Active Directory-based authentication, access control and role-based privilege management for Windows, Linux & UNIX
Standard Edition + privileged user auditing
Enterprise Edition + encryption of data-in-motion and server isolation
Any Edition + single sign-on for SAP, Apache and J2EE/Java applications
Single sign-on for cloud apps + mobile device supportMac Edition
Active Directory-based authentication and Group Policy management for Macs + mobile device supportPremium Edition
SaaS and Mac Editions + mobile device supportCentrify for Samsung KNOX
Active Directory-based SSO, MCM and MDM for KNOX-enabled devices
Every major compliance regulation requires organizations to link access controls, role-based privileges, and user activity to named users. In cross-platform environments, establishing this accountability is a complex task given the existence of multiple identity silos such as NIS and LDAP databases, platform-specific proprietary directories, and local config files managed system by system.
Centrify addresses these IT security and compliance requirements with a Unified Identity Services solution: a single, integrated architecture for authentication, access control, privilege management, policy enforcement and compliance. See the topics below for details on how Centrify's unified approaches addresses specific compliance regulations.
The PCI Council, a consortium of the major card brands, maintains PCI DSS, a rigorous set of standards for protecting cardholder data anywhere it is transmitted, processed or stored. PCI DSS is enforced by the card brands and banks, which can impose stiff fines and penalties, including the suspension of payment card processing privileges. Any business that accepts payment cards or processes card data must validate their compliance with PCI DSS yearly assessment.
Centrify addresses these ongoing challenges by providing a scalable, non-intrusive solution to PCI DSS and other compliance regulations. Centrify Suite ensures that new servers and applications (virtual or physical) are secure and consistently controlled and managed.
Centrify Suite PCI DSS Solution Overview
|Suite Edition||Products||PCI DSS Requirement|
4. Encrypt transmission of cardholder data across open, public networks
1. Install and maintain a firewall configuration to protect cardholder data
|10. Track and monitor all access to network resources and cardholder data|
7. Restrict access to cardholder data by business
8. Assign a unique ID to each person with computer access
2. Do not use vendor supplied defaults for system passwords and other security parameters
Below is an overview of how Centrify addresses the six of the twelve major requirements of PCI DSS that are relevant to corporate IT staff. For a detailed, point-by-point analysis, request our free PCI white paper.
Section 1.2 in particular states that organizations must "Build a firewall configuration that restricts connections between untrusted networks and any system components in the cardholder data environment." Centrify DirectSecure, a server isolation and protection solution, provides organizations with a simpler, software-based approach that dynamically isolates servers subject to PCI audits so that they can communicate only with other trusted computers. Not only is this solution more secure and easier to deploy than traditional firewall-based approaches, it also enables organizations to reduce the scope — and thus the cost — of PCI audits by focusing the audit on just the affected systems and not every system in their environment.
Centrify enforces user authentication with Active Directory credentials, which are managed with password policies configured in Active Directory. This ensures every user authenticates with their own unique credential and cannot access systems with default or weak passwords. In addition, requirement two mandates that all non-console administrative access be encrypted. Using Centrify with OpenSSH provides both secure authentication and single sign-on via Kerberos and network-level encryption of administrative sessions.
Centrify's solution for encrypting data-in-motion is particularly cost-effective for retailers who must move customer credit card data from branch stores to a corporate data center. Instead of relying on expensive private lines, they can move data across the Internet using the strong authentication and encryption features of IPsec.
At the heart of many publicly acknowledged PCI DSS infractions is the issue of managing superuser privileges on systems holding customer information such as credit card numbers. With the Centrify Suite, each administrator or other staff member can be granted role-based access and privileges according to a least-privilege security model. For example, a backup operator can be granted the right to log in to a Linux or UNIX database server and perform a backup without being granted other privileges that would, for example, also give them access to customer data. A server or group of servers can have its own unique set of authorized users, administrators, and security and configuration policies.
Corporate IT security administrators can link access rights and privileges to a user's Active Directory account. Those users log in with their individual Active Directory account, not a root or other superuser account, and automatically get the appropriate access rights and privileges.
The Centrify Suite can comprehensively log all user activity on a system and, once again, link it back to a unique Active Directory account.