The Multi-factor Authentication (MFA) Debate

A recent FCW article authored by Derek Handova provides expert opinions from experienced and well respected “identity” professionals: Paul Grassi, Sr. Standards & Technology Adviser at NIST, Jeremy Grant former Sr. Executive Advisor for Identity Management at NIST and now Venable’s managing director for technology business strategy.  Mr. Terry Halvorsen, former CIO for the Department of Defense and Army Col. Tom Clancy, Identity and Asset Management lead for the Department of Defense CIO’s office also provide their thoughts and ideas regarding multi-factor authentication. Their comments, along with other industry experts interviewed by Handova, were thoughtful and worth keeping in mind…

Game of Thrones Hack: Winter Has Come for Passwords

The recent security breach at HBO of confidential data including Game of Thrones scripts, cast personal details and administrator passwords highlights the vulnerability of password-only protection. The breach involved hackers stealing about 1.5 terabytes of data from HBO systems — more than seven times as much as the 200 gigabytes taken in the 2014 Sony hack — including scripts for five Game of Thrones episodes and two unreleased episodes of Ballers and Room 104. Passwords Alone Are Not Enough to Stop the Breach The hackers have reportedly released numerous confidential documents, including one with a list of personal phone numbers,…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 2

Last week, I discussed the first three reactions I had to the “Cisco 2017 Midyear Cybersecurity Report.” I discussed how vendor consolidation is increasing, how spyware is being branded as malware and how detection of threats is continuously improving. DevOps as a Target In the Vulnerabilities section of the document, Rapid7 describes how DevOps is a target and vulnerability for many companies that may use things like AWS, Azure, or Docker frameworks for development. When these resources are built, they are not always deployed in a secure state and often are left behind to run indefinitely. Identity management tools that…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 1

When reading this year’s “Cisco Midyear Cyber Security Report,” a few things jump out that bear discussion. Vendor Consolidation First, one of the key findings is related to the “fragmented security toolbox,” and from it, having so many point solutions solving for security gaps actually creates problems. If they are layered effectively, integrated fully and managed appropriately, point solutions are a winning approach. But when you look at the number of separate solutions that need individual attention to stay effective, the administrative burden deters from incident response plan. This leads to the report’s conclusion that consolidation of vendors limits this effect….

Racing Towards a Zero Trust Access Control Model

Drag racing. From 0 to 60 in less than 2 seconds. It’s all about controlled speed. Success depends on maximizing power, minimizing weight and drag, and no obstacles in the way! In IT when the pressure’s on, admins also want to avoid obstacles. They need to get the job done fast whether it’s an OS refresh, new corporate apps rolling out, or fixing a network outage. For this, they too need power (accounts like “root” or “administrator” with superuser rights). SO, just give your admins full rights all the time. Minimize obstacles, bureaucracy, red tape, friction. Jobs get DONE super…

Centrify named a Visionary in brand new Gartner Access Management Magic Quadrant

Centrify has been identified by Gartner, Inc. as a visionary in the 2017 Magic Quadrant for Access Management. Centrify received the honor for our ability to execute and our completeness of vision, which is evaluated based on a deep understanding of the industry, product innovation, and marketing, sales, and geographic strategy. At a time when cyber breaches are rising in volume and velocity, Centrify represents a massive rethink of security. It is the only complete platform that stops breaches through a trifecta of Identity Services for applications, endpoints and infrastructure — both on premises and in the cloud. Unlike other…

Time to Ditch Passwords: Taking the Centrify Message to Infosecurity Europe

London Olympia will again be the venue this week as experts from around the world flock to the capital for the annual Infosecurity Europe show. With over 13,000 visitors expected over the three days, this is one of the biggest industry events around. Centrify will be there on Stand C65 to share why we think our range of advanced identity services are the only way IT leaders can secure their hybrid enterprise against modern threats. Attendees also have a great opportunity to hear first-hand from customer Remy Cointreau on the challenges of becoming a more secure and agile organisation through…

How Can User Behavior Analytics Kill the Password?

Last time, I wrote about adaptive authentication and briefly touched on behavior analytics being an integral part of adaptive authentication. For true behavior analytics, you need some smart AI powered multi-factor authentication (MFA). Now, if you think about it and put the pieces of the puzzle together you might be able to kill passwords altogether. Wouldn’t that be nice? You no longer need to remember any passwords and all you need is access to one of your MFA tools when authenticating. With the increased use of smart phones and other devices for MFA, businesses now more than ever have the…

Am I Affected by the European General Data Protection Regulation?

It’s a year until the biggest shakeup to Europe’s privacy laws in nearly a generation takes effect. The European General Data Protection Regulation (GDPR) will bring sweeping new rules into force, including new consumer rights over how personal data is used, and mandatory 72-hour data breach notifications. Yet there’s still confusion over which companies and what types of data are covered by the law. With firms currently complying with less than 40% of GDPR principles on average, time is running out. That’s why Centrify is running a new monthly blog series designed to raise awareness about the GDPR, as the clock…

What is Adaptive Authentication?

Adaptive Authentication: Why Should You Care? Before going into what adaptive authentication is I want to answer why you should care first. In today’s IT world, relying on a simple username and password authentication is not enough to protect critical business data and systems against the growing number of sophisticated cyber attacks. Just do a quick search online or have a look at one of my previous blogs, “How Much Does It Cost to Protect an Organization from Cybercrime?” to get an idea of how expensive a hack can be and how sophisticated attacks have become. That ever-growing number of…