Centrify Privileged Access Management:
Eliminate Identity Silos
Many organizations have a blended IT infrastructure consisting of Windows, Linux, and UNIX servers, with Linux adoption growing as the favored platform for developers. Cloud transformation projects are migrating these systems and the applications that run on them from the data center to multiple cloud providers. Keeping privileged access to this hybrid environment secure in this rapidly changing landscape is a massive undertaking.
Distributed Server Infrastructure Expands Your Attack Surface
Historically, Windows systems have benefited from a powerful and extensive management platform provided by Microsoft Active Directory. It centralized user and system management functions through a domain-controller model, allowing distributed Windows systems to join a domain and benefit from its many services. Unfortunately, IT was forced to use alternative and decentralized methods for enforcing access security policies on Linux and UNIX – often managing identities locally on each system.
Let Centrify Help
Greater control, more visibility, and simplified compliance are all benefits of centralizing management of privileged access. With Centrify, you secure Linux, and UNIX environments using the same authentication and Group Policy services currently used for Windows. Whether your IT infrastructure is exclusively on-premises, in the cloud, spread across multiple clouds, or a combination thereof, centrally, and consistently govern privileged access from Active Directory.
With Centrify PAM, you can:
Leverage Advanced Active Directory Bridging
Authenticating to Linux and UNIX systems leveraging Active Directory is great, but it is not Active Directory Bridging. Active Directory provides a rich management platform offering dozens of valuable services that improve your security posture, increase operational efficiencies, and reduce risk. Centrify PAM extends these benefits to Linux and UNIX. Examples include Group Policy, Kerberos for single sign-on, and smart-card login for Linux.
Accommodate Complex Active Directory Architectures
Many large organizations have complicated Active Directory architectures with multiple forests and domains. As you extend to cloud-hosted instances, deployments become even more intricate. Centrify’s Active Directory Bridging solution can locate accounts wherever they exist, even navigating 1-way, cross-forest trusts.
Centrally Manage Cross-Platform Privileged Access Control Policies
Centrify PAM makes it easy to eliminate identity silos by connecting a users’ access and privilege on Windows, Linux, and UNIX systems to a single definitive identity within Active Directory. Giving users a single identity across on-premises and cloud systems while centralizing privileged access security policies establishes the foundation for a zero standing privileges approach to minimizing your attack surface.
Enforce Least Privilege Access Controls
Comply with security models such as Zero Trust and Zero Standing Privileges to minimize the risk of a security breach. Consistently apply least-privilege policies that control who can log in to systems and what applications they run. Centrify PAM enables you to create complex relationships between users, job functions, and system criticality to control privilege in a model that reduces risk at scale. Administrators log in with their individual Active Directory account and request privilege when they need it. Privilege elevation can require approvals and grants are temporary.
Secure and Manage DevOps Access to Credentials and Secrets
Vaulting IDs, passwords, and access keys while reducing the number of privileged accounts in your DevOps environment minimizes attack targets and the risk of a security breach. Centrify machine identities establish trust relationships between the Vault Suite and a server. Apps running on the trusted server (Windows or Linux) leverage a temporary scoped token to securely retrieve credentials and secrets from the vault without requiring their own account. A per-machine service account instead of per-application service accounts reduces the attack surface.
Secure Privileged Access for CloudOps Without Impacting Agility
Centrify’s modern PAM solutions won’t slow you down. Incorporate Centrify PAM into orchestration pipelines for automated deployment, configuration, and tear down in elastic compute environments. APIs, CLIs, and SDKs make it easy to securely obtain credentials (passwords or ephemeral tokens such as OAUth2) and secrets programmatically.
Strengthen Identity Assurance with MFA
Organizations recognize MFA as a powerful component of their PAM strategy, providing greater identity assurance and stopping bots and malware in their tracks. However, integrating MFA with PAM and consistently enforcing it throughout the infrastructure remains a challenge for IT. With Centrify PAM, you centralize privileged access security policies including MFA and enforce them consistently at system log in – Windows, Linux, and UNIX – and during privilege elevation.
Audit, Record, and Report on All Privileged Activity
Centrify PAM’s audit trails, reporting, and session recordings simplify proof of compliance and security incident response. All privileged activity is captured on each host, associated with an individual, and consolidated in a secure database for complete visibility across the infrastructure. Host-level auditing includes events at the shell and process levels and cannot be bypassed or spoofed. Customizable reports and visual session recordings prove compliance with regulations such as PCI-DSS, SOX, and HIPAA.