Centrify and SailPoint Join Forces to Apply Zero Trust Security Best Practices to Identity Governance

Today, Centrify is proud to announce the integration of the Centrify Privileged Access Service with SailPoint® Technologies IdentityIQ™ solution. This integration provides joint customers with a single pane of glass for a privileged user’s entitlements and enables issuing access requests for accounts, systems, and existing roles that are controlled by the Centrify Privileged Access Service. This allows for centralized management and control of identities to quickly identify and mitigate access risks of privileged users, while strengthening an organization’s compliance posture. Figure: Centrify Privileged Access Service integration with SailPoint IdentityIQ BRINGING ZERO TRUST SECURITY TO IDENTITY GOVERNANCE One of the essential…

How to Operationalize the Zero Trust Security Pillar ‘Limit Access & Privilege’ with ServiceNow

An easy way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom.” As a result, it’s not surprising that, according to Forrester, 80 percent of breaches involve privileged credential misuse. By leveraging a “trusted” identity a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. Zero Trust Best Practice: Limit Access & Privilege To limit their exposure…

World Password Day – 5 Facts About Weak Credentials

Happy World Password Day! Ok, I’ll admit until a few days ago, I wasn’t aware this was a thing. As with most events in my life, if Outlook or Android doesn’t serve me a popup reminder, I’m oblivious to it. But this one commanded my attention, not only because of the never-ending news coverage we see about high-profile breaches, but also because I now know that 4 out of 5 are due to weak, default, stolen, or otherwise compromised credentials. Around this time of year, we tend to see reports that detail the top 25 most common passwords. You’d think…

Insights from the Verizon 2018 Data Breach Investigation Report

The 2018 Verizon Data Breach Investigation Report (DBIR) was published in early April, reporting on 53,308 security incidents and 2,216 data breaches from 67 contributors in 65 countries. It’s an important read for organizational leaders, and cyber professionals to find data-driven evidence of industry-specific incident patterns. It’s also important to distinguish incidents from breaches. A breach is an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party. The remainder of this article will discuss data breaches. The following quote from Robert Novy, Deputy Assistant Director at the US Secret Service, is a good summary…

DevSecOps Gathers More of the Spotlight at RSA 2018

Nearly 1,200 security professionals recently attended the DevOps Connect: DevSecOps Day at the 2018 RSA Conference at San Francisco’s Moscone Center. Now in its fourth year, DevSecOps Day featured presentations and panel discussions on the role of security in the world of DevOps. DevOps thought leaders, security experts, and vendors shared success stories, insights, and challenges they faced in their journeys to implement secure DevOps practices. The common theme throughout the day was that security is becoming everyone’s responsibility. The security teams are starting to get more involved in the development processes while developers are starting to integrate security directly…

Supply Chain Risk: Time to Focus on Partners Ahead of GDPR Deadline

With the GDPR compliance deadline of May 25 almost upon us, recent events have highlighted the importance of locking down third-party risk. Attacks on supply chain partners, Facebook’s data leak scandal and a new report from the National Cyber Security Centre (NCSC) have all come at an opportune time to illustrate the potential liabilities facing firms. The GDPR will require much stricter due diligence and new contractual provisions between data controllers, processors and other third parties. Access controls in particular should be front and centre when dealing with suppliers. This is an opportunity to differentiate on improved security, so grab…

Introducing Centrify Identity Services for HashiCorp Vault

Today, Centrify is proud to announce the integration of the Centrify Identity Service with HashiCorp Vault for role-based user authentication and access to the Vault. The Centrify Next-Gen Access Management platform now provides an additional Auth Method called “centrify” for HashiCorp Vault. This Auth Method allows you to authenticate users to HashiCorp Vault, leverage any connected directory source for authentication, and enable role-based authorizations to Vault resources using Centrify Roles. Figure 1: HashiCorp Vault integration with Centrify Identity Services INTEGRATION, AUTHENTICATION, ACCESS There are several benefits to using Centrify for user authentication to HashiCorp Vault: Centrify brokers authentication to any…

Secure the Vote with Zero Trust

Our democracy is under attack. We are in an era where digital assets are being weaponized and used against us. The fragile state of our democracy is highlighted by election meddling by foreign interests, database breaches of both political parties, and most recently a high-profile breach of trust. And now, just a week ago, a “60 Minutes” episode titled, ‘When Russian Hackers Targeted the U.S. Election Infrastructure,’ validated that the main target of the 2016 U.S. election was election boards, and that up to 90,000 voter records were compromised. Election boards and officials face the biggest battle yet when it…

Trends to look for next week at RSA Conference 2018

Next week (April 16-19) is the 2018 RSA Conference at the Moscone Center in San Francisco, and there’s good news: it’s not too late to register for a complimentary Exhibit Hall Only Pass using the Centrify entry code X8ECENTR. You’ll get free admission to the Exhibit Hall, Wednesday through Friday keynotes, select sessions throughout the week, and several other events you can learn about here. If you’re on the fence about whether or not to attend, here’s a preview of the topics we expect to generate the most RSA buzz. If any of these interest you, register, and be sure…

Centrify Zero Trust Security Partners in the Spotlight at RSA Booth 501

RSA Conference has moved back to April this year, and next week the largest cybersecurity trade show in the world will once again convene at Moscone Center in San Francisco. Centrify will be front and center this year – literally. Our booth #501 is right in the middle of the entrance to the South Hall. You can’t (and won’t want to) miss it. In case you didn’t catch it the first time, Michele Hayes wrote a great blog about everything going on at our booth next week. I highly suggest reading that once you’re done here. PARTNERS IN THE SPOTLIGHT…