Identity-Based Security Comes of Age at Infosec18

The annual Infosecurity Europe (Infosec) show was back again at the start of June even bigger and better than before. This year it was heartening to see so many businesses come to realise that an identity-based approach to cybersecurity is one of the best ways to keep regulators happy and threats at bay while driving adoption of agile cloud deployments. It all made our Zero Trust Security approach an easy sell as we engaged with customers and prospects. An oasis of calm Infosec has been running now for over two decades, but I’ve never before seen it on quite such…

LIVE BLOG: SecurIT Zero Trust Summit

REGISTER BELOW FOR THE LIVE STREAM! Welcome to the live blog from SecurIT: the Zero Trust Summit for CIOs and CISOs. SecurIT is an all-day industry event at Terra Gallery in San Francisco. This blog will be a frequently-updated chronology of highlights from the day, including notable quotes, photos, and other interesting details that we hope a remote audience will find useful in their Zero Trust journeys. If you’re new to Zero Trust, it might be helpful to visit https://www.centrify.com/zero-trust-security/ to learn more about this concept, which is enabling a complete rethink of security. The old adage of ‘trust, but…

451 Research: Centrify Goes “All In” on the Zero Trust Movement

451 Research recently published an impact report recognizing Centrify as one of the early vendors to embrace the Zero Trust concept, which is a new conceptual framework on the rise as traditional security models that follow a hardened perimeter approach have failed. The author, 451 analyst Garrett Bekker, notes these failures and states that “the very concept of trust is called into question, in favor of assuming all users and assets are by definition untrusted” and that “the notion of trust is no longer based on where you are, but more on who you are, and what you are allowed…

SecurIT: Making Zero Trust a Reality for CIOs and CISOs

On June 13, C-level and senior management leaders from global companies spanning multiple industries will gather in San Francisco at SecurIT: the Zero Trust Summit for CIOs and CISOs. Hosted by IDG (publishers of CIO and CSO) and Centrify, this first-of-its-kind event will provide greater understanding around the concept of Zero Trust Security. Specifically, it will help define what Zero Trust is, why it matters, and help business leaders identify the best places for their organizations to start or continue on the journey to Zero Trust. The concept of Zero Trust can sound confusing (or perhaps even insulting), but the…

World Password Day – 5 Facts About Weak Credentials

Happy World Password Day! Ok, I’ll admit until a few days ago, I wasn’t aware this was a thing. As with most events in my life, if Outlook or Android doesn’t serve me a popup reminder, I’m oblivious to it. But this one commanded my attention, not only because of the never-ending news coverage we see about high-profile breaches, but also because I now know that 4 out of 5 are due to weak, default, stolen, or otherwise compromised credentials. Around this time of year, we tend to see reports that detail the top 25 most common passwords. You’d think…

Insights from the Verizon 2018 Data Breach Investigation Report

The 2018 Verizon Data Breach Investigation Report (DBIR) was published in early April, reporting on 53,308 security incidents and 2,216 data breaches from 67 contributors in 65 countries. It’s an important read for organizational leaders, and cyber professionals to find data-driven evidence of industry-specific incident patterns. It’s also important to distinguish incidents from breaches. A breach is an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party. The remainder of this article will discuss data breaches. The following quote from Robert Novy, Deputy Assistant Director at the US Secret Service, is a good summary…

DevSecOps Gathers More of the Spotlight at RSA 2018

Nearly 1,200 security professionals recently attended the DevOps Connect: DevSecOps Day at the 2018 RSA Conference at San Francisco’s Moscone Center. Now in its fourth year, DevSecOps Day featured presentations and panel discussions on the role of security in the world of DevOps. DevOps thought leaders, security experts, and vendors shared success stories, insights, and challenges they faced in their journeys to implement secure DevOps practices. The common theme throughout the day was that security is becoming everyone’s responsibility. The security teams are starting to get more involved in the development processes while developers are starting to integrate security directly…

Introducing Centrify Identity Services for HashiCorp Vault

Today, Centrify is proud to announce the integration of the Centrify Identity Service with HashiCorp Vault for role-based user authentication and access to the Vault. The Centrify Next-Gen Access Management platform now provides an additional Auth Method called “centrify” for HashiCorp Vault. This Auth Method allows you to authenticate users to HashiCorp Vault, leverage any connected directory source for authentication, and enable role-based authorizations to Vault resources using Centrify Roles. Figure 1: HashiCorp Vault integration with Centrify Identity Services INTEGRATION, AUTHENTICATION, ACCESS There are several benefits to using Centrify for user authentication to HashiCorp Vault: Centrify brokers authentication to any…

Secure the Vote with Zero Trust

Our democracy is under attack. We are in an era where digital assets are being weaponized and used against us. The fragile state of our democracy is highlighted by election meddling by foreign interests, database breaches of both political parties, and most recently a high-profile breach of trust. And now, just a week ago, a “60 Minutes” episode titled, ‘When Russian Hackers Targeted the U.S. Election Infrastructure,’ validated that the main target of the 2016 U.S. election was election boards, and that up to 90,000 voter records were compromised. Election boards and officials face the biggest battle yet when it…

Trends to look for next week at RSA Conference 2018

Next week (April 16-19) is the 2018 RSA Conference at the Moscone Center in San Francisco, and there’s good news: it’s not too late to register for a complimentary Exhibit Hall Only Pass using the Centrify entry code X8ECENTR. You’ll get free admission to the Exhibit Hall, Wednesday through Friday keynotes, select sessions throughout the week, and several other events you can learn about here. If you’re on the fence about whether or not to attend, here’s a preview of the topics we expect to generate the most RSA buzz. If any of these interest you, register, and be sure…