LIVE BLOG: SecurIT Zero Trust Summit

REGISTER BELOW FOR THE LIVE STREAM! Welcome to the live blog from SecurIT: the Zero Trust Summit for CIOs and CISOs. SecurIT is an all-day industry event at Terra Gallery in San Francisco. This blog will be a frequently-updated chronology of highlights from the day, including notable quotes, photos, and other interesting details that we hope a remote audience will find useful in their Zero Trust journeys. If you’re new to Zero Trust, it might be helpful to visit https://www.centrify.com/zero-trust-security/ to learn more about this concept, which is enabling a complete rethink of security. The old adage of ‘trust, but…

It’s Almost GDPR D-Day: So What Happens Next?

Over the past 12 months during this blog series I’ve tried to provide insight into some of the key aspects of the GDPR and how organisations can better prepare for the big compliance deadline day of 25 May. Now that day is almost upon us, the question many organisations are asking is, “what happens next?” The truth is that, despite having had years of notice, many are only now waking up to the reality of the new regulatory regime. A recent survey of RSA attendees found just 14% claimed they were fully prepared for the GDPR. So what can we…

Supply Chain Risk: Time to Focus on Partners Ahead of GDPR Deadline

With the GDPR compliance deadline of May 25 almost upon us, recent events have highlighted the importance of locking down third-party risk. Attacks on supply chain partners, Facebook’s data leak scandal and a new report from the National Cyber Security Centre (NCSC) have all come at an opportune time to illustrate the potential liabilities facing firms. The GDPR will require much stricter due diligence and new contractual provisions between data controllers, processors and other third parties. Access controls in particular should be front and centre when dealing with suppliers. This is an opportunity to differentiate on improved security, so grab…

Centrify for NIST 800-171 MFA Compliance

I often speak with Federal System Integrators (FSIs) who need to implement Multi-Factor Authentication (MFA) as part of their NIST 800-171 compliance. Specifically section 3.5.3 of this NIST guide states, “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.” Many of these FSIs have already implemented smart cards in their environment, at least partially, while others have no form of MFA at all. Either way, the Centrify Identity Platform can provide this MFA compliance, along with many other features required for a secure, Zero Trust environment. (Centrify’s detailed compliance note on…

Takeaways from the Russia-Linked US Senate Phishing Attacks

The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns. On January 12, 2018, cybersecurity firm Trend Micro revealed that Russia-linked hackers tried to infiltrate the US Senate, leveraging phishing attacks to harvest access credentials. These tactics suggest that the hackers were laying the groundwork for a widespread compromise of Senate employees. And while these findings might further bolster the public view that the Kremlin is trying to influence our democracy, security professionals should not get distracted by the media frenzy that these revelations created and instead focus on the real…

Multi-factor Authentication (MFA) Is Ready for Prime Time

We’ve heard it time and again. As security threats increase and morph, and user devices and locations diversify, multi-factor authentication (MFA) should be blossoming into a trusted method for preventing misuse. Experts have consistently stated that enterprises need to implement protections at vulnerable points and apply effective access security mechanisms such as MFA. So, what’s the deal?  The Deloitte and Uber breaches, both incidents which took place last fall, demonstrated that these episodes were aided by the lack of MFA. These proof points alone should in fact create an urgency in MFA implementation and usage within organizations! Then… why haven’t…

C-Suite Disconnect is Weakening Cybersecurity

Today, Centrify announced a new research study conducted with Dow Jones Customer Intelligence titled, “CEO Disconnect is Weakening Cybersecurity.” The report sheds light on what’s going on inside the enterprise that’s enabling significant increases in the number of successful, high-profile breaches. At Centrify, we see Zero Trust Security as the most promising cybersecurity model to emerge in decades, and as the solution to the majority of these breaches. We’ve designed our solutions to help organizations adopt a Zero Trust Security model through a single platform consisting of Identity-as-a-Service (IDaaS), multi-factor authentication (MFA), enterprise mobility management (EMM) and privileged access management…

Break the Trust and Stop the Breach: The Zero Trust Security Model

As 2018 is upon us, it’s time to take stock of our new realities and commit to better behavior that benefits us and our companies. The discussion of the perimeterless enterprise is not new. In fact, the term “de-perimeterisation” was coined by Jon Measham, a former employee of the UK’s Royal Mail in a research paper, and subsequently used by the Jericho Forum back in 2005. The concept is easily understood. Are your employees using their mobile phones to access business data? Do they use SaaS apps like O365, Salesforce, or ServiceNow? If so, then your organization is a perimeterless enterprise. Access to your enterprise…

Five Best Practices for Zero Trust Security

The Centrify Zero Trust Security model is effective because it allows organizations to remove trust from the equation entirely. Based on the assumption that untrusted actors already exist inside and outside the network, Zero Trust leverages powerful identity services to secure every user’s access to apps and infrastructure. Only after identity is authenticated and the integrity of the device is proven can access to resources be granted–but even then with just enough privilege to perform the task at hand. Here are five best practices for achieving Zero Trust security: Always Verify the User with Multi-factor Authentication (MFA) The days of…

Escaping Data-Breach Groundhog Day

Countless companies globally are trapped in data breach Groundhog Day, unable to escape a repeating cycle of cyber attacks. In the 2018 Thales Data Threat Report, produced by 451 Research, the key theme is that while spending in IT Security is increasing, breaches are increasing at a faster pace and becoming more costly. As in past years, the 451 Group report indicates that companies cyber budgets are being spent in areas that have been identified as least effective in securing data. “Clearly, doing what we have been doing for decades is no longer working. The more relevant question on the…