Top 3 PAM Features that Set Centrify Zero Trust Privilege Apart for Cloud Migrations

Ask any sales person what the most common question they get from prospects is, and the answer will typically be the same: “What makes your company different?” Or maybe, “What makes you better than your competitors?”

And while the response from sales people should be the same, it’s amazing how different the answers can be. Those who are on their game will have an answer ready with three strengths or differentiators. The others…well, they won’t.

While I’m not a career sales person, I am an evangelist in technical marketing and my role also demands that I have a good answer. With that, I humbly submit the three reasons I believe set Centrify apart from others in the space, especially when it comes to cloud migrations.

CLOUD-NATIVE, AND CLOUD-READY

Our Zero Trust Privilege Services are cloud-native, so they are ready for the cloud whenever you are.

Built for the cloud from the ground up, Centrify’s Privileged Access Service (PAS) leverages key benefits of the cloud economy such as elasticity and multi-tenancy. We’re able to easily accommodate our customers’ varying deployment needs such as pure on-premises, simple hybrid, as well as multi-cloud, delivering flexibility and efficiency that simply isn’t possible with legacy Privileged Access Management (PAM) products.

By offering PAM-as-a-Service, our solution can be up and running in under an hour. Customers avoid a complicated and protracted IT project along with the hassles of designing a complex PAM architecture with failover and disaster recovery and acquiring and building out the infrastructure. In fact, we’ve even taken the sting of having to talk to a sales rep out of the equation with our new Free Tier PAS password vault, available to self-subscribe on Amazon Web Services at no charge for up to 50 registered systems and their associated service accounts.

Many organizations are still considering cloud migrations or operating hybrid environments, and that’s perfectly fine. When you’re ready to migrate to the cloud, so are we. But remember that when migrating your IT environment to the cloud, it is essential to enforce a consistent privileged access security model across public cloud and on-premise infrastructure.

Trust your security to the vendor who championed PAM as-a-Service back in 2015 before anyone else. Our cloud-native, cloud-ready Zero Trust Privilege Services offer that consistency and control no matter what phase of cloud migration your company is in – no other PAM vendor comes close.

MULTI-DIRECTORY BROKERING

Speaking of the cloud, one of the biggest challenges we hear from customers who are migrating workloads to cloud is not unexpected. They struggle figuring out a clean, secure, and simple way to extend the reach of their enterprise directory (Active Directory (AD) or LDAP, typically) to the cloud so administrators can use their AD credentials to log into these new Windows and Linux instances.

Gartner’s recent “Solution Comparison for the IAM Capabilities Within AWS, Azure and GCP” highlighted weaknesses in this regard across AWS, Azure, and Google Cloud Platform.

Centrify solved this challenge with a new Brokered Authentication Service. An extension to the existing Authentication Service, Centrify’s Brokered Authentication Service enables customers to authenticate users against any Active Directory, LDAP, or cloud directory (e.g., Centrify Directory or Google Cloud Platform). We call this Multi-Directory Brokering.

In reference to The Lord of the Rings, I call it “One Directory to Rule Them All.”

With Multi-Directory Brokering, it doesn’t matter what system or service you are trying to authenticate and broker access to, Centrify will utilize your preferred directory to do so. Now you only need to maintain ONE logical directory across your entire environment, instead of standing up separate ones for AWS, Microsoft Azure, Google Cloud, etc. You can avoid replicating enterprise directories, complex sync and trust models, or costly site-to-site VPNs.

Now organizations can take advantage of the benefits of the cloud without compromising the level of privileged access security and enterprise access they currently have on-premises. Learn more in this demo video:

DISTRIBUTED JUMP BOXES/BASTION HOSTS

One of the key tenets of Zero Trust Privilege – and, indeed, of any cybersecurity approach – is to ensure access to critical systems and sensitive data is from a clean host. Meaning the machine being used for privileged access should be free from infections or malware.

But other than using special (i.e., costly), often air-gapped admin workstations, how can a clean source be enforced?

Our solution: Distributed Jump Boxes (sometimes also called Jump Hosts or Bastion Hosts)

Jump Boxes reinforce Zero Trust by not trusting the state of the administrator’s workstation. It does this by essentially setting up a “clean control room” so that nothing from the user’s workstation can enter the privileged environment.

Think of any movie about deadly outbreaks (1995’s Outbreak comes to mind). Before any biohazard suit-donning scientist enters or exits a lab that contains deadly pathogens, they always go through the little room where they get sprayed down with chlorine or other sanitizers and disinfectants to ensure nothing gets in or out of the lab.

That’s essentially what our Jump Box does. It supports VPN-less remote access, isolating our critical systems from potentially infected external workstations. The privileged user can use his/her own computer for administrative access, but nothing from that machine comes through to the privileged system other than basically keystrokes. They can easily do what they need to do, and IT won’t have to worry about them passing any infections (known or unknown) onto the network, whether cloud, on-premises or hybrid. An added benefit for IT is productivity gains, not having to explicitly try to manage the state (antivirus, antimalware, patches, NAC, etc) of the user.

All in all, much better security, control, and streamlined access for both remote internal IT as well as outsourced IT.

Again, these are just the three differentiators that I would lead with were I to be asked what sets Centrify Zero Trust Privilege Services apart from our competitors. Ask others at Centrify and you’ll likely hear additional equally-compelling benefits.

But if your organization is one of the 93% storing sensitive data in the cloud and you are serious about enforcing a modern, Zero Trust approach to Privileged Access Management, these are the three that I’d look for in a PAM provider.