Behind the Numbers: Database Authentication and Authorization

Earlier this month, I posted a blog about how most companies I speak with have not implemented a modern database authentication and authorization approach. I also recommended 8 steps IT leaders can take to modernize their database management operations. Upon reflection, I think an interesting follow up would be to take a look at some numbers that further illustrate the need to put effective database authentication and authorization practices in place to secure the enterprise. LOOK AT THE NUMBERS Let’s create a fictitious sample company to examine, called Company X. At the DB Survival Blog site, the accepted high-end number…

Implementing Modern Approaches to Database Authentication and Authorization

The most common question I hear about Database Accounts is, “Can your solution vault Database Service and other Privileged Database Accounts?” Every time I hear this question, a voice in the back of my head wants to ask, “Have you implemented modern approaches to Database Authentication and Authorization Management?” See the real problem is the majority of Databases and the hosted Database Instances still have legacy Database Authentication and Authorization methodologies applied to them, so we are trying to apply a band-aid to the issue by reaching into the databases and vault the DB local accounts. THREE DATABASE APPROACHES Let’s…

How to Authenticate Users Into Apps Using AWS Application Load Balancer and Centrify

At Centrify, an AWS Partner Network (APN) Advanced Technology Partner, we frequently work with developers building applications on Amazon Web Services (AWS). While many aspects of app development and deployment on AWS have been streamlined, authentication of end-users into apps remains challenging. A traditional approach is to implement your own identity repository using a relational database or directory server. You are responsible for securing and storing user identities, implementing identity lifecycle management functions to create new users, implementing password policies, and recovering lost passwords. Another option is to use Amazon Cognito, which enables you to add code to your application to authenticate users either…

IAM Best Practices to Reduce Your Attack Surface

When I read the 2017 Verizon data breach report, I couldn’t help but notice that it would be relatively easy to reduce an attack surface by implementing a few Identity & Access Management (IAM) best practices. Granted, that might mean you will need to spend some money, but considering that a breach could cost you $15 Million or more, according to Ponemon, and considering that 81% of breaches involve a weak or stolen password, wouldn’t it make sense spending your money where it has the most impact? Organizations need to reduce their attack surface! Now before I share tips provided by…

How Can User Behavior Analytics Kill the Password?

Last time, I wrote about adaptive authentication and briefly touched on behavior analytics being an integral part of adaptive authentication. For true behavior analytics, you need some smart AI powered multi-factor authentication (MFA). Now, if you think about it and put the pieces of the puzzle together you might be able to kill passwords altogether. Wouldn’t that be nice? You no longer need to remember any passwords and all you need is access to one of your MFA tools when authenticating. With the increased use of smart phones and other devices for MFA, businesses now more than ever have the…

Windows 2FA – It’s a Big “Where” In “Everywhere”

If you’re a regular reader of our blog, you’ll know that here at Centrify, we’re big believers in multi-factor authentication (MFA) and strong supporters of MFA Everywhere. Passwords don’t protect us, our data or our businesses – and we need something better. As an extension of our commitment to eradicate passwords wherever possible, and bolster security with MFA wherever we can, we’ve extended our “MFA Everywhere” initiative with a key new “where” – 2FA for Windows logon. Speed and Security We can hear the cries now: “2FA! Windows Logon! Won’t that slow all my users down?” Not if the second…

Podesta Twitter Hack: A(nother) Lesson on Two-Factor Authentication

In the midst of the WikiLeaks’ release of thousands of emails purportedly from his inbox, Hillary Clinton Campaign Chairman John Podesta has now become the victim of a hack into his Twitter account. CNN is reporting that Podesta’s account was hacked on Wednesday, September 12, and that, just as Clinton landed in Las Vegas, Podesta ostensibly tweeted, “I’ve switched teams. Vote Trump 2016. Hi pol.” While the specific details of the hack have yet to be discovered, a likely scenario is that Podesta’s Twitter account was protected solely by a username and password – without any form of two-factor authentication….

What is a Derived Credential Anyway?

What is a derived credential anyway? You may have heard that Centrify announced support for “derived credentials,” in conjunction with its smart card offering. If you aren’t in the federal or ultra-secure enterprise space, you’ve probably never heard of derived credentials. So what’s so special about it? Users that are issued smart cards as their primary means of authentication have to physically insert a card into a reader on their desktop/laptop and then enter a PIN. This form of authentication replaces the username and password, and also covers the 2-factor requirement as well. (The card is something you have, and…

Creating a Custom WS-FED Application

In this blog post I’d like to show you how to create a custom WS-Fed application on the Centrify User Portal. This may be an existing internal app or a 3rd party hosted application. As you probably know by now Centrify provides about 3,000 application profiles out of the box, but there are those cases when you might have an internally developed app or a lessor know 3rd party app that supports WS-Fed and you would like to provide it with single sign-on . I’ve included a primer on how SSO works with WS-Fed as well as detailed instructions on…