How to Operationalize the Zero Trust Security Pillar ‘Limit Access & Privilege’ with ServiceNow

An easy way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom.” As a result, it’s not surprising that, according to Forrester, 80 percent of breaches involve privileged credential misuse. By leveraging a “trusted” identity a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. Zero Trust Best Practice: Limit Access & Privilege To limit their exposure…

Supply Chain Risk: Time to Focus on Partners Ahead of GDPR Deadline

With the GDPR compliance deadline of May 25 almost upon us, recent events have highlighted the importance of locking down third-party risk. Attacks on supply chain partners, Facebook’s data leak scandal and a new report from the National Cyber Security Centre (NCSC) have all come at an opportune time to illustrate the potential liabilities facing firms. The GDPR will require much stricter due diligence and new contractual provisions between data controllers, processors and other third parties. Access controls in particular should be front and centre when dealing with suppliers. This is an opportunity to differentiate on improved security, so grab…

Break the Trust and Stop the Breach: The Zero Trust Security Model

As 2018 is upon us, it’s time to take stock of our new realities and commit to better behavior that benefits us and our companies. The discussion of the perimeterless enterprise is not new. In fact, the term “de-perimeterisation” was coined by Jon Measham, a former employee of the UK’s Royal Mail in a research paper, and subsequently used by the Jericho Forum back in 2005. The concept is easily understood. Are your employees using their mobile phones to access business data? Do they use SaaS apps like O365, Salesforce, or ServiceNow? If so, then your organization is a perimeterless enterprise. Access to your enterprise…

Five Best Practices for Zero Trust Security

The Centrify Zero Trust Security model is effective because it allows organizations to remove trust from the equation entirely. Based on the assumption that untrusted actors already exist inside and outside the network, Zero Trust leverages powerful identity services to secure every user’s access to apps and infrastructure. Only after identity is authenticated and the integrity of the device is proven can access to resources be granted–but even then with just enough privilege to perform the task at hand. Here are five best practices for achieving Zero Trust security: Always Verify the User with Multi-factor Authentication (MFA) The days of…

Escaping Data-Breach Groundhog Day

Countless companies globally are trapped in data breach Groundhog Day, unable to escape a repeating cycle of cyber attacks. In the 2018 Thales Data Threat Report, produced by 451 Research, the key theme is that while spending in IT Security is increasing, breaches are increasing at a faster pace and becoming more costly. As in past years, the 451 Group report indicates that companies cyber budgets are being spent in areas that have been identified as least effective in securing data. “Clearly, doing what we have been doing for decades is no longer working. The more relevant question on the…

4 Months to Go: A New Year GDPR Checklist

As we enter the New Year, IT and security leaders have most likely been glued to revelations of major new CPU-level vulnerabilities Meltdown and Spectre, described by researchers as among the “worst ever” discovered. However, there’s arguably an even more pressing concern, not just for IT but the entire organisation: GDPR compliance. There are now just over four months to get your house in order before the sweeping new EU regulation formally comes into force on 25 May. Regulators will be given the power to levy fines of up to 4% of global annual turnover or £17m, whichever is higher….

Centrify Identity Services: Securing Docker and Containers

Introduction We are excited to announce that Centrify now supports CoreOS Container Optimized Linux which several of our customers are using as part of their adoption of containerization for their application deployments. But first, let’s start with an overview of how Centrify can help you protect access to these containerized platforms and the applications that run on them. As organizations embrace hybrid cloud environments moving their applications and other workloads to public clouds such as AWS, Azure and Google, application developers building custom apps inevitably rework their applications to take advantage of the hosting platform capabilities such as auto-scaling enabling…

Centrify Predicts: Cybersecurity in 2018

As we start 2018, we have continued to see major breaches across industries, only last year we witnessed at least two companies — Uber and Equifax — opt to hold off on alerting the public to their respective cybersecurity breaches and make them public at a later, more convenient date. Whether a coincidence or a trend in the making, time will tell. What we do know is that these were among a handful of security “events” that will help shape the year to come. Here are our predictions for 2018. Organizations will respond to the current threat landscape with a…

Six Months and Counting: How Standards and Frameworks Can Help GDPR Compliance

The theft of highly sensitive personal information on 57 million Uber drivers and customers in the Uber data breach — and its subsequent cover-up — is in many ways what the GDPR was invented for. Here is a multi-billion dollar US tech company that reportedly protected access to key data in the cloud by using just static log-ins. Not only did its data protection controls therefore fall short of the best practice “state-of-the-art” approach outlined in the GDPR, but the firm also failed to report the incident — something which would incur a fine of €10m (£8.9m) or 2% of…