Centrify Innovations Embrace Zero Trust Security
Centrify eases multi-factor authentication through FIDO Alliance and enhances privilege controls for containers
November 27, 2017
LAS VEGAS — Centrify, the leader in securing hybrid enterprises through the power of identity services, today announced its Zero Trust approach to security. Zero Trust assumes that everything—users, endpoints, resources—is untrusted and must always be verified to decrease the chance of a major breach. Bill Mann, chief product officer at Centrify, will address the upcoming Gartner Identity and Access Management Summit in Las Vegas and explain why Zero Trust is the right approach to security, especially now that the notion of a robust network perimeter no longer exists in the modern enterprise due to the rise of remote workers, BYOD devices and cloud resources.
Customers are adapting to the reality that older, network centric approaches to security no longer apply and more application centric models, with access grounded in identity, are necessary for today’s hybrid enterprise. Google’s BeyondCorp implementation is an excellent example of this new approach. BeyondCorp is a Zero Trust security framework that shifts access controls from the perimeter to individual devices and users. The end result allows employees to work securely from any location without the need for a traditional VPN.
“The modern hybrid enterprise must adopt a Zero Trust security model,” said Mann. “The old days of the guarded castle with a moat, where all interactions inside the castle were trusted and all interactions outside the castle were suspect, no longer applies. Remote employees on BYOD devices accessing SaaS applications are as much a reality today as someone sitting at their workstation inside the office. At Centrify, we are committed to helping our customers embrace this new reality and move towards a Zero Trust security model where all access must be authenticated, authorized and encrypted.”
Gartner IAM Summit Session on Zero Trust Security
At the Gartner IAM Summit, Mann will further explain the benefits of Zero Trust and why this innovative approach to security is vitally important during his session on Thursday, November 30th at 10:00am PT. His talk will cover the core concepts of Zero Trust, including:
- Identity Assurance, which evaluates the security posture of a user based on location, device and behavior to determine users are who they say they are.
- Trusted Endpoints, which only allow access to corporate resources from trusted endpoints, whether it’s a corporate owned, BYOD or public desktop, laptop or mobile device.
- Conditional Access, which grants just-in-time access to specific applications and infrastructure for a limited timeframe to users with a confirmed identity and who are using a trusted endpoint when logging in.
- Least Privilege, where just enough privilege is granted, just in time to perform the needed operations and lateral movement is limited.
Mann’s talk will also highlight major innovations that amplify the need for Zero Trust networks, such as machine learning, move to ephemeral servers, adoption of microservices and security convergence.
Zero Trust Security Model Product Enhancements
To further its move towards a Zero Trust security model, Centrify has joined the FIDO (Fast IDentity Online) Alliance and strengthening its integration with Yubico. Centrify Identity Services provides support for the FIDO Alliance’s Universal 2nd Factor (U2F) specification, an authentication standard designed to be open, secure, private and easy to use. Centrify already leverages Yubico’s YubiKeys for PIV Compliant and OATH-based authentication, and is further strengthening the partnership with this new support for FIDO U2F authentication. FIDO U2F certified authentication is recognized by the National Institute of Standards and Technology (NIST) as the highest Authenticator Assurance Level (AAL3) in the NIST Special Publication 800-63 Revision3.
“As co-creator of the FIDO U2F standard, Yubico believes that secure, easy-to-use and scalable authentication should be available to everyone,” said Jerrod Chong, VP of Product at Yubico. “Centrify shares our mission to bring greater security and convenience to the enterprise. By adding FIDO U2F support, Centrify has the most complete set of YubiKey integrations available from a technology partner.”
As enterprises move towards modern ephemeral architectures, Centrify is extending the reach of Zero Trust by continuing to build on its support for container-based ephemeral architectures. Centrify Infrastructure Services is now the only privileged identity management vendor to offer host-based privilege controls for CoreOS Container Linux, the leading container operating system. Centrify Infrastructure Services provides conditional access and least privilege control to CoreOS deployments.
To learn more, please visit www.centrify.com or visit Centrify this week in Las Vegas at Gartner IAM Summit Booth #207 or at AWS Re:INVENT booth #2117.
Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry recognized leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify is enabling over 5,000 customers, including over half the Fortune 50, to defend their organizations. To learn more visit www.centrify.com.
The Breach Stops Here.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Services are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
Ready to protect against the #1 Attack Vector?
Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.