Implementing Modern Approaches to Database Authentication and Authorization

The most common question I hear about Database Accounts is, “Can your solution vault Database Service and other Privileged Database Accounts?” Every time I hear this question, a voice in the back of my head wants to ask, “Have you implemented modern approaches to Database Authentication and Authorization Management?” See the real problem is the majority of Databases and the hosted Database Instances still have legacy Database Authentication and Authorization methodologies applied to them, so we are trying to apply a band-aid to the issue by reaching into the databases and vault the DB local accounts. THREE DATABASE APPROACHES Let’s…

MFA Everywhere: A Tried and True Method in Accelerating Security

While phishing attacks continue to jeopardize today’s organizations (a reported 76% of organizations experienced phishing attacks in 2017), it was refreshing to hear that tech giant Google has apparently eliminated phishing by giving security keys to all of its 85,000 employees. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a company spokesperson told Krebs on Security last week. “Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.” This…

Centrify Booth 2410: Your Destination for All Things Zero Trust Security at BlackHat USA

BlackHat USA 2018 kicks off in Las Vegas next week, the 21st year that the information security event has brought together thousands of cybersecurity professionals. BlackHat is always a unique event in that it devotes a heavier portion of its agenda to technical trainings, skill-building, and research briefings for practical cybersecurity learning, followed by a shorter main conference we typically encounter at a “trade show.” It’s also co-located with DEFCON, a hacker convention that takes place immediately following BlackHat – that’s always interesting. Whether you go to the whole event, just the technical sessions, or the Business Hall (aka The…

Gartner and Centrify Agree – PAM is #1 Security Project for 2018

CISOs are overwhelmed with a multitude of projects that are pulling at their time and resources. All of these projects feel important and usually will have some benefit, but nobody has the time or budget to do it all. So which projects will give you the biggest bang for your buck? How do security professionals prioritize these initiatives? At this year’s Gartner Security and Risk Management Summit, Gartner’s Neil MacDonald revealed the analyst firm’s top 10 recommended security projects for 2018. MacDonald stated that CISOs need to, “focus on projects that reduce the most amount of risk and have the…

Adopt Next-Gen Access to Power Your Zero Trust Strategy

Security breaches are now all too commonplace — 58% of organizations have experienced at least one in the past 12 months. As a result, IT security leaders are urgently scrambling to defend attacks at every entry point. Worse yet, traditional approaches to security, based on the notion that you can keep out the “bad guys” out while letting in the good guys, have proven ineffective.  Access control strategies that focus on separating trusted from untrusted users are missing the whole point. Mobile proliferation, reliance on outsourced partners and cloud technologies, and the regular occurrence of insider attacks mean that there…

The Cost of Customer Identity & Access Management (CIAM)

Customer Identity and Access Management (CIAM) is essentially a set of tools that allow your business to securely authenticate, manage and engage customers who are consuming products and services through your applications. Historically, customer identity has not always been top of mind when it comes to business-driving initiatives. Identity was simply a feature of the application, maybe a table or directory that stored user information. It was just there, without much need to think about it. Fast forward to present day and things have changed dramatically. Customers have now come to expect that their own preferences (likes, dislikes, purchase history)…

Centrify’s Next Strategic Step Forward with Thoma Bravo

I am pleased as CEO and co-founder of Centrify to announce that Centrify has entered into a definitive agreement whereby Thoma Bravo, a leading high-growth private investment firm with a significant track record in cybersecurity, will acquire a majority interest in Centrify from our current venture capital investors led by Mayfield, Accel, Jackson Square Ventures and Index Ventures. We couldn’t be more thrilled to partner with this world class investor who has invested in other great cybersecurity companies like SailPoint, McAfee, Barracuda and others. We believe that this transaction optimally positions us to accelerate our pace of innovation in the…

Making Smarter Access Control Decisions

Hey Siri, block that attacker, please Wouldn’t it be great if Siri, Alexa, or Google Assistant had the intelligence to figure out malicious intent, govern access to our sensitive corporate data, and alert us in real time when something dodgy was going on? Well, they do leverage modern machine learning and AI to make “intelligent” decisions, but they’re clearly not designed for enterprise-grade security. At Centrify, though, we’re using AI and machine learning concepts to develop Next-Gen Access security to do just that. Only it’s not in a soft, cute, platonic solid form factor that sits on your desk….yet. As part…

Five Reasons to Kill Off the Password

Australia recognised the security problem posed by passwords through widespread media coverage of Centrify’s warning issued on World Password Day, which occurred on May 3 this year. Centrify celebrated World Password Day, which turns up annually on the first Thursday of May as a day to promote good security hygiene and password habits, by calling for the end of this outmoded form of protection. Centrify’s World Password Day warning was picked up by leading publications, including FutureFive NZ, Lifehacker and SmartCompany and led to Australia’s national broadcasting, the ABC, interviewing me on radio in New South Wales, Queensland and Radio…

Supply Chain Risk: Time to Focus on Partners Ahead of GDPR Deadline

With the GDPR compliance deadline of May 25 almost upon us, recent events have highlighted the importance of locking down third-party risk. Attacks on supply chain partners, Facebook’s data leak scandal and a new report from the National Cyber Security Centre (NCSC) have all come at an opportune time to illustrate the potential liabilities facing firms. The GDPR will require much stricter due diligence and new contractual provisions between data controllers, processors and other third parties. Access controls in particular should be front and centre when dealing with suppliers. This is an opportunity to differentiate on improved security, so grab…