Centrify Perspective

Centrify Perspective

As a leader in unified identity management, Centrify offers helpful information for organizations to enable greater user productivity, improved IT efficiency, better regulatory compliance and lower TCO of their identity infrastructure.


By , June 21, 2018

I read with interest AIG’s 2017 Cyber Insurance Review. In a one sentence summary: cyber insurance claims are up, due to systemic ransomware and wiper malware attacks, the cyber business is booming, but we are still early in the market evolution. Reading the report prompted me to ask three questions regarding Cyber Insurance: How well do insurance brokers understand cyber risk and cyber insurance? What percentage of businesses shopping for cyber insurance truly understand their cyber loss exposure in quantitative terms, and conversely how well do brokers understand their exposure What security controls and policies do businesses have in place…

By , June 13, 2018

REGISTER BELOW FOR THE LIVE STREAM! Welcome to the live blog from SecurIT: the Zero Trust Summit for CIOs and CISOs. SecurIT is an all-day industry event at Terra Gallery in San Francisco. This blog will be a frequently-updated chronology of highlights from the day, including notable quotes, photos, and other interesting details that we hope a remote audience will find useful in their Zero Trust journeys. If you’re new to Zero Trust, it might be helpful to visit https://www.centrify.com/zero-trust-security/ to learn more about this concept, which is enabling a complete rethink of security. The old adage of ‘trust, but…

By , June 11, 2018

Australia recognised the security problem posed by passwords through widespread media coverage of Centrify’s warning issued on World Password Day, which occurred on May 3 this year. Centrify celebrated World Password Day, which turns up annually on the first Thursday of May as a day to promote good security hygiene and password habits, by calling for the end of this outmoded form of protection. Centrify’s World Password Day warning was picked up by leading publications, including FutureFive NZ, Lifehacker and SmartCompany and led to Australia’s national broadcasting, the ABC, interviewing me on radio in New South Wales, Queensland and Radio…

By , May 24, 2018

“Well this is not a boat accident! It wasn’t any propeller! It wasn’t any coral reef! And it wasn’t Jack the Ripper! It was Keychain.” Just uttering the dreaded word Keychain can cause a Mac user or Admin to break out in a cold sweat. We’ve all seen the pop ups. <Cue the ominous music> Apple first introduced the Keychain in Mac OS 8.6 as a means of providing a secure location for applications to store passwords to ensure users aren’t constantly being pestered for passwords every time they launch mail or connect to a network server. Apple created the…

By , May 14, 2018

Today, Centrify is proud to announce the integration of the Centrify Privileged Access Service with SailPoint® Technologies IdentityIQ™ solution. This integration provides joint customers with a single pane of glass for a privileged user’s entitlements and enables issuing access requests for accounts, systems, and existing roles that are controlled by the Centrify Privileged Access Service. This allows for centralized management and control of identities to quickly identify and mitigate access risks of privileged users, while strengthening an organization’s compliance posture. Figure: Centrify Privileged Access Service integration with SailPoint IdentityIQ BRINGING ZERO TRUST SECURITY TO IDENTITY GOVERNANCE One of the essential…

By , May 8, 2018

An easy way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom.” As a result, it’s not surprising that, according to Forrester, 80 percent of breaches involve privileged credential misuse. By leveraging a “trusted” identity a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. Zero Trust Best Practice: Limit Access & Privilege To limit their exposure…

By , May 2, 2018

The 2018 Verizon Data Breach Investigation Report (DBIR) was published in early April, reporting on 53,308 security incidents and 2,216 data breaches from 67 contributors in 65 countries. It’s an important read for organizational leaders, and cyber professionals to find data-driven evidence of industry-specific incident patterns. It’s also important to distinguish incidents from breaches. A breach is an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party. The remainder of this article will discuss data breaches. The following quote from Robert Novy, Deputy Assistant Director at the US Secret Service, is a good summary…

By , April 17, 2018

Today, Centrify is proud to announce the integration of the Centrify Identity Service with HashiCorp Vault for role-based user authentication and access to the Vault. The Centrify Next-Gen Access Management platform now provides an additional Auth Method called “centrify” for HashiCorp Vault. This Auth Method allows you to authenticate users to HashiCorp Vault, leverage any connected directory source for authentication, and enable role-based authorizations to Vault resources using Centrify Roles. Figure 1: HashiCorp Vault integration with Centrify Identity Services INTEGRATION, AUTHENTICATION, ACCESS There are several benefits to using Centrify for user authentication to HashiCorp Vault: Centrify brokers authentication to any…

By , April 12, 2018

Next week (April 16-19) is the 2018 RSA Conference at the Moscone Center in San Francisco, and there’s good news: it’s not too late to register for a complimentary Exhibit Hall Only Pass using the Centrify entry code X8ECENTR. You’ll get free admission to the Exhibit Hall, Wednesday through Friday keynotes, select sessions throughout the week, and several other events you can learn about here. If you’re on the fence about whether or not to attend, here’s a preview of the topics we expect to generate the most RSA buzz. If any of these interest you, register, and be sure…

By , April 5, 2018

Zero Trust Security has gained a lot of popularity over the last six months. Almost daily you can read articles about this security strategy (e.g., TechRepublic, CSO, Security Current). Both analysts (e.g., Forrester) and security professionals acknowledge the benefits it offers in the context of establishing effective ways to minimize the risk of falling victim to a cyber-attack. The reason why so many embrace Zero Trust Security is most likely anchored around its simplicity ― with today’s porous network perimeter, untrusted actors already exist both inside and outside the network. However, when it comes to developing the necessary blueprint on…