Posts by Tom Stanton

Tom Stanton is a senior systems engineer with the US Federal team, responsible for leading Centrify software evaluations and providing technical account management to Federal customers. He has more than 18 years of experience in providing security solutions for Federal agencies and integrators throughout the Washington DC area.

Centrify Perspective

Centrify for NIST 800-171 MFA Compliance

By , March 14, 2018

I often speak with Federal System Integrators (FSIs) who need to implement Multi-Factor Authentication (MFA) as part of their NIST 800-171 compliance. Specifically section 3.5.3 of this NIST guide states, “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.” Many of these FSIs have already implemented smart cards in their environment, at least partially, while others have no form of MFA at all. Either way, the Centrify Identity Platform can provide this MFA compliance, along with many other features required for a secure, Zero Trust environment. (Centrify’s detailed compliance note on…

It's All About Identity

Centrify Renews Commitment to Federal Information Processing Standards

By , March 1, 2017

The new release of Centrify Server Suite (CSS) 2017 contains an updated version of the Centrify Cryptographic Module, which provides the cryptographic services used within the suite. Just as we did with the previous version, this new crypto module has also received FIPS 140-2 validation, and its certificate #2844 has been posted on the NIST validation list. The Federal Information Processing Standard (FIPS) Publication 140-2 is a standard set by the US Government to approve cryptographic modules, and all software used within federal networks that perform encryption are required to be FIPS 140-2 validated. Centrify has hundreds of federal customers…

From the Cloud

The Government Cloud is Coming

By , September 26, 2016

If you’re like me, you’ve been hearing the phrase, “the cloud is coming” for years before you ever learned that winter was too. I never read any of the books, which first came out in 1996, so it wasn’t until the Game of Thrones TV series started in 2011 that I first heard the phrase “winter is coming.” So, when did I start hearing of the cloud’s inevitability? For me, the “cloud” started when people began insisting that it didn’t really exist, like Oracle’s Larry Ellison did back in 2008. And I distinctly remember thinking that ‘ol Larry had a point….

Centrify Perspective

Shared Account Password Management in the Federal Government: Then and Now

By , September 19, 2016

One of my first consultant jobs involved installing agents on Unix servers, a procedure which required root access. I still remember the first time I was onsite at a military base to help a customer install the software because it was also my first experience with a physical vault that stored computer passwords. When it came time to enter in the root credentials, my client made a phone call, and then this other person comes in from down the hall, opens up a wall safe using a memorized combination and pulls out a folder. This person verifies my client’s badge…

Mobile Frontier

Centrify’s Derived Credentials Enables BYOD within the Government

By , June 20, 2016

Recently, when I was watching ESPN, it played a humorous bit involving NFL insider Adam Schefter’s kitchen shaking as if experiencing an earthquake, only instead it was just the cumulative rattling and vibrating from his 5 or 6 cell phones on the table. Of course the engineer in me immediately noted the impracticality of someone needing so many smart phones; however, this was not always the case in the early days of mobile computing. I met plenty of IT folks during the late 90’s who carried multiple cell phones and multiple pagers, since this was before true “smart” technology put a…

It's All About Identity

A Single Unprotected Identity Is One Too Many

By , October 1, 2015

One of my favorite Simpsons episodes is titled “Last Exit to Springfield,” and it includes a scene where Mr. Burns and Smithers are accessing a secret control room to shut off the power to the entire town. They proceed to walk through multiple levels of security with video cameras, an eye scanner, and even a hidden library passage unlocked via a fake book. They finally arrive at the control room only to find the back door broken and wide open, with a stray dog walking in. In the late 90’s I used this reference all the time when assessing the security…

Centrify Perspective

Centrify and the SANS Top 20

By , January 9, 2015

I know a very successful high school wrestling coach who has this running bit he does all the time at social events, cocktail parties, and random water cooler conversations.  When asked why his teams are consistently good year after year, he always responds with, “I’ve discovered the ancient secret to staying extremely physically fit.” After a bit of egging on, he’ll reluctantly divulge this long lost tidbit of knowledge he stumbled upon while reading some ancient scrolls. “The secret to staying extremely physically fit,” he begins, always followed by an over-the-top dramatic pause, “is to eat right and exercise.” Just…

Centrify Perspective

Compliance to the DHS CDM Program with Centrify

By , December 2, 2014

My first years out of college were spent as a Unix administrator, during which time I learned many amusing acronyms, such as sed, NAWK, and PEBCAK. One of my favorites was Yacc, which stands for Yet Another Compiler Compiler. After many years now in IT Security I’ve created my own ‘YAC’:  Yet Another Compliance. It seems there’s a new compliance mandate hiding around every corner, with most offering little in terms of new insights and existing merely to waste time and resources proving the same thing in a different way. But every now and then a promising new compliance program…

Centrify Perspective

Using Centrify for NIST 800-53 Compliance

By , November 19, 2014

There’s a humorous saying I often hear in IT Security circles that goes something like this: “If a CISO has the choice between being compliant or being secure, compliance always wins because that’s what will keep them out of prison.” The reality is that most organizations need to increase both as efficiently as possible, and this is where Centrify can help. The Centrify Server Suite leverages your existing Active Directory to secure your systems from identity related risks and attacks. Additionally it helps with compliance for a large number of federal and industry standard security controls, such as those found…