SEC Clarification: Companies Must Disclose Breaches

In late February, the U.S. Security and Exchange Commission (SEC) issued new cybersecurity guidance in the form of an “interpretive release.” According to the SEC website, the Commission frequently provides guidance on federal securities laws and SEC regulations for business and investment communities. The release covered three main topics: Disclosure of cybersecurity risks and incidents Companies have been largely remiss in alerting the public to breaches that may directly impact them. Equifax took five months to reveal that the data of 145 million people had been compromised. Yahoo took years to disclose that every one of its user accounts had…

Frost & Sullivan Recognizes Centrify for IDaaS and PIM Leadership

Today Frost & Sullivan, a leading analyst firm and growth partnership company, announced that Centrify has earned the North American Product Leadership Award for its Next-Gen Access Solution for Zero Trust Security. The report specifically noted Centrify’s success as a security company comes by challenging traditional approaches to security and using a unique philosophy to address the problem. Centrify helps its customers identify and follow a set of best practices that are grounded in Zero Trust Security—through verifying all users, validating their devices, and limiting access and privilege—to reduce risks related to breaches. The author of the report, Sankara Narayanan,…

With Less Than 100 Days to Go, How to Get C-Level Buy-in for GDPR Compliance

For GDPR compliance initiatives to work effectively, there has to be buy-in from the boardroom. That doesn’t just mean releasing the necessary funds to bolster efforts ahead of 25 May, but understanding the need for long-term cultural and process changes to the organisation in the years to follow. However, with less than 100 days to go until the compliance deadline, only a quarter (26 per cent) of European firms are fully compliant, according to Forrester. So how can you drive greater awareness at senior levels of your organisation? The good news is that new Centrify research suggests that the C-level…

Takeaways from the Russia-Linked US Senate Phishing Attacks

The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns. On January 12, 2018, cybersecurity firm Trend Micro revealed that Russia-linked hackers tried to infiltrate the US Senate, leveraging phishing attacks to harvest access credentials. These tactics suggest that the hackers were laying the groundwork for a widespread compromise of Senate employees. And while these findings might further bolster the public view that the Kremlin is trying to influence our democracy, security professionals should not get distracted by the media frenzy that these revelations created and instead focus on the real…

Multi-factor Authentication (MFA) Is Ready for Prime Time

We’ve heard it time and again. As security threats increase and morph, and user devices and locations diversify, multi-factor authentication (MFA) should be blossoming into a trusted method for preventing misuse. Experts have consistently stated that enterprises need to implement protections at vulnerable points and apply effective access security mechanisms such as MFA. So, what’s the deal?  The Deloitte and Uber breaches, both incidents which took place last fall, demonstrated that these episodes were aided by the lack of MFA. These proof points alone should in fact create an urgency in MFA implementation and usage within organizations! Then… why haven’t…

C-Suite Disconnect is Weakening Cybersecurity

Today, Centrify announced a new research study conducted with Dow Jones Customer Intelligence titled, “CEO Disconnect is Weakening Cybersecurity.” The report sheds light on what’s going on inside the enterprise that’s enabling significant increases in the number of successful, high-profile breaches. At Centrify, we see Zero Trust Security as the most promising cybersecurity model to emerge in decades, and as the solution to the majority of these breaches. We’ve designed our solutions to help organizations adopt a Zero Trust Security model through a single platform consisting of Identity-as-a-Service (IDaaS), multi-factor authentication (MFA), enterprise mobility management (EMM) and privileged access management…

Break the Trust and Stop the Breach: The Zero Trust Security Model

As 2018 is upon us, it’s time to take stock of our new realities and commit to better behavior that benefits us and our companies. The discussion of the perimeterless enterprise is not new. In fact, the term “de-perimeterisation” was coined by Jon Measham, a former employee of the UK’s Royal Mail in a research paper, and subsequently used by the Jericho Forum back in 2005. The concept is easily understood. Are your employees using their mobile phones to access business data? Do they use SaaS apps like O365, Salesforce, or ServiceNow? If so, then your organization is a perimeterless enterprise. Access to your enterprise…

Five Best Practices for Zero Trust Security

The Centrify Zero Trust Security model is effective because it allows organizations to remove trust from the equation entirely. Based on the assumption that untrusted actors already exist inside and outside the network, Zero Trust leverages powerful identity services to secure every user’s access to apps and infrastructure. Only after identity is authenticated and the integrity of the device is proven can access to resources be granted–but even then with just enough privilege to perform the task at hand. Here are five best practices for achieving Zero Trust security: Always Verify the User with Multi-factor Authentication (MFA) The days of…

Zero Trust Security for the New Australian Data Breach Law

Many Australian businesses need to rethink their approach to security to prepare for their nation’s new mandatory data breach notification law which take effect this month. The Privacy Amendment (Notifiable Data Breaches) Act 2017 enacts the Notifiable Data Breaches (NDB) scheme in Australia from February 22 this year. The NDB scheme mandates that organizations suffering lost or breached data must notify affected customers as soon as they become aware of the breach and must also report the incident to the Privacy Commissioner. The legislation covers information such as personal details, credit reports, credit eligibility details, and tax file number (TFN) records…

Escaping Data-Breach Groundhog Day

Countless companies globally are trapped in data breach Groundhog Day, unable to escape a repeating cycle of cyber attacks. In the 2018 Thales Data Threat Report, produced by 451 Research, the key theme is that while spending in IT Security is increasing, breaches are increasing at a faster pace and becoming more costly. As in past years, the 451 Group report indicates that companies cyber budgets are being spent in areas that have been identified as least effective in securing data. “Clearly, doing what we have been doing for decades is no longer working. The more relevant question on the…