t my anniversary — though at this rate I’m sure to forget that soon enough. No, this time I forgot all about World Password Day. And you know what? I bet you did too. It’s just something about passwords. We forget them. We forget to reset them in time. We forget the “holidays” associated with them. We need something better, and when we can’t eliminate them, we need a better way to reset them. For ServiceNow customers, that means using something like Centrify…

Picking a Perfect Bracket is Hard, SaaS Implementation is Easy

Being in tech and a self-proclaimed sports junkie, I couldn’t resist writing my blog about my favorite sporting event — March Madness. If you’re like me, you watched the selection show this past weekend and started thinking about your bracket. You said to yourself, I know the perfect bracket is impossible — but one day I’m going to get it right. Depending on who you listen to the odds range from a high of 1 in 128 billion to a low of 1 in 9.2 quintillion (yes, that’s a real number — 9 followed by 18 digits).  So, I wasn’t too…

Multi-Factor Authentication Everywhere

I am pleased to write that Centrify announced today our Multi-Factor Authentication Everywhere initiative (aka “MFA Everywhere”) that is aimed at further securing enterprise identities against today’s most prevalent source of cyber attacks — compromised credentials. With this announcement, Centrify is now delivering one of the industry’s most easy-to-use adaptive MFA solutions that supports all types of enterprise users — including employees, contractors, outsourced IT, partners and customers — across a broad range of enterprise resources — including cloud and on-premises apps, VPNs, network devices, and cloud and on-premises servers. In this blog I will talk about why you need MFA and…

Why Outsourced IT Deserves As Much (Or More) Security Than Internal IT

  This is a very short blog. Short on text, that is. Long on value. If you’re in IT, especially in IT management, please click on the following link to see the many ways — some unique to Centrify — that our new Server Suite 2016 and Privilege Service 15.12 protect your most sensitive data from being stolen. Rather than toss out a load of features and leave you struggling to figure out how to thread them together in a meaningful way that addresses your specific business needs, we’ve weaved them into a story. Stories are great! It’s fictional, but oh so apt given all the…

Outsourced IT Part Deux

Let’s continue our purely fictional story from last time, where we stepped into the shoes of our IT consultant, Tony. You may recall he works for ACME Consulting who provides outsourced IT services to Banzai. In a nutshell, we showed how easy it can be for Banzai to improve security, reduce risk, increase visibility, and provide secure access from anywhere, leveraging Centrify’s Privilege Service and Server Suite. Let’s peek inside Banzai’s IT world for an update from the IT Director, Tom: Well, the results came in and it’s safe to say (no pun intended) that our expectations were fully met with the…

A Single Identity Platform for All Users

Over the past two years I have had countless conversations with customers and prospective customers who have asked: “we love what you do for SSO and MFA for employees, and how you do privileged identity management for IT staff … can we extend those capabilities to our business partners and customers?” These customers have all had a common goal in mind — they want to use a single platform and tool to manage user access to resources regardless of who the user is or where the user identity comes from. Well, to all of those people who I have discussed…

Every Password Has Been Stolen. Now What?

It’s time we stop pretending. Oh, I know it’s easier to sleep when we think that we’re safe and sound. We try to use only “trusted” apps and services. We choose who gets to keep our photos, our files, and our tax returns. We see the lock icon that indicates HTTPS, and we think we can buy shoes safely. But each of the services we choose, and labor over, and discuss, and investigate — they are all only as strong as the dumb password we put in front of them. Let’s just assume every password has been compromised. No account…

Dear Taxpayer: You’ve Been Breached

A few weeks ago the spouse and I learned of an identity theft — our own. We received a notice from the Internal Revenue Service. It said that someone had filed a false return in our names, in an attempt to steal our tax refund. I’m glad IRS flagged the return and sent us a letter. But everyone’s favorite government agency has had to learn its vigilance the hard way. In 2013, it paid out $5.2 billion in fraudulent identity theft tax refunds. The IRS breach is a product of a much bigger problem: large-scale data breaches involving identity and…