Is Multi-factor Authentication Adoption Finally Picking Up Speed?

Enterprise adoption of multi-factor authentication has been slow, with many organizations disregarding its value. But has Amazon triggered a change in momentum?   Despite best intentions, few in the industry would argue that relying on a password for security purposes works. If a password is too simplistic, it is more likely to be guessed (either by man or machine). If it is too complex, the chances are it has to be written down in order to be remembered, leaving it susceptible to prying eyes. Passwords are shared with insufficient consideration of the longer-term implications, and ex-employees can often still access…

Centrify and Yubico Partner to Bring Context-Based Adaptive Authentication to the Enterprise

Have you ever reported to the police that someone else’s car was stolen or burglarized?  You haven’t?  Certainly you have heard a car alarm.  Why did you fail to act when the car alarm sound blared into your ears?  Hint: almost no one believes car alarms and so we are lulled into a false sense of security. Where this false sense of security has reached epic proportions is in our collective security for our digital identities. We use passwords so we think we are safe, but we are already compromised and don’t even know it! Business employees are using more varied devices…

Blackberry Partners with Centrify for Derived Credential Support on Good Secure Mobility Platform

Live from Mobile World Congress in Barcelona! Today, I am pleased to share that Blackberry has partnered with Centrify to provide an even greater level of security for highly regulated customers in the government and financial sectors that use Good Secure Mobility Platform. Together, Blackberry and Centrify are delivering a turnkey solution for using smart card-derived credentials for secure access to thousands of apps and servers on Good secured mobile devices. Blackberry wanted to open the door to full secure mobility for its public sector customers like state and federal governments, as well as security-conscious financial companies that rely on…

What is a Derived Credential Anyway?

What is a derived credential anyway? You may have heard that Centrify announced support for “derived credentials,” in conjunction with its smart card offering. If you aren’t in the federal or ultra-secure enterprise space, you’ve probably never heard of derived credentials. So what’s so special about it? Users that are issued smart cards as their primary means of authentication have to physically insert a card into a reader on their desktop/laptop and then enter a PIN. This form of authentication replaces the username and password, and also covers the 2-factor requirement as well. (The card is something you have, and…

Smart Card Login to Cloud-Based Apps and Privileged Identity Management Services

I am excited to announce that Centrify has added Smart Card login as a core feature of our Cloud Identity Platform supporting both the Centrify Identity Service as well as the Centrify Privilege Service. Smart Cards in physical form (CAC/PIV), derived credentials, virtual smart cards as well as USB PKI Keys (such as Yubikey or SafeNet eToken Pro) can now be used to login to your agency’s personalized Centrify cloud portal for access to SaaS applications as well as privileged user access to authorized servers and networking devices. There are several reasons that our customers are asking for this capability as they…

Federal Insecurity

Months after the devastating Office of Personnel Management (OPM) hack came to light — in which 21.5 million personnel records were stolen — the Government Accountability Office (GAO) has issued a report on the extent that US Federal Government is experiencing breaches. The report revealed that the number of security incidents impacting Federal agencies has grown from 5,503 in 2006 to 67,168 in 2014 — a massive 12x increase in 8 years — and that the US government is looking to hire 10,000 cyber professionals in the next year. In this blog post I will go over some of the highlights…

A Single Unprotected Identity Is One Too Many

One of my favorite Simpsons episodes is titled “Last Exit to Springfield,” and it includes a scene where Mr. Burns and Smithers are accessing a secret control room to shut off the power to the entire town. They proceed to walk through multiple levels of security with video cameras, an eye scanner, and even a hidden library passage unlocked via a fake book. They finally arrive at the control room only to find the back door broken and wide open, with a stray dog walking in. In the late 90’s I used this reference all the time when assessing the security…

Secure Windows Administration and Eliminate Dual Active Directory Accounts for Administrators

I’ve seen many environments lately where the Windows administrators have two Active Directory accounts, one that they use for their normal end user activities, such as reading email, and the other they use for any administrative duty. This creates several very real problems: a) the admin now has two different accounts with a password that he must now maintain over time, probably not a huge problem but just a pain for the admin; b) you still have to trust the admin where he will use the second admin account and hope that he doesn’t use it for normal daily activity…