The Centrify product team is very proud this week at the RSA Conference to announce the industry’s first cloud-based privileged identity management service. For those of you who follow Gartner’s terminology in the identity space, we now provide SAPM or shared account password management. This together with our existing SUPM (super user privilege management) capabilities results in Centrify offering the most comprehensive approach to privileged identity management in the market.
Gartner also defines a sector called IDaaS (Identity Management as-as-Service), and with this release we become the first identity vendor to expand the definition of IDaaS to include privileged identity management too — thus we now offer identity management for end-users and privileged users from a single cloud platform.
Let me use this blog to discuss why we built this service in the cloud and also introduce our Centrify Identity Platform.
The Modern Enterprise
It was clear to us at the beginning of this project that privileged identity management was in need for a rethink. Many vendors exist in the space, but all the vendors have built their solution on-premises, with a mindset that is very different from what IT need today and in the future.
We saw two major catalysts for a rethink:
- Identity is now at the center of cyber attacks. The threat landscape is so much more sophisticated now, and what we have learned from reviewing recent breaches is that if identity was managed better, we would have reduced the risk from the numerous hacks and identity thefts that have plagued recent headlines.
- Identity is only getting harder to manage as IT infrastructure evolves and we become perimeter-less enterprises. As cyber attackers get more sophisticated, we’re not battening down the hatches, but actually more open than ever before. We’re using cloud, mobile and big data technologies — as we all recognize that we must, since these are the ways that enterprises need to innovate.
These two catalysts means that the way we think about privileged identity management must change.
The legacy view of “vaulting shared accounts” advocated by other vendors is just leaving too much open for the cyber attacker — instead, we fundamentally believe that enterprises should implement the least privilege model wherever possible to reduce the risk profile of privileged users — more on this later in my second blog for the week.
Since IT infrastructure has changed from pure on-premises to a hybrid model, IaaS has to be included in your identity management strategy. Our workforce is now geographically dispersed, mobile, and outsourced — meaning that we can’t expect to use the legacy views on authentication — but federated privilege management is needed. And lastly, the delivery model — nothing really needs to be said here. The software model is being replaced by the service model, and for the security space, an enterprise can leverage from the experiences of many others, rather than trying to counter the threats themselves.
Now to build privileged identity management for the modern enterprise, this is nothing new to Centrify. We already deliver our Centrify Identity Service that provides SSO and provisioning that is built on our Centrify Identity Platform. This platform is proven and trusted by thousands of enterprises, and with this platform we can start to disrupt the privileged identity management space. By using our platform, we enable new capabilities that have not been there for the legacy vendors. Take built-in multi-factor authentication and VPN-less secure server access — these are two examples of capabilities Centrify includes within our Centrify Privilege Service.
You can learn more about our Identity Platform here.
With Centrify Privilege Service we are redefining the delivery model for privileged identity management, the benefits will be wider scale adoption of privileged identity management in the enterprise with the overall goal to reduce risk.