The Cows Have Come Home: Now is the Time to Implement Multi-Factor Authentication

During our conversations with customers and prospects these days, the question of implementing multi-factor authentication (MFA) usually begins with “when do you plan to?” instead of “are you planning to?” We no longer need to ask: “Are you planning to implement MFA for remote server access and application access?” “Are you planning to implement MFA for password checkout and privilege elevation?” Starting the question with “when” assumes it’s a given. It is. The power and value of MFA is now broadly recognized. More so in the U.S. now that the Payment Card Industry Data Security Standard (PCI-DSS 3.2, April 2016) has…

For PCI Multi-Factor Authentication is Now Required for Everyone…and You Better Hurry

The “Payment Card Industry Data Security Standard” (PCI DSS) has long been a security and compliance driver for merchants, banks, hospitals, governments and anyone else that handles payment card information. PCI DSS standards are very prescriptive on what is expected in order to secure payment card data at rest and in motion, and also to require individual accountability while limiting access to only those with a need to know. Recently, the PCI council announced the latest release of PCI DSS version 3.2. This update includes 47 total clarifications, eight evolving requirements and three additional items of guidance. One of the…

Watch Admin Activity in Real-Time with Centrify Privilege Service

Ever needed a second pair of eyes on a change to a critical server — as it’s happening? Ever needed to see exactly what’s happening with maintenance activity — with the ability to kill the session if you don’t like what you’re seeing? If so, then the new “Watch & Terminate” feature in Privilege Service 15.7 is for you.  This feature allows administrative users to watch other users’ remote sessions in real-time with full fidelity, and terminate (kill) the other user’s session if necessary.  This enables a new level of oversight for user activity on critical resources.  New permissions have been added…

Centrify Helps Companies Comply with Labor Laws

Recently I was talking with a co-worker and he shared a use case from a large insurance company in Brazil. They wanted to ensure that they are in compliance with Brazilian labor laws as it pertains to the number of hours worked by employees in Brazil. The Federal Constitution states that working hours in Brazil should not exceed 44 hours a week and preferably, no more than 8 hours a day. Based on this scenario, the employee would have to work an additional 4 hours on Saturday. Or, as a workaround that many companies have implemented, have employees work an…

Secure Windows Administration and Eliminate Dual Active Directory Accounts for Administrators

I’ve seen many environments lately where the Windows administrators have two Active Directory accounts, one that they use for their normal end user activities, such as reading email, and the other they use for any administrative duty. This creates several very real problems: a) the admin now has two different accounts with a password that he must now maintain over time, probably not a huge problem but just a pain for the admin; b) you still have to trust the admin where he will use the second admin account and hope that he doesn’t use it for normal daily activity…

Secure Identity for Hadoop @ Strata+Hadoop World 2015

The most interesting thing to me about Strata+Hadoop World was the stories about what everyone is doing with Hadoop or Big Data. We heard numerous stories about how data scientists are using Hadoop to analyze customer data, financial data, web site click traffic, etc. In fact, most of the people who came to the show were realizing the value of Hadoop technology, while very few were responsible for the IT infrastructure that it runs on (who we normally sell security solutions to). And the most common title at the show was Data Scientist, which got me thinking that we should have a Security…

Centrify and the SANS Top 20

I know a very successful high school wrestling coach who has this running bit he does all the time at social events, cocktail parties, and random water cooler conversations.  When asked why his teams are consistently good year after year, he always responds with, “I’ve discovered the ancient secret to staying extremely physically fit.” After a bit of egging on, he’ll reluctantly divulge this long lost tidbit of knowledge he stumbled upon while reading some ancient scrolls. “The secret to staying extremely physically fit,” he begins, always followed by an over-the-top dramatic pause, “is to eat right and exercise.” Just…

Another Breach! Security Controls Shouldn’t be that Hard!

I just read an interesting article in NetworkWorld about a breach at a major financial institution. The article pointed out that breach resulted from a lack of deploying adequate security controls on the corporate servers. The article goes on to state, “Strong access management policies and network segmentation are key to limiting the extent of damage that attackers can do once they gain a foothold inside a network. However … implementing uniform security controls across their vast networks can be difficult because they often have to integrate large numbers of new systems with different levels of security as a result of acquiring other companies.”