How to enable FileVault 2 using Centrify Group Policies

The ability to tap into OS X’s FileVault 2 feature was introduced back in Centrify Suite 2013.2 (Agent version 5.1.1). It’s a very cool function and allows AD users to have Apple’s in-built disk encryption system activate automatically after they have logged into their AD account on the Mac at least once. However, since FileVault itself does have several pre-requisites and conditions to be met – it can be a tad tricky to ensure that the Mac meets all the requirements before the Centrify agent can get in there and start pulling the levers and and twisting the knobs to get the…

Centrify Advances Its Enterprise Device Management for Mac, iPad and iPhone

Last week we announced that The Kinkaid School of Houston has deployed Centrify’s User Suite, Mac Edition to better secure, control and manage Mac access for more than 1,000 users and their Macs. We also earlier this year published a case study (written by the respected analyst firm IDC) of how Grand Islands Public Schools, a public school district in Nebraska, deployed our Mac solution to over 10,000 users and over 5,000 Macs. Both case studies highlight the continued momentum we have in delivering enterprise device management for the Apple platform, and they dovetail with some of the new features we recently released on the Mac platform. In this blog post I will discuss what the case studies revealed about Centrify and highlight some of the new enhancements.

What Does “Privileged Identity Management” Mean When Everyone is a Privileged User?

I got to thinking the other day about the terms “privileged identity management,” “privileged account management,” and “privileged access management”. These are all terms that the industry uses pretty interchangeably, but have the meanings changed over the years? Do they need to? Here’s why I ask the question: We used to define privileged users, as administrators of a system or application – people who could cause big problems if they made a serious mistake or did something malicious. We created ways to restrict what administrators could do, and we started by controlling specific administrative accounts – the ones that represent…

Cloud Identity and Active Directory Integration in a ‘Mobile First, Cloud First’ World

Satya Nadella, Microsoft’s new CEO, has been widely covered in the news talking about Microsoft’s new strategy of ‘Mobile First, Cloud First.’  We wholeheartedly agree with this philosophy and it really shows in our Centrify User Suite, an integrated cloud, Mac and mobile offering.  In this blog post I’ll discuss some of my thoughts regarding what Microsoft offers vis a vis cloud identity and compare/contrast that to what Centrify offers. First, let me make it clear we also wholeheartedly agree with Microsoft about the value of two key elements of their cloud strategy – Office 365, and Azure.  Azure is available to customers…

Enterprise Mobile App Challenges, Part 1

First let me say what I mean by Enterprise Mobile App: an app running on a smart phone or tablet that is used by company employees and partners as part of their job. Probably custom built. Probably accessing a mix of existing LOB back-ends, some new back-ends and some commercial services (storage, analytics,…). Back-ends on-prem and in the cloud. I am sure that definition misses some things (I will return to a few obvious ones later) but I am sure that it hits a huge number of projects. So what does it take to build, deploy, manage and maintain an…

Beyond BYOD, COPE and BYOA: The State of Enterprise Mobility

How to Leverage Mobile and Cloud Identity Management to Make Unfettered Access to Apps from Devices a Winning Proposition It seems whenever a spiffy new mobile device or app is available in the market, IT departments around the world relate to a common reaction from their employees: “It’s new. It’s shiny. We want it!” The Bring Your Own Device (BYOD) phenomenon is alive and flesh in enterprises today. BYOD isn’t new of course, and is still growing. Gartner Research predicts that by 2017, around 50 percent of employers will require their employees to supply their own devices – so getting…

SSO Reduces Password Toll on Employees

In a recent CIO Journal/Wall Street Journal article “Report: Passwords Take a Toll on Employees”, author Rachael King cites the findings of a recent study by the National Institute of Standards and Technology (NIST) with single sign on as a solution to remedy employee attempts to cope with authentication across multiple devices and applications, and having to remember too many passwords. According to King, the NIST study found that “…employees may follow poor security measures in navigating password-protected systems because they are simply trying to get their work done…[and] are often aware that coping mechanisms such as writing down passwords or reusing…

HeartBleed and Passwords

Once more the evil of passwords is demonstrated. This time it’s the HeartBleed bug that can expose chunks of data known by a web server to hackers. Passwords – and their ability to gain access to anything they protect – are the most obvious target. Technical aside: for those of you that don’t have the time to read the cert advisory (https://www.us-cert.gov/ncas/alerts/TA14-098A), here is a summary. The current version of the security library used by many web servers (OpenSSL) has a flaw that allows an attacker to send an information request (TLS heartbeat) to a server that reads way more…

Solutions for Windows Server Protection

We’ve added three new solutions briefs for Windows Server Protection!   Protect regulated data on Windows Server from highly-privileged users and accounts Make shared accounts in Active Directory usable, safe, and accountable Reduce or eliminate highly-privileged accounts like local and domain admin These are three solutions actually implemented by Centrify Server Suite customers for their Windows Servers.  We think they’re broadly applicable to many other businesses and organizations. We’ve also posted a number of Webinars on related topics for managing identity-related risks on Windows Server.  We hope you’ll find them interesting and informative. Shared Accounts: The Back Door That’s Tough to Close with…