Stay Secure with Day-One Support for iOS 12 and macOS Mojave

It’s that time of year again: time for all the latest and greatest from our friends in Apple Park (or the Apple Spaceship as locals call it). This week, Apple released iOS 12 and next week Apple will release the latest update for macOS, 10.14 Mojave. We here at Centrify are excited for the new capabilities, the new look of iOS 12, and the new features and improvements with macOS Mojave. To that point, we have made sure that our customers are able to move forward with day-one Centrify support for both offerings. Our day-one support is effective across Centrify’s…

Centrify Scores Highest for Both “Workforce Users Accessing SaaS” and “Business-to-Business” in New Gartner Report

Gartner just released their first ever “Critical Capabilities for Access Management, Worldwide, 2018” report, and we are proud to see that Centrify has scored the highest of any vendor in 2 out of 3 Use Cases including “Workforce Users Accessing SaaS” (3.78 out of 5.0) and “Business-to-Business” (3.52 out of 5.0). Gartner evaluated 15 vendors’ services on nine critical capabilities including Event Logging and Reporting, SaaS Application Enablement, User Authentication Methods, and Authorization and Adaptive Access and three common Use Cases: Workforce Users Accessing SaaS, Business-to-Business, and Business-to-Consumer. We believe this validates our unique ability to secure access to apps…

Behind the Numbers: Database Authentication and Authorization

Earlier this month, I posted a blog about how most companies I speak with have not implemented a modern database authentication and authorization approach. I also recommended 8 steps IT leaders can take to modernize their database management operations. Upon reflection, I think an interesting follow up would be to take a look at some numbers that further illustrate the need to put effective database authentication and authorization practices in place to secure the enterprise. LOOK AT THE NUMBERS Let’s create a fictitious sample company to examine, called Company X. At the DB Survival Blog site, the accepted high-end number…

Centrify Interns Reflect on a Summer of Zero Trust

Every summer, Centrify gets an infusion of fresh perspectives and eager learners via our Summer Intern program. This summer, we had 22 interns join us on our mission to secure enterprise Identity and Access Management with Zero Trust Security. Some have already returned to school, while others are extending their internships due to late school start dates or because they’ve already graduated. As part of our own learning process, we created a contest asking them to share some of their highlights about being part of the Centrify Zero Trust team, whether recognizing a particular mentor, noting key learnings they’ll take…

Modern Practices: Zero Trust Security

In today’s mobile-first, cloud-first environment, cybersecurity starts with protecting the primary attack vector – privilege identities – with a “never trust, always verify” mindset for Zero Trust Security. Gartner predicts that companies will spend $96 billion in cybersecurity solutions in 2018 alone. While worldwide spending will increase 8% from last year’s total, less than 10% will be spent on Identity and Access Management, the number one attack vector. Clearly there is misinformation and misunderstanding of how to stop a breach. A recent research study with Dow Jones Customer Intelligence, “CEO Disconnect is Weakening Cybersecurity,” revealed that a discrepancy in the C-Suite is weakening enterprise security postures. CEOs mistakenly focus on eliminating malware, while Technical Officers (CIOs, CTOs and CISOs) on the front lines of cybersecurity point to identity breaches – including privileged user identity attacks and default, stolen…

Implementing Modern Approaches to Database Authentication and Authorization

The most common question I hear about Database Accounts is, “Can your solution vault Database Service and other Privileged Database Accounts?” Every time I hear this question, a voice in the back of my head wants to ask, “Have you implemented modern approaches to Database Authentication and Authorization Management?” See the real problem is the majority of Databases and the hosted Database Instances still have legacy Database Authentication and Authorization methodologies applied to them, so we are trying to apply a band-aid to the issue by reaching into the databases and vault the DB local accounts. THREE DATABASE APPROACHES Let’s…

How to Authenticate Users Into Apps Using AWS Application Load Balancer and Centrify

At Centrify, an AWS Partner Network (APN) Advanced Technology Partner, we frequently work with developers building applications on Amazon Web Services (AWS). While many aspects of app development and deployment on AWS have been streamlined, authentication of end-users into apps remains challenging. A traditional approach is to implement your own identity repository using a relational database or directory server. You are responsible for securing and storing user identities, implementing identity lifecycle management functions to create new users, implementing password policies, and recovering lost passwords. Another option is to use Amazon Cognito, which enables you to add code to your application to authenticate users either…

Centrify Zero Trust Security Network Partners Highlighted at BlackHat USA 2018 Booth 2410

This week, BlackHat USA commemorates its 21st year, taking over the Mandalay Bay Convention Center in Las Vegas to present trainings as well as recent developments and research about cybersecurity trends, best practices, and more. Centrify will once again be present to carry the flag for Next-Gen Access as an empowering force behind Zero Trust Security. You can find us at booth #2410 in the Oceanside Ballroom of the Business Hall, BlackHat’s latest euphemism for the vendor Expo. For more details about Centrify’s presence and other fun things happening at our booth, please read Michele Hayes’s blog from last week….

MFA Everywhere: A Tried and True Method in Accelerating Security

While phishing attacks continue to jeopardize today’s organizations (a reported 76% of organizations experienced phishing attacks in 2017), it was refreshing to hear that tech giant Google has apparently eliminated phishing by giving security keys to all of its 85,000 employees. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a company spokesperson told Krebs on Security last week. “Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.” This…

Centrify Booth 2410: Your Destination for All Things Zero Trust Security at BlackHat USA

BlackHat USA 2018 kicks off in Las Vegas next week, the 21st year that the information security event has brought together thousands of cybersecurity professionals. BlackHat is always a unique event in that it devotes a heavier portion of its agenda to technical trainings, skill-building, and research briefings for practical cybersecurity learning, followed by a shorter main conference we typically encounter at a “trade show.” It’s also co-located with DEFCON, a hacker convention that takes place immediately following BlackHat – that’s always interesting. Whether you go to the whole event, just the technical sessions, or the Business Hall (aka The…