Posts by Tom Kemp

Tom Kemp is co-founder and Chief Executive Officer of Centrify Corporation, a software and cloud security provider that delivers solutions that centrally control, secure and audit access to on-premise and cloud-based systems, applications and devices. Under his leadership Centrify has become one of the fastest growing security vendors in the industry and has amassed over 5,000 customers including nearly 50% of the Fortune 50.

Secure Thinking by Tom Kemp

The “Grand Slam” of Identity and Access Management (IAM) Solutions

By , August 15, 2016

It’s summer and the sports of tennis and golf are enjoying their “grand slam” and “major” events (e.g. Wimbledon in tennis and the British Open in golf). Which got me thinking ― is there an equivalent set of “majors” for the Identity and Access Management market? The two major independent analyst firms in the IT industry — Gartner and Forrester ― spend a lot of time in the identity space, with Gartner publishing various Magic Quadrants and Forrester with its Waves. Magic Quadrants and Waves both measure a company’s current offerings, its strategy, as well as their market presence in…

Secure Thinking by Tom Kemp

Misuse of Privileged Credentials Now Involved in 80% of Data Breaches

By , August 2, 2016

Recently the respected analyst firm Forrester released its “Wave” for the privileged identity management (PIM) market. Centrify is quite proud to be recognized as a leader in the Forrester Wave (in fact we are the “furthest to the right”), and you can request a complimentary copy of the report here and see our analysis of the report here. But, what really jumped out at me was that the report documented how pervasive the misuse of privileged credentials are in data breaches. In this blog I will discuss what PIM is, what are some of the key findings of the Forrester report…

Secure Thinking by Tom Kemp

Identity-as-a-Service Crosses the Chasm

By , June 23, 2016

Last week Gartner released its “Top 10 Security Predictions” for 2016, and what caught my eye was prediction #6 that said “By 2019, 40% of IDaaS implementations will replace on-premises IAM implementations, up from 10% today.” This is an interesting prediction, because it has been a common perception that Identity-as-a-Service (“IDaaS”) deployments have historically attached to net new infrastructure and apps within organizations (e.g. enabling single sign-on, MFA, and provisioning for relatively new deployments of SaaS apps such as Office 365, ServiceNow, Box, Dropbox, etc.). Which in turn meant that customers have typically left their pre-existing Identity and Access Management…

Secure Thinking by Tom Kemp

Multi-Factor Authentication Everywhere

By , March 1, 2016

I am pleased to write that Centrify announced today our Multi-Factor Authentication Everywhere initiative (aka “MFA Everywhere”) that is aimed at further securing enterprise identities against today’s most prevalent source of cyber attacks — compromised credentials. With this announcement, Centrify is now delivering one of the industry’s most easy-to-use adaptive MFA solutions that supports all types of enterprise users — including employees, contractors, outsourced IT, partners and customers — across a broad range of enterprise resources — including cloud and on-premises apps, VPNs, network devices, and cloud and on-premises servers. In this blog I will talk about why you need MFA and…

Secure Thinking by Tom Kemp

Centrify Wins a Glassdoor Employees’ Choice Award

By , December 9, 2015

It was with a great deal of pride that we heard Centrify is among the winners of the eighth annual Glassdoor Employees’ Choice Awards, a list of the Best Places to Work in 2016. This award is really special to us. Unlike other awards, this is based entirely on feedback and company reviews that our employees have voluntarily and anonymously shared on Glassdoor over the past year. This year, we are proud to be recognized among an elite group of companies that have less than 1,000 employees. Centrify has won a number of awards this year for our great products….

Secure Thinking by Tom Kemp

Federal Insecurity

By , November 23, 2015

Months after the devastating Office of Personnel Management (OPM) hack came to light — in which 21.5 million personnel records were stolen — the Government Accountability Office (GAO) has issued a report on the extent that US Federal Government is experiencing breaches. The report revealed that the number of security incidents impacting Federal agencies has grown from 5,503 in 2006 to 67,168 in 2014 — a massive 12x increase in 8 years — and that the US government is looking to hire 10,000 cyber professionals in the next year. In this blog post I will go over some of the highlights…

Secure Thinking by Tom Kemp

Macs Keep Rolling into the Enterprise

By , November 2, 2015

Most of the news coming out of Apple’s earnings announcement focused on its great momentum in China and that it expects its December quarterly revenue to be a whopping $75+ billion (!!).  Somewhat lost in the noise was the great results for the Mac. A record 5.7 million Macs were shipped, which was only a 3% year over year increase, but if you take into account that research group IDC is saying PC shipments are down 11% in the same period, that is pretty good comparative growth. And Mac revenue is now nearly $7 billion per quarter for Apple, and…

Secure Thinking by Tom Kemp

CEO Fraud: A First Hand Encounter

By , October 5, 2015

I have been seeing increasing number of articles on sites like Krebs on Security on a growing scam called “CEO fraud,” whereby crooks are using social engineering to get executives to wire funds to the crooks. One recent example was tech company Ubiquiti Networks, that was swindled out of $47 million. Another example is an Atlanta company that was scammed out $1.8 million. Also known as the “business email compromise” (BEC) scam, the FBI reports that over 7,000 victims have lost $750 million in the last 2 years and this form of swindling is growing over 270% since the first…

Secure Thinking by Tom Kemp

Can the Government Fine Your Company for Lax Security?

By , September 13, 2015

A few years back I wrote a blog called “Buckle up with Cybersecurity … It’s the Law” in which I discussed how state laws regarding data breach notification were popping up all over. But I also noted that the SEC had just published disclosure obligations relating to cybersecurity risks and incidents. The thought process with the SEC was that if millions of dollars of intellectual property was being stolen due a data breach, it would be material to report in regulatory filings — and failure to do so could result in fines. I wrote at the time that while the…

Secure Thinking by Tom Kemp

The Ashley Madison Hack: Sleeping With the Enemy

By , September 4, 2015

The Ashley Madison hack is a wake up call not only for many individuals but for every single business, as well — many of which are still not paying enough attention to data security. The hack, which revealed the email addresses, personal information and sexual preferences of the site’s 36 million users, is devastating on many levels. For starters, Ashley Madison — whose slogan is “Life is short. Have an affair.” — will likely be the first high-profile company ever to go out of business as a direct result of a cyberattack. After all, it’s hard to see Ashley Madison regaining…