Centrify announces new cloud-
ready zero trust privilege services
entrify, a leading provider
of cloud-ready zero trust
privilege to secure modern
enterprises, has announced
new cloud-ready solutions to help stop
the leading cause of data breaches –
privileged credential abuse. Centrify
Zero Trust Privilege helps customers
grant least privilege access based on
verifying who is requesting access, the
context of the request and the risk of
the access environment. In addition, the
company has successfully integrated
the Centrify Privileged Access Service
with SailPoint’s open identity platform,
IdentityIQ, easing the coordinated
adoption of zero trust privilege and
identity governance best practices.
C
Organisations may consider approaching
privileged access management (PAM) by
solely implementing password vaults, a
legacy approach that leaves gaps which
can easily be exploited.
In today’s environment, privileged access
not only covers infrastructure, databases
and network devices but is extended to
cloud environments, Big Data projects
and DevOps, and must secure hundreds
of containers or microservices.
By implementing zero trust privilege,
Centrify minimises the attack surface,
improves audit and compliance visibility,
and reduces risk, complexity and costs
for the modern, hybrid enterprise.
• A cloud-ready solutions
architecture built with modern,
hybrid enterprise in mind to avoid
vault-sprawl in multi-virtual private
cloud (VPC) and multi-Infrastructure-
www.intelligentciso.com
|
Issue 12
“The solutions we are announcing take
a big step forward in redefining legacy
PAM to secure access to modern attack
surfaces with zero trust privilege,” said
Tim Steinkopf, CEO of Centrify.
“Many of our customers have
already moved to cloud or hybrid IT
environments and our solutions are
cloud-ready to support them. However,
we also have customers who still need to
secure privileged access to on-premises
infrastructure before they’re ready to
move to the cloud.
“Centrify Zero Trust Privilege Services
can meet the needs of on-premises,
hybrid or all-cloud environments with a
multi-tenant architecture – so no matter
where an organisation is in their cloud
readiness, we have a solution that is
ready for them.”
The old way of securing critical
enterprise resources simply won’t work
in today’s diverse and sophisticated IT
environments. Zero trust assumes bad
actors are already inside the network,
hunting for privileged accounts and
credentials that help them gain access
to an organisation’s most critical on-
premises and cloud infrastructure, as
well as sensitive data.
According to a recent survey of 1,000 IT
decision makers, 74% of data breaches
involved privileged credential abuse.
Organisations must embrace a zero trust
mandate of ‘never trust, always verify,
enforce least privilege’ to minimise the
risk of falling victim to a data breach.
Cloud-ready Zero Trust Privilege
combines administrative password
vaulting with brokering of identities,
adaptive multi-factor authentication
enforcement and ‘just-in-time’ and ‘just
enough’ privilege, all while securing
remote access and monitoring of all
privileged sessions. u
55
Centrify Zero Trust Privilege Services
now offer the following cloud-ready
capabilities to reduce risk and secure
modern attack surfaces:
as-a-Service (IaaS) deployments. In
turn, customers can easily scale their
privileged access solution across
multiple IaaS regions or providers
without expensive operating
models that include replicating and
constantly syncing vault instances.
• Secure administrative access via
distributed jump box to reduce
the risk of introducing infections
by ensuring privileged access is
granted only via a clean source. To
achieve this, access should only be
granted through locked down, clean
and distributed server gateways.
Administrators don’t need a special
workstation and can utilise their
interface of choice which can include
browser, native client or thick client
to access sensitive systems via a
distributed local jump box.
• Multi-directory brokering via a
newly released Centrify client to
provide brokered authentication
to Windows and Unix systems via
support for common directories
(e.g. Active Directory, LDAP,
Google Cloud, Centrify). Brokered
authentication allows organisations
to deploy workloads into the cloud
while still utilising their existing
enterprise directory solution,
avoiding the risk of exposing that
directory externally, replicating in the
cloud or maintaining an expensive
site to site connection.
• Centrify privileged access
service is now SailPoint certified,
enabling joint customers to leverage
SailPoint IdentityIQ for enterprise-
wide provisioning, governance and
identity management processes
across all users, applications and
data, including those benefiting from
Centrify’s zero trust architecture.