Privileged Identity Management from the Cloud

I’m very, very happy today to announce a brand new product from Centrify.

It’s a product designed for privileged users – especially privileged IT users – who manage the increasingly complex and hybrid IT environments that we at Centrify call the modern enterprise. It’s a perfect complement to Centrify Server Suite; together they provide a comprehensive solution for reducing or eliminating identity-related risks on-premises and in the cloud.

Our new product is delivered to you from the cloud – the Centrify Cloud. In fact, it’s the industry’s first privileged identity management solution designed and built from the ground up for the cloud.

It’s called Centrify Privilege Service™.

Centrify Privilege Service is a cloud-based privileged identity management solution for shared account password management, secure remote access, and privileged session monitoring. Privilege Service is built on the Centrify Identity Platform. It’s delivered to you from the Centrify Cloud as Software-as-a-Service (SaaS), and it’s secure, simply to deploy, and easy to use.

Privilege Service will ship in the first half of May (just a couple of weeks after RSA), and will be licensed by subscription and priced per privileged user.

At a high level, here’s what Privilege Service can do:

  • Centrally manage emergency access to all servers and network devices in break-glass scenarios
  • Grant secure, cloud-based access for remote and outsourced IT staff to servers and network devices, without giving VPN access to the full data center
  • Secure access to on-premises servers, network devices and Infrastructure-as-a-Service via best-in-class resource management, shared password management and privileged session monitoring capabilities

Let’s take a closer look at the features and benefits of Privilege Service.

Manage Passwords for Local and Service Accounts

Privilege Service can manage passwords for local and service accounts on servers and network hardware. Admins can’t share the password, and unauthorized users can’t log in with that account.

Password Checkout

Authorized users can checkout account passwords for a limited duration, displaying them in plain text or copying them to the system clipboard. All password checkouts are audited and associated with the actual user.

CPS password checkout

Automatic Password Reset

Privilege Service automatically generates a new password and changes the password when a managed account is added to Privilege Service, or when a password’s checkout interval expires.

Remote Management Sessions

Privilege Service enables authorized users to launch secure management sessions for resources directly from the Privilege Service portal within the user’s browser.

CPS remote session

Use Shared Accounts without Disclosing Passwords

Authorized users can log in to resources using shared accounts without knowing the passwords, and without Privilege Service disclosing the passwords to them.

Limit Access to Resources

Unlike a VPN that gives users visibility to the entire network, Privilege Service enables you to grant access to resources on a per-resource basis. This means that you can give your IT admins access to only the infrastructure they need to manage, on-premises and in the cloud.

Access from any location

Privilege Service is delivered as Software-as-a-Service (SaaS) to the user’s browser. User log in is context aware, with options for Centrify’s multi-factor authentication for security stronger than a user name and password.

Audit and Report User Activity

Privilege Service automatically audits and keeps a record of all user and administrative activity in the portal. Password checkouts and remote management sessions are always associated with the actual user.

Optional Gateway-based Session Monitoring

Privilege Service can optionally capture screen activity for remote management sessions, giving supervisors and auditors a visual record of the session activity.

Platform Support

Privilege Service supports the same set of Windows, UNIX and Linux server operating systems as Centrify Server Suite 2015. Five leading network hardware operating systems are also supported for secure storage and use of account passwords:

  • Cisco IOS
  • Cisco NX-OS
  • Juniper JUNOS
  • HP ProCurve
  • HP Comware

Privilege Service at RSA

Please stop by and see us this week at RSA, booth #415 in San Francisco’s Moscone Center and ask to see a live demonstration of Centrify Privilege Service. Tony Goulding, Theresa Tinston, Bill Mann, and I will be happy to see you!