Does Multi-Factor Authentication Have to Be Difficult?

Before we go into how Multi-factor authentication (MFA) has changed, let’s have a quick look at what MFA is. With MFA, users must provide two or more “factors” of authentication when they access applications, networks and resources. MFA implementations use a combination of the following factors: Something you know: such as a username, password, PIN or the answer to a security question. Something you have: such as a smartphone, one-time pass token or smart card. Something you are: biometrics like your fingerprint, retina scans or voice recognition.   Now that we understand what MFA is, I’d like to point out that in today’s IT…

Centrify Supports Data Privacy Day: Take Action Today to Protect Your Privacy!

Centrify is proud to be a Data Privacy Day Champion because we work tirelessly each day to protect our customers and their data privacy.  We believe that all of us, whether at work or as consumers, should be aware of data privacy issues (who has my data? what can they do with it? what are they doing to protect it?) and take steps to protect personal data and business’s data. So, when we found out we could help champion Data Privacy Day we jumped at the chance. In recognition of Data Privacy Day, Centrify brings various supporting messages about how to keep…

How to Keep Active Directory Active in a Hybrid IT World

For enterprise IT, “hybrid” is the word of the year. You’re either operating a hybrid infrastructure model already or you’re teetering on the edge. It’s getting easier now that AWS, Microsoft, Google et al are improving their services in support of such a model. At the Amazon AWS re:invent show in November, every other sentence contained the word “hybrid.” This was in stark contrast to last year where Amazon still firmly believed a total migration was the only logical choice. Some of our customers are very aggressive with plans to dissolve all their data centers and migrate everything to IaaS. The…

Centrify Co-Chairs the 2017 ICIT Winter Summit

Once again, we find ourselves at that stage in the political cycle when the new administration is taking office. That means a revised look at everything — from the economy, to the markets, to the health of our industries. And an evaluation of how effectively we’re protecting all of the above. It is no surprise that cybersecurity is top of mind due to several recent high-profile breaches, many of which were mentioned in our end-of-the-year wrap-up. Perhaps no cybersecurity events were as disturbing as those surrounding the 2016 election. It turns out that many of these attacks would have been…

Gmail Phishing Attack Reinforces that 2FA is the Cyber-Safety Belt We All Need

It is time to shift from a single password to multi-factor authentication A new phishing scam designed to steal login credentials from Gmail customers is making headlines this week. And once again, we are reminded of the danger of relying on passwords as the only means of securing access to systems, apps or data. The Gmail phishing attack has four key components: An email comes from someone you know who has already been victimized by this attack The subject is an actual one that the sender has previously used, along with an actual attachment that may have a familiar title…

Time to Take Cybersecurity Seriously

The recent Institute for Critical Infrastructure Technology (ICIT) White Paper titled “Cybersecurity Show Must Go On: Surpassing Security Theatre and Compliance and Minimal Compliance Regulations,” authored by James Scott, Sr. Fellow, ICIT, and Drew Spaniel, Researcher, ICIT, highlights organizations’ lack of commitment to invest in strong security tools that have real impact to their organization’s security position. Despite the cyber breaches over the last several years that confirm that identities are the root of most breaches, organizations fail to deal with the real problem head on. Organizations leverage technology to increase the productivity of associates that expand the perimeter to…

Will “Security Fatigue” Inevitably Overwhelm Your Organization?

“Security fatigue” is a growing concept within cybersecurity circles: experts report that the sustained threat of malicious attacks is causing end users to feel defenseless and hopeless. There’s a growing frustration about online account security, as the mounting frequency and severity of attacks is creating a bunker mentality that is difficult to escape. In many cases, organizations and employees are taking the fatalistic attitude of hoping they’re not a high enough value target to attack, rather than acting definitively to bolster their defenses. What can you do to keep security fatigue from stunting your security posture? Here are three key…

Solving DHS Continuous Diagnostics and Mitigation (CDM) Phase 2

The Department of Homeland Security (DHS) established a $6B blanket purchase agreement (BPA) to improve the cyber defenses for federal, state, local, tribal and territorial governments. The DHS Continuous Diagnostics and Mitigation (CDM) program helps protect government IT networks from cyberthreats and enhances risk-based decision making by providing a consistent and proven set of solutions. Centrify is the selected solution for CDM Phase 2 CRED that ensures all federal agency associates only have access to servers, applications or network resources based on their unique identity, role and responsibility within their organization. Centrify Server Suite offers a robust Active Directory bridge…

The Great Gig in the Sky: Secure Hybrid Cloud

Every day I hear from companies concerned and frustrated over a specific challenge — how to stand up workloads in the cloud while maintaining privileged access security (PAS). Infrastructure-as-a-Service (IaaS) has become the great equalizer. It doesn’t matter whether you’re large or small, in finance, healthcare or government — we all share the same worries when it comes to securing access to, and in, the cloud. I was pondering this the other day while sipping a short, dry cappuccino and listening to Pink Floyd’s Dark Side of the Moon. I had an epiphany. Thanks to Roger Waters & Co, I walked away with…

Top Three New Year’s Security Resolutions

When it comes to setting New Year’s resolutions, most people shoot for the moon. We tell ourselves we will give up carbs, go running every morning, become a vegan or even give up drinking alcohol. Inevitability, three weeks later, we find ourselves right back where we started. As security professionals, responsible for keeping the bad guys out and reducing the risk of data breaches, we find ourselves right back where we started too — we fundamentally do not really improve our security posture, and then wonder why not. We are very similar to our consumer counterparts, because we set lofty…