Using Centrify for NIST 800-53 Compliance

There’s a humorous saying I often hear in IT Security circles that goes something like this: “If a CISO has the choice between being compliant or being secure, compliance always wins because that’s what will keep them out of prison.” The reality is that most organizations need to increase both as efficiently as possible, and this is where Centrify can help. The Centrify Server Suite leverages your existing Active Directory to secure your systems from identity related risks and attacks. Additionally it helps with compliance for a large number of federal and industry standard security controls, such as those found…

Mitigating Vulnerabilities Related to Unmanaged SSH Keys with Kerberos

SSH has become the defacto method to access UNIX and Linux computers over the network for several different use cases – from shell access or file transfers, to batch jobs that need to communicate with other computer or apps, to name a few. As with any remote access solution to a system that contains corporate data, centralized authentication and access controls are critical to ensure that only the right users can access that resource in line with the business needs. However the challenge is that SSH Server that is typically configured for remote access on nearly all UNIX and Linux systems…

HeartBleed and Passwords

Once more the evil of passwords is demonstrated. This time it’s the HeartBleed bug that can expose chunks of data known by a web server to hackers. Passwords – and their ability to gain access to anything they protect – are the most obvious target. Technical aside: for those of you that don’t have the time to read the cert advisory (, here is a summary. The current version of the security library used by many web servers (OpenSSL) has a flaw that allows an attacker to send an information request (TLS heartbeat) to a server that reads way more…

Identity Where You Want It … And Now Policy Too

Back in November I blogged about “Enterprise Identity Where You Want It”, which discussed how Centrify had enhanced its Cloud Service to allow customers to store identity data in the cloud or on-premise in Active Directory or a combo of both. The point was while customers really want centralized identity management for the cloud and mobile resources that they are deploying, they also wanted flexibility regarding where they could store their identity data (cloud, on-premise and/or in both places). Fast forward a few months, and I am now pleased to announce we are extending this innovative and flexible “hybrid” approach that we have with identity to policy as well with our recent update to the Centrify Cloud Service. Let me explain what we are delivering in this blog post vis a vis Centrify delivering a fully cloud-based policy solution.

Hello: Centrify Suite 2013

Centrify Suite 2013 builds on the core enhancements Centrify introduced in Suite 2012 by extending DirectAuthorize to Windows, providing tighter integration between DirectAudit and DirectAuthorize, making migration from legacy “sudo” environments to DirectAuthorize fast and simple as well as adding many newly supported operating systems. All this makes Centrify Suite 2013 the industry’s easiest and most scalable solution for unified identity and privilege management and detailed user auditing across UNIX, Linux and now Windows systems.

Going One Step beyond Mobile Single Sign-on (SSO)

So how are we delivering this Mobile SSO capability? Well for RMAs we are delivering a MAS Software Development Kit (SDK) that lets mobile application developers provide corporate users with a “Zero Sign-On” experience and stronger authentication when accessing applications from their mobile devices, which eliminates the need to remember and re-enter credentials for each mobile app. “Zero Sign-On” goes beyond Single Sign-On for devices enrolled in the Centrify Cloud Service, as users who have enrolled their mobile device in the Centrify Cloud Service are provided a certificate identifying the user of a specific device. Users are then able to use Mobile Apps that integrate with the Centrify MAS SDK to gain seamless access to authorized cloud services upon unlock of the mobile device.

Centrify Rolls out New Release of Mobile Device Management

Last week we released a new version of Centrify for Mobile that provides several new and enhanced features including the Centrify Mobile Manager for iOS app, PKI authentication for Wi-Fi network access on iOS devices, Exchange configuration for Touchdown on Android devices, Group Policy controls for several new Restrictions settings in iOS 6 and other improvements. In this blog post I will provide details on some of these new features.

Centrify Now Supports Smart Card Authentication for Red Hat Linux

Today we announced smart card authentication support for Red Hat Linux. The new offering from Centrify will help in particular Federal organizations deploying Red Hat systems meet Homeland Security Presidential Directive 12 (HSPD-12). Couple that with our support for FIPS 140-2 encryption and you now have a secure, standards-based Linux desktop platform for federal workers.

How Centrify for Mobile Works

We are now on “Beta 2” of Centrify for Mobile, our new cloud-based service the lets enterprises centrally secure and manage smart phones and tablets, including iPads and Android devices, using existing Active Directory infrastructure, skill sets and processes. In this post I want to provide more details on our cloud-based architecture for letting you leverage Active Directory to secure your iPad, iPhones and Android devices.