Sync Your Jaws Into Mac Keychain

“Well this is not a boat accident! It wasn’t any propeller! It wasn’t any coral reef! And it wasn’t Jack the Ripper! It was Keychain.” Just uttering the dreaded word Keychain can cause a Mac user or Admin to break out in a cold sweat. We’ve all seen the pop ups. <Cue the ominous music> Apple first introduced the Keychain in Mac OS 8.6 as a means of providing a secure location for applications to store passwords to ensure users aren’t constantly being pestered for passwords every time they launch mail or connect to a network server. Apple created the…

Making Headlines: SAML

On February 27, 2018 the CERT Division of Carnegie Mellon University’s Software Engineering Institute issued advisory #475445, outlining a design flaw in Security Assertion Markup Language (SAML) implementations, which affects various Single Sign-On (SSO) software and several open source libraries meant to support SAML-based SSO operations. Centrify customers are not susceptible to this vulnerability nor any Service Provider Applications that leverage the Centrify SDK (for more details, click here). The disclosed vulnerability drew a lot of media attention, generating coverage by tech publishers like ZDNet, eWeek, and TechTarget. Some of you might ask why there has been so much hype…

Centrify Joins FIDO Alliance and Expands Partnership with Yubico

Centrify has been busy building innovative technology and powerful partnerships. This post will talk about a longtime partnership, cool tech, and a deeper level of integration. Centrify and Yubico have been partners for more than three years already and work together with joint customers, in the field, and at a corporate level. Centrify and Yubico U2F Integration To further its move towards a Zero Trust Security Model, Centrify joined the FIDO (Fast IDentity Online) Alliance and strengthened its integration with Yubico. Centrify Identity Services now provides support for the FIDO Alliance’s Universal 2nd Factor (U2F) specification, an authentication standard designed to…

Moving to the Cloud? Six Best Practices for AWS Security

When moving to an AWS infrastructure, responsibility for security is shared between Amazon and your organization. Amazon’s Shared Responsibility Model clearly shows where both parties’ responsibilities begin and end. AWS secures the lower layers of the infrastructure stack, while the organization is accountable for everything else up to and including the application layer. Six security best practices for organizations moving to AWS Extend your common security model Conventional security and compliance concepts still apply in the cloud. Whether we’re talking about existing apps migrating to the cloud or new ones being built there, they must be secured and good practices…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 2

Last week, I discussed the first three reactions I had to the “Cisco 2017 Midyear Cybersecurity Report.” I discussed how vendor consolidation is increasing, how spyware is being branded as malware and how detection of threats is continuously improving. DevOps as a Target In the Vulnerabilities section of the document, Rapid7 describes how DevOps is a target and vulnerability for many companies that may use things like AWS, Azure, or Docker frameworks for development. When these resources are built, they are not always deployed in a secure state and often are left behind to run indefinitely. Identity management tools that…

Cyber Security that Pays for Itself in Australia

Centrify’s identity management platform is a unique product in the Australian cyber security market because of its ability to pay for itself through improved business productivity. Many customers are surprised to discover Centrify’s “secret sauce” — the value it releases through improved business process efficiency, which delivers a prompt payback. In fact, Centrify stands out as a leading identity management product that saves companies time and money in the on-boarding process, especially in relation to BYOD (Bring Your Own Device) use. In the cyber security space, when a CEO asks the age-old question, “is this product going to make me…

Driving Cloud-Based Agility at Rémy Cointreau with Centrify

Business requirements and information security priorities have always had a tough time aligning. It’s even become something of a cliché these days to say that security is a block on agility, productivity and growth. Yet it doesn’t have to be that way. Rémy Cointreau’s recent collaboration with Centrify is a great example of how, when implemented correctly, security can actually support the business: in this instance, our move to a more agile, cloud-based infrastructure.  On the opening day of Infosecurity Europe in London, I explained to a packed audience exactly how the Centrify Identity Service is helping our employees work…

It’s About Time (For Compliance with PCI DSS 3.2) — Are You Ready?

2017 hit the ground running in a fast and furious way, for obvious reasons. But wait a second — it’s suddenly March?!? Events and deadlines that seemed far into the future are suddenly right around the corner, with less time than you thought to cover everything in that intricate plan. Oh, if only time machines really did exist. One critical deadline on the near horizon applies to businesses who work with payment cards — merchants, financial institutions, point-of-sale vendors and developers who create and operate infrastructure that processes payments. And every one of those businesses needs to pay attention to…