Centrify, a leading provider of cloud-ready zero trust privilege to secure modern enterprises, has announced new cloud-ready solutions to help stop the leading cause of data breaches – privileged credential abuse.
Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request and the risk of the access environment. In addition, the company has successfully integrated the Centrify Privileged Access Service with SailPoint’s open identity platform, IdentityIQ, easing the coordinated adoption of zero trust privilege and identity governance best practices.
Organisations may consider approaching privileged access management (PAM) by solely implementing password vaults, a legacy approach that leaves gaps which can easily be exploited. In today’s environment, privileged access not only covers infrastructure, databases and network devices but is extended to cloud environments, Big Data projects and DevOps, and must secure hundreds of containers or microservices. By implementing zero trust privilege, Centrify minimises the attack surface, improves audit and compliance visibility, and reduces risk, complexity and costs for the modern, hybrid enterprise.
Centrify Zero Trust Privilege Services now offer the following cloud-ready capabilities to reduce risk and secure modern attack surfaces:
- A cloud-ready solutions architecture built with modern, hybrid enterprise in mind to avoid vault-sprawl in multi-virtual private cloud (VPC) and multi-Infrastructure-as-a-Service (IaaS) deployments. In turn, customers can easily scale their privileged access solution across multiple IaaS regions or providers without expensive operating models that include replicating and constantly syncing vault instances.
- Secure administrative access via distributed jump box to reduce the risk of introducing infections by ensuring privileged access is granted only via a clean source. To achieve this, access should only be granted through locked down, clean and distributed server gateways. Administrators don’t need a special workstation and can utilise their interface of choice which can include browser, native client or thick client to access sensitive systems via a distributed local jump box.
- Multi-directory brokering via a newly released Centrify client to provide brokered authentication to Windows and Unix systems via support for common directories (e.g. Active Directory, LDAP, Google Cloud, Centrify). Brokered authentication allows organisations to deploy workloads into the cloud while still utilising their existing enterprise directory solution, avoiding the risk of exposing that directory externally, replicating in the cloud or maintaining an expensive site to site connection.
- Centrify privileged access service is now SailPoint certified, enabling joint customers to leverage SailPoint IdentityIQ for enterprise-wide provisioning, governance and identity management processes across all users, applications and data, including those benefiting from Centrify’s zero trust architecture.
“The solutions we are announcing today take a big step forward in redefining legacy PAM to secure access to modern attack surfaces with zero trust privilege,” said Tim Steinkopf, CEO of Centrify. “Many of our customers have already moved to cloud or hybrid IT environments and our solutions are cloud-ready to support them. However, we also have customers who still need to secure privileged access to on-premises infrastructure before they’re ready to move to the cloud.
“Centrify Zero Trust Privilege Services can meet the needs of on-premises, hybrid or all-cloud environments with a multi-tenant architecture – so no matter where an organisation is in their cloud readiness, we have a solution that is ready for them.”
The old way of securing critical enterprise resources simply won’t work in today’s diverse and sophisticated IT environments. Zero trust assumes bad actors are already inside the network, hunting for privileged accounts and credentials that help them gain access to an organisation’s most critical on-premises and cloud infrastructure, as well as sensitive data.
According to a recent survey of 1,000 IT decision makers, 74% of data breaches involved privileged credential abuse. Organisations must embrace a zero trust mandate of ‘never trust, always verify, enforce least privilege’ to minimise the risk of falling victim to a data breach.
Cloud-ready Zero Trust Privilege combines administrative password vaulting with brokering of identities, adaptive multi-factor authentication enforcement and ‘just-in-time’ and ‘just enough’ privilege, all while securing remote access and monitoring of all privileged sessions.