October is Cybersecurity Awareness Month, where best practices take center stage so that technology users of all shapes and sizes can become better educated about modern threats and how to protect against them.
Even if you are a hardened cybersecurity professional with decades of experience fighting off the bad guys, there is always something to learn. This is especially true when it comes to securing your organization from the #1 cause of data breaches: privileged access abuse.
The challenge, oftentimes, is how to learn effectively, and in a short amount of time. To that point, I’ve created three “snackable” demo videos, and highlighted them below. Each is about six minutes long, and addresses an important aspect of modern, cloud-ready Zero Trust Privilege.
1. Centrify Privileged Access Service Support for VMWare VMKernel
Vaulting away shared privileged accounts for emergency “break glass” checkout only is a best practice for Zero Trust Privilege. We do this routinely for local Windows and Linux servers, as well as network device accounts. But what about other environments.
In this video, we show how Centrify's Privileged Access Service can manage VMKernel accounts for checkout, remote login, and using VSphere Client to configure the ESXi host and manage its virtual machines.
2. Brokered Authentication for Cloud and DMZ Scenarios
Many organizations continue to believe that on-premises workloads and workloads in the public cloud require different security approaches, frameworks, and solutions. The reality is that many of the best practices organizations have relied upon for years in on-premises data centers are just as effective in public cloud, hybrid, and multi-cloud environments.
Where the workloads exist shouldn’t matter if the use case is the same. For example, if you are using Centrify’s Brokered Authentication to enable and secure privileged access from Active Directory (AD) to an on-premises server or network device, you should also use it for the same use case on AWS, Azure, Google Cloud Platform, etc.
In this demo, we actually take a reverse approach to show how Centrify Authentication Service, designed for a more modern cloud transformation project, can also help with more traditional DMZ-based Active Directory authentication use-cases through Multi-Directory Brokering.
3. Local Account Provisioning with Centrify Zero Trust Privilege Services
A best practice for reducing your attack surface is to eliminate all local shared privileged accounts and give your administrators a single, fully-accountable Active Directory account. They can then use this to log into any system in the IT infrastructure (Windows, Linux, UNIX, network devices, etc…).
However, there are times when you simply can’t do this. So it helps if you can centrally manage the lifecycle of these Linux local accounts (and local groups) from within the Centrify Zone model in Active Directory.
This video shows how Centrify enables consolidation of application and service accounts into Active Directory and enforces Zone-based access to centrally managed local accounts.
This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.