Racing Towards a Zero Trust Access Control Model

Drag racing. From 0 to 60 in less than 2 seconds. It’s all about controlled speed. Success depends on maximizing power, minimizing weight and drag, and no obstacles in the way! In IT when the pressure’s on, admins also want to avoid obstacles. They need to get the job done fast whether it’s an OS refresh, new corporate apps rolling out, or fixing a network outage. For this, they too need power (accounts like “root” or “administrator” with superuser rights). SO, just give your admins full rights all the time. Minimize obstacles, bureaucracy, red tape, friction. Jobs get DONE super…

Undue Privilege Costs Cash and Undercuts Security

Few managers would throw their employee the keys to a big rig with two loaded trailers to pick up a pint of milk from a nearby convenience store. Apart from the problem of parking, the vehicle is massively over-specced for the job at hand, which creates unnecessary safety risks, both to the driver and to other road users. However, this is essentially what occurs each day in businesses around the world as employees are given access to privileged computer accounts that massively exceed the needs of their jobs. The result is often devastating in terms of corporate security with many…

Centrify Renews Commitment to Federal Information Processing Standards

The new release of Centrify Server Suite (CSS) 2017 contains an updated version of the Centrify Cryptographic Module, which provides the cryptographic services used within the suite. Just as we did with the previous version, this new crypto module has also received FIPS 140-2 validation, and its certificate #2844 has been posted on the NIST validation list. The Federal Information Processing Standard (FIPS) Publication 140-2 is a standard set by the US Government to approve cryptographic modules, and all software used within federal networks that perform encryption are required to be FIPS 140-2 validated. Centrify has hundreds of federal customers…

How to Keep Active Directory Active in a Hybrid IT World

For enterprise IT, “hybrid” is the word of the year. You’re either operating a hybrid infrastructure model already or you’re teetering on the edge. It’s getting easier now that AWS, Microsoft, Google et al are improving their services in support of such a model. At the Amazon AWS re:invent show in November, every other sentence contained the word “hybrid.” This was in stark contrast to last year where Amazon still firmly believed a total migration was the only logical choice. Some of our customers are very aggressive with plans to dissolve all their data centers and migrate everything to IaaS. The…

Solving DHS Continuous Diagnostics and Mitigation (CDM) Phase 2

The Department of Homeland Security (DHS) established a $6B blanket purchase agreement (BPA) to improve the cyber defenses for federal, state, local, tribal and territorial governments. The DHS Continuous Diagnostics and Mitigation (CDM) program helps protect government IT networks from cyberthreats and enhances risk-based decision making by providing a consistent and proven set of solutions. Centrify is the selected solution for CDM Phase 2 CRED that ensures all federal agency associates only have access to servers, applications or network resources based on their unique identity, role and responsibility within their organization. Centrify Server Suite offers a robust Active Directory bridge…

The Great Gig in the Sky: Secure Hybrid Cloud

Every day I hear from companies concerned and frustrated over a specific challenge — how to stand up workloads in the cloud while maintaining privileged access security (PAS). Infrastructure-as-a-Service (IaaS) has become the great equalizer. It doesn’t matter whether you’re large or small, in finance, healthcare or government — we all share the same worries when it comes to securing access to, and in, the cloud. I was pondering this the other day while sipping a short, dry cappuccino and listening to Pink Floyd’s Dark Side of the Moon. I had an epiphany. Thanks to Roger Waters & Co, I walked away with…

How Much Does It Cost to Protect an Organization from Cybercrime?

$15 million per year is the mean annualized cost if you don’t protect yourself, based on 58 benchmarked organizations according to a study by Ponemon Institute in 2015. 2014’s mean cost per benchmarked organization was $12.7 million. Thus, we observe a $2.7 million (19 percent) increase in mean value. The net increase over six years in the cost of cyber crime is 82 percent. Figure one shows an average annualized cost per sector (1 Million omitted) The same study concluded that the cost breakdown for: Internal activities is 31% for detection, 24% for recovery, 15% for investigation, 13% for containment, 9%…

National Cybersecurity Awareness Month: Building Resilience in Critical Infrastructure

Your corporate network is like a pandora’s box with a lot of goodies on the inside… stuff that any self-respecting hacker (um, business person) would be happy to exploit and monetize. So the question is, what options do you have to stop or thwart progress as that attacker tries to gain access, sneak around and slowly but surely gain ground on your crown jewels? On the theme of “resilience” and focusing on privileged access security, what are some of the ways your infrastructure can be more flexible, adaptable and resistant to attacks? Redefining “Attack Surface” I like to think of this…

Snowden: A “Trust but Verify” Story Gone Wrong

Snowden Movie Night Oliver Stone has brought “Snowden” to the big screen. Blimey. I’d finally stopped culling my social networks to the bone, put Mr. Robot hoodies in a box in the garage and stopped checking behind the shower curtain before getting in. Oh well. With hindsight and better insight, let’s reflect on some steps the government could take to mitigate this kind of situation happening again. In this blog, though, for a change, I’m going to start with the human angle instead of diving headlong into the technology. I want to highlight first the “people” in “people, process and…