The End of VPN as We Know It

There are countless articles outlining the dangers of VPN and how this is a prime attack vector used by hackers. In an interesting article I was sent recently, Only a third of companies know how many vendors access their systems, it is stated “the average company’s network is accessed by 89 different vendors every week.” This year’s Mandiant m-Trends 2016 Report, see subtitle page 23, recommends: “Don’t give your outsourced service provider a site-to-site tunnel. Give them access to only the application or device they need. Make them use multi-factor authentication.”  Now consider over 3.7 billion records have been stolen…

Centrify Announces Centrify Server Suite 2016.1

I’m happy to announce the general availability of Centrify Server Suite 2016.1. Server Suite is our flagship product for enterprise-ready privileged identity management (PIM). It’s a big part of our overall PIM solution, along with Centrify Privilege Service. Every year, we aim to deliver one major feature release of Server Suite, usually towards the end of the calendar year, and a minor release in the late spring or early summer that rolls up all the maintenance work we’ve done and introduces a few minor feature updates. In this year’s maintenance release, however, we’ve added what I think are some really…

2016 Verizon Data Breach Investigations Report (DBIR)

“We’re not mad, just disappointed.” This summarizes a lot of the conclusions made in the 2016 Verizon Data Breach Investigations Report (DBIR). This comprehensive report covers 100,000+ incidents, including 2,260 analyzed breaches across 82 countries (if you don’t have time to read the full report, you can check out the executive summary). Most of these breaches can be attributed to human error, and mostly not the active kind of human error, such as misconfiguration or inappropriate behavior. Rather, these errors are mostly due to failing to notice or inaction when it comes to the most basic security efforts such as patching, encryption…

Centrify Expands It’s Developer Program to Make it Easier to Add MFA, SSO and Access Control to Apps

Single sign-on, social login, multi-factor authentication (MFA), password reset and access control can now be easily integrated into cloud, mobile and behind the firewall apps from third party developers by integrating Centrify APIs. Application developers are in a modern day wonderland where they can build multifaceted and intricate apps that function across user devices without having to build much computing or coding infrastructure.  It is now taken for granted that developers tap into well known APIs like Twitter, Facebook, Google or eBay to enrich their apps with new layers of context, function and integration. The API economy essentially allows developers to outsource some…

SAP Security and Cyberattacks Do Not Mix

Let’s face it — if you’re using SAP to run your business, you simply can’t afford to allow a cyberattack to affect your critical business application. Until now, security for SAP has not been at the forefront of addressing a prevalent cause of data breaches — compromised credentials. Within a typical SAP landscape, organizations may have ordinary users, power users/basis admins and mobile users, all of whom access the network from different user interfaces. And, of course, you need infrastructure to power the SAP applications, as the infrastructure is vital to a high-performance environment. All too often, these two worlds rarely intersect…

How to Cook Up a Great MFA Strategy

Have you ever attempted to assemble do-it-yourself furniture—or for that matter throw together a meal—without following the instructions or recipes closely? You end up with furniture that looks like it was thrown off a truck or food that’s barely edible. When it comes to deploying multi-factor authentication (MFA), the same kind of philosophy applies. If you don’t follow some basic guidelines and practices, you’ll end up with a “solution” that doesn’t really solve the problem of protecting data. MFA solutions provide the kind of protection that organizations need in today’s increasingly complex IT and security environment—mitigating password risk by requiring…

Sights and Sounds from Centrify Connect 2016 Day One

Hundreds of Centrify customers descended this week on NYC at the Park Central Hotel to meet up with peers across dozens of industries and geographies. Customers of Centrify hail from some of the largest banks and financial institutions to the most sensitive areas of the government, from the most premium brands of retail to some of the largest healthcare and pharmaceutical companies. All of these customers have gathered with a common goal of improving identity security across their respective organizations. Day one started with a bang with a special performance from actors who performed a Centrify-themed Hamilton act. After that was…

Password Reset on World Password Day

Well, I forgot another holiday. As I get older, it just happens more and more. Good news: It wasn’t my anniversary — though at this rate I’m sure to forget that soon enough. No, this time I forgot all about World Password Day. And you know what? I bet you did too. It’s just something about passwords. We forget them. We forget to reset them in time. We forget the “holidays” associated with them. We need something better, and when we can’t eliminate them, we need a better way to reset them. For ServiceNow customers, that means using something like Centrify…

Why a Simple Password Reset is Not Enough

Recently, a number of Amazon account holders received e-mails proposing a password reset out of “an abundance of caution.” This was a result of routine monitoring, in which Amazon discovered a list of e-mail addresses and passwords that had been posted online. Whilst the list was not Amazon-related, experience has shown that users regularly re-use their passwords across multiple websites. As such, Amazon sent out e-mails to all users whose addresses and passwords were on the list, with instructions urging a complete password reset. Whilst Amazon itself wasn’t breached, it is certainly noteworthy that its usual surveillance processes unearthed this list…