Santa Clara, CA ― November 11, 2019Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises, today published a new report, “Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments.” The report, based on a survey of over 700 respondents from the United States, Canada and UK, finds that 60% of respondents misunderstand the shared responsibility model for cloud security and incorrectly believe the cloud provider is responsible for securing privileged access. Furthermore, organizations are not employing a common security model or enforcing least privilege access to reduce risk, and the majority list security as their main challenge with cloud migrations.

The cloud’s availability, accessibility, scalability, and speed of delivery make it an attractive option to deliver IT services more efficiently and affordably. However, securing multi-cloud and hybrid environments creates an unfamiliar situation, in which organizations are unsure of who is responsible for controlling privileged access. As a result, many organizations secure cloud and hybrid environments differently than they do on-premises, when a common security model is best practice.


The survey found that:

  • 68% of organizations are not implementing Privileged Access Management (PAM) best practices to control access to cloud environments
  • 60% of respondents view security as the leading challenge when it comes to cloud migration projects
  • 76% are using more than one identity directory in their cloud strategy, which puts them at risk of “identity sprawl” and unsecured cloud attack surfaces

“As the enterprise threatscape expands, organizations are faced with new challenges to secure modern attack surfaces, and this report makes it clear that the cloud is no exception,” said Tim Steinkopf, CEO of Centrify. “We know that 80% of data breaches involve privileged access abuse, so it’s critical that organizations understand what they are responsible for when it comes to cloud security, and take a least privilege approach to controlling privileged access to cloud environments. Too much access and privilege puts their workloads and data at risk.”

Industry research firm Gartner named PAM a Top 10 security project for 20191. However a vault-centric approach is not enough to secure modern attack surfaces like the cloud. Centrify is redefining legacy approaches to PAM with a modern approach based on a Zero Trust. For more information about Centrify Zero Trust Privilege, visit

To download a complimentary copy of the report, please visit

1 Gartner, Top 10 Security Projects for 2019, Brian Reed | Neil MacDonald | Peter Firstbrook | Sam Olyaei | Prateek Bhajanka, 11 February 2019.

About Centrify
Centrify is redefining the legacy approach to Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern enterprise attack surfaces. Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.