Just Enough Privilege

Least Privilege as a Best Practice

Reduce the risk of attack through individuals with too much privilege. Implementing least privilege principles also limits the potential damage from security breaches. The flexible, fine-grained Centrify Privilege Elevation Service lets administrators get work done, reduces risk, and makes implementing a just-in-time privilege model easy with role-based access controls.

Centrally Grant, Revoke, and Govern Privilege

Minimize your attack surface and improve accountability by having fewer shared accounts. Quickly assign or revoke privileges for individuals across Windows, Linux, and UNIX systems.
Users continue to work without disruption by seamlessly elevating privilege as needed or leveraging a restricted environment (shell or desktop) familiar to them.
Enable just-in-time privilege by requiring workflow-based management of approvals for time-bound access to roles, credential checkouts, and privileged sessions.
Ensure privileged activity is tied to an individual. Users log in as themselves, seamlessly elevate privilege, and automatically trigger session recording to comply with your audit policy.
Restrict privileged roles to specific infrastructure, services, or apps and enforce controls across the network by time window, job function, system, services, and apps.
Optionally require MFA for identity assurance, and verify that privilege elevation requests are associated with a trouble ticket before approved.
Increase security and operational efficiencies with centralized privilege, authentication, and audit policies that leverage Active Directory investments.
Prove compliance with regulations with a single view into privileged access security policies, who has access to what, who did what, where, and when.
Role-Based Access Controls Make Least Privilege Easy, Least Privilege Access with RBAC

Role-Based Access Controls Make Least Privilege Easy

Least privilege policies give organizations essential control over their users’ privilege and reduce the risk associated with user error, malicious attacks, and security breaches. IT administrators use Centrify Zones to configure roles and grant users just enough privilege and access to the right set of infrastructure. Assigning new users to a role, moving users from one role to another, or disabling access for users who leave the company is simple with Centrify Server Suite. Roles can optionally be assigned and revoked through existing provisioning systems.

Seamless Least Privilege Access, Privilege Elevation with Dynamic Access Control Restrictions

Seamless Privilege Elevation with Dynamic Access Restrictions

Secure your Windows, Linux, and UNIX systems by controlling who can access what and when. Unlike de-centralized single-purpose tools like sudo, Centrify enables the configuration of dynamic privileges so that users can only elevate privilege at specific times, based on job function, and on targeted systems. Servers can be isolated based on time and trust relationships to further protect sensitive data. And because users always log in as themselves — not as root or local admin — they can continue work without disruption by seamlessly elevating privilege as needed.

Powerful Tools Automate Privilege Creation and Assignment

Powerful Tools Automate Role Creation and Assignment

Centrify provides a robust set of tools to simplify the adoption and management of a least privilege model that delivers just enough privilege for administrators. Centrify Server Suite includes tools and APIs to assign pre-defined roles and rights, import existing sudo files, automate the creation of new roles and rights, create reports, and satisfy audit requirements.

Learn More About Privilege Elevation Service

Ready to Protect Against the #1 Attack Vector?

Click here for more information about our products, pricing, demos, and more.

Contact Us