Centrify on February 26th announced its vision and solutions for Identity-Centric Privileged Access Management (PAM), a cutting-edge strategy to PAM that empowers organizations to simplify infrastructure management, protect against breaches, enhance compliance postures, and securely transform their business by leveraging the cloud.
Emerging technologies fueling digital transformation are reshaping the enterprise IT environment. As organizations continue their digital transformation journeys, they combat to manipulate an infrastructure that is fragmented across hybrid- and multi-cloud environments, ensuing in data breaches, audit findings, and unnecessary overhead costs.
Underlying the foundation of digital transformation are privileged access controls, which make certain that only authorized individuals, machines, or services are permitted to access the right resources, at the right time, for the right reasons. Centrify enables digital transformation at scale, modernizing how companies secure privileged access across hybrid and multi-cloud environments by enforcing Identity-Centric PAM based on Zero Trust principles.
“The market is experiencing a changing threatscape, where PAM is moving away from a vault-centric strategy to a more secure and less cumbersome identity-centric requirement,” stated Tim Steinkopf, CEO of Centrify. “Centrify’s Identity-Centric Privileged Access Management solutions evolve PAM to a seamless experience by leveraging individual identities, granting least privilege just-in-time, and empowering machines to protect themselves.”
Identity-Centric PAM is designed to deal with requesters that are not only human but also machines, services, and APIs. For increased assurance, best practices now suggest strongly authenticated individual identities – not shared accounts – where least privilege can be applied. All controls must be dynamic and risk-aware, which requires modern machine learning and user behavior analytics. PAM must integrate and interoperate with a much broader ecosystem including the cloud providers, DevSecOps tools, containers, microservices, and more.
Centrify’s approach to Identity-Centric PAM is founded on the Zero Trust principles of, “Never trust, always verify, implement least privilege.” Centrify helps customers minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity, and costs via seven pillars of Identity-Centric PAM:
• Establish Trust: to implement an authoritative security policy, securely establishing unique identities for each and every system with the authoritative security management platform.
• Verify Who: leverage enterprise directory identities to authenticate and authorize humans, machines, or services, while removing local accounts and reducing overall total number of accounts and passwords.
• Contextualize Requests: leverage ITSM solutions to increase privileges, leveraging context to make just-in-time access decisions and leave zero standing privileges.
• Secure Admin Environment: make sure access is only carried out via a clean source, lowering the risk of exposing servers to malware or introducing infections during a connection.
• Grant Least Privilege: allow Just enough privilege, for just enough time to get the job done. Enable just-in-time privilege based on temporary access via a simple request process, and restrict lateral movement by only granting access to the target resources needed and no more.
• Audit Everything: maintain audit logs and video recordings as proof of compliance, a best practice for privileged sessions should forensic analysis or other review be required.
• Enable Adaptive Control: leverage modern machine learning algorithms to analyze user behavior, identity anomalous activities, and problem alerts and take active response.
Centrify also made announcements at RSA that ease administrator authentication while strengthening the verification techniques for privileged users:
• Passwordless Authentication: support for the FIDO2 standard enables administrator authentication using biometrics such as Face ID, Touch ID, and Windows Hello, providing the potential to replace passwords and other weak “something you know” factors for more effective forms of multi-factor authentication.
• Red Forest Extension to *NIX: extended privilege elevation configurations in Microsoft’s Red Forest to Linux and UNIX, building on Centrify’s investment and leadership in this critical bridge between heterogeneous systems.
For more details about Centrify, visit www.centrify.com.