Posts by Greg Cranley

Greg Cranley is Vice President Federal & Public Sector Sales. A 30 year IT veteran that has specialized in the issues of security and compliance for the public sector market for the last 15 years. An active presenter and blogger on cybersecurity and access management, he focuses on how public sector organizations can best deal with the multitude of federal cyber security compliance requirements while conceptualizing strategies against multi-pronged attacks.

Hot Topics

Centrify Achieves FedRAMP Authorization

By , April 26, 2019

Centrify received exciting news this week that we are now FedRAMP Authorized! For those who don’t know about FedRAMP, it is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP Authorization is an important qualification that significantly smooths the process of selling cloud technology solutions to government agencies. We have been trying to get this authorization for years, so this is a BIG win for Centrify, our partners, and our customers. View our FedRAMP Authorization:–centrify-privilege-services?sort=productName Privileged access abuse is the leading attack vector, estimated to be involved…

Centrify Perspective

Centrify to Discuss Zero Trust Security at the ICIT 2018 Winter Summit

By , January 24, 2018

Following the high-profile breach of the US Office of Personnel Management (OPM), which exposed the personal data of millions of Americans, the House of Representatives’ Committee on Oversight and Government Reform issued a report on the attack in 2016. That report provided an exhaustive account of the events leading up to the breach, illustrating how a hacker posing as an employee of an OPM contractor was able to use false credentials to log into the system, install malware and create a back door into the network—a back door that was exploited for four years before it was discovered. The report makes…

Centrify Perspective

The Multi-factor Authentication (MFA) Debate

By , August 17, 2017

A recent FCW article authored by Derek Handova provides expert opinions from experienced and well respected “identity” professionals: Paul Grassi, Sr. Standards & Technology Adviser at NIST, Jeremy Grant former Sr. Executive Advisor for Identity Management at NIST and now Venable’s managing director for technology business strategy.  Mr. Terry Halvorsen, former CIO for the Department of Defense and Army Col. Tom Clancy, Identity and Asset Management lead for the Department of Defense CIO’s office also provide their thoughts and ideas regarding multi-factor authentication. Their comments, along with other industry experts interviewed by Handova, were thoughtful and worth keeping in mind…

Centrify Perspective

What are CDM and CRED?

By , May 23, 2017

The Continuous Diagnostics and Mitigation (CDM) Task Order for CREDMGMT provides guidance and tools to federal civilian agencies to fulfill the Manage Credentials and Authentication (CRED) Function. This functional area is designed to prevent the binding of credentials the use of credentials by anyone other than the rightful owner (person or service). The approved tools provide careful management of credentials, preventing attackers from using hijacked credentials to gain unauthorized control of resources, especially administrative rights. The CRED capability ensures that account credentials are assigned to, and used by, authorized people or services. This solution relies on the results of the…

Centrify Perspective

Illinois Cyber Security Plan is Only a Partial Solution

By , April 20, 2017

Recently, Illinois Governor Bruce Rauner unveiled a broad-based cyber security plan. He announced the framework of his team’s plan for better cyber security, but it only covers the executive branch agencies. This approach of only implementing a plan to provide cyber security tools to select areas and users because they are deemed more important is known as a “privileged user.” This is only a partial solution because everyone in the organization is a “super user” in today’s technology driven organizations — everyone has a need to access technology that contains some level of meaningful information. All technology in organizations are…

Centrify Perspective

Commission on Enhancing National Cybersecurity: Implement MFA

By , February 7, 2017

At the end of 2016, the Commission on Enhancing National Cybersecurity, a nonpartisan committee charged with developing actionable recommendations for securing and growing the digital economy, presented its report to then President Obama. While Obama has left office, the report still provides a valuable path towards ensuring cybersecurity, mapped out in a series of key action items. The most relevant for readers of this blog are found in Recommendation 1.3, summarized below. Recommendation 1.3: The next Administration should launch a national public–private initiative to achieve major security and privacy improvements by increasing the use of strong authentication to improve identity…

Centrify Perspective

Time to Take Cybersecurity Seriously

By , January 18, 2017

The recent Institute for Critical Infrastructure Technology (ICIT) White Paper titled “Cybersecurity Show Must Go On: Surpassing Security Theatre and Compliance and Minimal Compliance Regulations,” authored by James Scott, Sr. Fellow, ICIT, and Drew Spaniel, Researcher, ICIT, highlights organizations’ lack of commitment to invest in strong security tools that have real impact to their organization’s security position. Despite the cyber breaches over the last several years that confirm that identities are the root of most breaches, organizations fail to deal with the real problem head on. Organizations leverage technology to increase the productivity of associates that expand the perimeter to…

It's All About Identity

Good Cyber Hygiene: Everyone is a Privileged User

By , December 14, 2016

Yesterday, ICIT published the first in a series of research reports as part of an identity management and cyber hygiene initiative, entitled, “ICIT Analysis: Identity and Access Management Solutions: Automating Cybersecurity While Embedding Pervasive and Ubiquitous Cyber-Hygiene-by-Design.“ Wow, what a title. But worthy of the topic. ICIT Sr. Fellow James Scott and Researcher Drew Spaniel did a thorough job identifying the various pitfalls of cybersecurity and ensuring everyone in the organization cares about cyber hygiene and is on top of their game. They offered several good ideas to meet the needs of today’s environment,  such as use a digital representation…

It's All About Identity

The Myth of Shared Account Password Management (SAPM)

By , April 25, 2016

In a response to the OPM breach and Tony Scott’s 30-day sprint, many agencies invested in a SAPM solution to manage their privileged users. Unfortunately this does not meet the measure of the requirement of HSPD-12 and multi-factor authentication (MFA) everywhere and the CDM authentication and credential requirements. The reality is that SAPM solutions only cover 5%-10% of the problem. The need for a true Super User Privileged Management (SUPM) is the only way to ensure that everyone in every organization is using a smart card (CAC/PIV) and a PIN, plus a third level of authentication to access all resources….

Hot Topics

A Complete Identity Platform Can Reduce Risk for the Healthcare Industry

By , January 21, 2016

As a Fellow of the Institute for Critical Infrastructure Technology (ICIT), I was able to contribute my expertise to the legislative brief entitled “Hacking Healthcare in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach.” In the brief, the ICIT provides a comprehensive assessment of the threats and healthcare trends that have the greatest impact on health sector security, as well as solutions and strategies to improve resiliency. The report draws from the OPM breach, which is a prime example of the enormous consequences an organization can face by not maintaining and protecting integrated systems. Specifically, this brief…