Using CAC and Smart Card Reader on Mac OS X

If you have Common Access Card (CAC), and a smart card reader, you can start using them on Mac OS X.  Smart Card Applications  By installing Centrify Express for Smart Card, you can start using smart card with applications, such as Safari browser, Mail.app or Outlook.  This allows you to enter a CAC protected web site, sign and encrypt e-mail.  You can also use in-house or third party applications that access smart card through Tokend interface, as Express for Smart Card provides Tokend (smart card drivers) for CAC, PIV and CACNG cards.  You can download Express for Smart Card here:…

Centrify Suite 2013.2 Release – Security Enhancement to Mac and Red Hat Smart Card

We are excited about the upcoming release of Centrify Suite 2013.2. In particular, I would like to discuss DirectControl for Mac, and smart card support in DirectControl for Red Hat. Our team’s focus in this release is to enhance the security of end points (Mac and Red Hat Enterprise Linux) further with Centrify DirectControl (CDC). As my colleague Brian says, without further ado …

Administrator Account Risk “A Dirty Little Secret”

A brief post today on an article from this morning’s Times…  The risk of IT administrators gaining access to restricted systems and resources through root or Administrator privilege is “…a dirty little secret that’s being revealed,” said Robert Bigman, a former chief information security officer at the Central Intelligence Agency, quoted today in the New York Times article, “N.S.A. Leak Puts Focus on System Administrators“.  Unrestricted administrator privilege is a problem for many organizations, not just N.S.A.  But when we talk with Windows IT managers about their admins having access to systems and resources they shouldn’t have, we sometimes hear:  “Oh, we don’t…

Comparing Federated Identity Options for Office 365

In my last blog post I walked readers through the various identity management scenarios for Microsoft Office 365. To summarize they are (a) “cloud identity” where users just login via their Windows Azure Active Directory (WAAD) account with no relationship between those accounts to any on-premise directory; (b) “directory and password synchronization” whereby your users’ accounts and passwords from your on-premise AD can be sync’ed to WAAD, but authentication occurs with WAAD and users have re-enter their same username/password over and over again to access Office 365; and (c) “federated identity” whereby Office 365 authentication occurs with your on-premise AD and there is no re-entering of usernames and passwords. In this blog post I want to drill down on comparing options for scenario (c) — “federated identity.”

An Overview of Core Identity Scenarios for Office 365

As mentioned in my last blog post, Centrify recently shipped its Centrify for Office 365 solution. Centrify for Office 365 is an easy-to-deploy, Azure-based service that offers the industry’s most comprehensive solution for Active Directory-based single sign-on, user provisioning and mobile management. In this blog post I want to discuss the core identity scenarios that exist for Office 365 in order to set up future blog posts in which I compare what Microsoft provides with Active Directory Federation Services (ADFS) to Centrify’s approach to Office 365 federated identity.

Centrify Expands on Red Hat Partnership with Secure Access for Software Defined Red Hat Storage

Today we are excited to announce that Centrify and Red Hat have expanded on their partnership with a new solution for secure access to software-defined storage! This partnership leverages synergistic solution scenarios from both vendors that help customers transition to a modern datacenter infrastructure. The solution gives customers proven and validated storage and compute solutions scenarios for their unique storage requirements while supporting new storage challenges presented by big data. Through this blog, lets take a deeper dive into why Red Hat and Centrify were motivated to work together and how customers can benefit from the partner solution. Unstructured data is growing…

Delivering Active Directory-based Single Sign-on to Office 365

It was neat to see at this week’s Microsoft TechEd that Centrify announced our latest cloud service offering — Centrify for Office 365. Centrify for Office365 is an easy-to-deploy Microsoft Azure-based service…As part of this announcement we also announced Microsoft has evaluated Centrify for Office 365…and has qualified it as a “Works with Office 365” solution, so also nice to get that validation from Microsoft itself. In this blog post I want to provide an overview of our solution for Office 365, and in future blog posts will drill down a bit more on how Centrify for Office 365 differs from what Active Directory Federation Services (ADFS) provides vis a vis Office 365 single sign-on.

Centrify Extends Microsoft Partnership with Office 365 Single Sign-On Solution

Centrify has been a longtime valued partner of Microsoft as a result of bridging Microsoft’s Active Directory to millions of UNIX/Linux systems, Mac/mobile devices and on-premise applications.  As we began talking to Microsoft about what was most important to them in the cloud space, they outlined that the Office 365 business just surpassed the billion dollar mark and they expect up to 60 per cent of their customer base to move from on-premise Office to the Office365 SaaS application over the next five years. The biggest hurdle that Microsoft is facing on this migration opportunity is their customers’ desire to retain their existing on-premise…

MAS Guidelines Require Auditing and Least Privilege

Monetary Authority of Singapore (MAS) is the regulatory authority for all financial and insurance organizations that do business in Singapore.  They require regular audits of user activity on critical systems and implementation of the “least privilege” principle for user access.  MAS guidelines are likely to affect most if not all global financial and insurance companies.  Are you prepared to meet MAS guidelines? The MAS publication Technology Risk Management Guidelines defines the internal IT practices that must be implemented by all financial and insurance organizations that do business in Singapore.  You can find the document here:  http://www.mas.gov.sg/~/media/resource/publications/consult_papers/2012/20%20June%202012%20Technolog…  Section 11 “Access Control” of the TRMG…