Cloud-ready Zero Trust Privilege is designed to handle the rudimentary use case of privileged access management (PAM), which lies in granting access to privileged user accounts via a shared account, password or applications password and secrets vault, as well as securing remote access. Centrify Privileged Access Service allows for all the above as well as secure administrative access via jump box, workflow-driven access requests and approvals as well as multi-factor-authentication (MFA) at the vault.
Shared Account & Password Vault
Secure and manage super user and application accounts on servers and network devices, both on-premises and in the cloud. Provide security for the modern enterprise where IT is increasingly outside the firewall with a secure service that is faster to implement and delivers quicker ROI.
Application Passwords & Secrets Vault
Store and manage secrets (e.g., IP addresses, API keys, SSH credentials, AWS IAM credentials) and enable secure communication between applications, containers and microservices.
Secure, auto-rotate after checkout and control access to passwords, SSH keys and privileged credentials based on policy to prevent cyber-attacks and meet audit and compliance requirements.
Secure Remote Access
Provide remote admins, outsourced IT and third-party vendors with secure access to the specific infrastructure they manage — on-premises and in the cloud. Risk-aware MFA combined with VPN-less access and flexible deployment models deliver the security your hybrid IT environment demands.
Secure Administrative Access via Jump Box
When accessing privileged resources, it is vital that we do not introduce infections during our connection. To achieve this, we need to make sure access is only achieved through a clean source. Access should only be achieved through approved Privilege Admin Consoles, which can include web-based, native client or thick client access to sensitive systems via a locked down and clean Server Gateway that serves as a distributed local jump box.
Access Request & Approval Workflow
Minimize your attack surface by eliminating static and long-lived privilege grants. Govern temporary access to roles that grant privilege, shared account credentials and remote sessions with self-service access request and multi-level approvals. Capture who approved access and reconcile approved access with actual access.
MFA at Vault
So that we are always verifying the “who”, we must apply multi-factor authentication (MFA) everywhere. This applies during vault login and upon password checkout, or remote session initiation…anytime there is a new request and we must know with certainty who is on the other end before granting access.
When you get a clear picture of the breadth of capabilities Centrify Zero Trust Privilege Services provide, you begin to understand just how many security check boxes it ticks. I’m still surprised at the number of issues I was able to address with just this single solution., IT Operations Manager, GSI