Identity-Based Security Comes of Age at Infosec18

The annual Infosecurity Europe (Infosec) show was back again at the start of June even bigger and better than before. This year it was heartening to see so many businesses come to realise that an identity-based approach to cybersecurity is one of the best ways to keep regulators happy and threats at bay while driving adoption of agile cloud deployments. It all made our Zero Trust Security approach an easy sell as we engaged with customers and prospects. An oasis of calm Infosec has been running now for over two decades, but I’ve never before seen it on quite such…

LIVE BLOG: SecurIT Zero Trust Summit

REGISTER BELOW FOR THE LIVE STREAM! Welcome to the live blog from SecurIT: the Zero Trust Summit for CIOs and CISOs. SecurIT is an all-day industry event at Terra Gallery in San Francisco. This blog will be a frequently-updated chronology of highlights from the day, including notable quotes, photos, and other interesting details that we hope a remote audience will find useful in their Zero Trust journeys. If you’re new to Zero Trust, it might be helpful to visit https://www.centrify.com/zero-trust-security/ to learn more about this concept, which is enabling a complete rethink of security. The old adage of ‘trust, but…

Centrify Launches Zero Trust Security Network Ecosystem

The world has changed. I’m not sure if it was the HBO breach, Equifax, Yahoo, or one of the many breaches since, but after one of those we at Centrify realized it was one breach too many. As we looked at how the breaches were increasing in number, size, and severity we knew we had to do something different. How could we better protect our customers who are struggling under the weight of thousands of passwords and hundreds of ways to access applications/devices/servers? The answer lies in Zero Trust Security. The idea that we can no longer trust anyone attempting…

451 Research: Centrify Goes “All In” on the Zero Trust Movement

451 Research recently published an impact report recognizing Centrify as one of the early vendors to embrace the Zero Trust concept, which is a new conceptual framework on the rise as traditional security models that follow a hardened perimeter approach have failed. The author, 451 analyst Garrett Bekker, notes these failures and states that “the very concept of trust is called into question, in favor of assuming all users and assets are by definition untrusted” and that “the notion of trust is no longer based on where you are, but more on who you are, and what you are allowed…

SecurIT: Making Zero Trust a Reality for CIOs and CISOs

On June 13, C-level and senior management leaders from global companies spanning multiple industries will gather in San Francisco at SecurIT: the Zero Trust Summit for CIOs and CISOs. Hosted by IDG (publishers of CIO and CSO) and Centrify, this first-of-its-kind event will provide greater understanding around the concept of Zero Trust Security. Specifically, it will help define what Zero Trust is, why it matters, and help business leaders identify the best places for their organizations to start or continue on the journey to Zero Trust. The concept of Zero Trust can sound confusing (or perhaps even insulting), but the…

It’s Almost GDPR D-Day: So What Happens Next?

Over the past 12 months during this blog series I’ve tried to provide insight into some of the key aspects of the GDPR and how organisations can better prepare for the big compliance deadline day of 25 May. Now that day is almost upon us, the question many organisations are asking is, “what happens next?” The truth is that, despite having had years of notice, many are only now waking up to the reality of the new regulatory regime. A recent survey of RSA attendees found just 14% claimed they were fully prepared for the GDPR. So what can we…

Centrify and SailPoint Join Forces to Apply Zero Trust Security Best Practices to Identity Governance

Today, Centrify is proud to announce the integration of the Centrify Privileged Access Service with SailPoint® Technologies IdentityIQ™ solution. This integration provides joint customers with a single pane of glass for a privileged user’s entitlements and enables issuing access requests for accounts, systems, and existing roles that are controlled by the Centrify Privileged Access Service. This allows for centralized management and control of identities to quickly identify and mitigate access risks of privileged users, while strengthening an organization’s compliance posture. Figure: Centrify Privileged Access Service integration with SailPoint IdentityIQ BRINGING ZERO TRUST SECURITY TO IDENTITY GOVERNANCE One of the essential…

How to Operationalize the Zero Trust Security Pillar ‘Limit Access & Privilege’ with ServiceNow

An easy way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom.” As a result, it’s not surprising that, according to Forrester, 80 percent of breaches involve privileged credential misuse. By leveraging a “trusted” identity a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. Zero Trust Best Practice: Limit Access & Privilege To limit their exposure…

World Password Day – 5 Facts About Weak Credentials

Happy World Password Day! Ok, I’ll admit until a few days ago, I wasn’t aware this was a thing. As with most events in my life, if Outlook or Android doesn’t serve me a popup reminder, I’m oblivious to it. But this one commanded my attention, not only because of the never-ending news coverage we see about high-profile breaches, but also because I now know that 4 out of 5 are due to weak, default, stolen, or otherwise compromised credentials. Around this time of year, we tend to see reports that detail the top 25 most common passwords. You’d think…

Insights from the Verizon 2018 Data Breach Investigation Report

The 2018 Verizon Data Breach Investigation Report (DBIR) was published in early April, reporting on 53,308 security incidents and 2,216 data breaches from 67 contributors in 65 countries. It’s an important read for organizational leaders, and cyber professionals to find data-driven evidence of industry-specific incident patterns. It’s also important to distinguish incidents from breaches. A breach is an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party. The remainder of this article will discuss data breaches. The following quote from Robert Novy, Deputy Assistant Director at the US Secret Service, is a good summary…