Centrify today announced its vision and solutions for Identity-Centric Privileged Access Management (PAM), a modern approach to PAM that empowers organizations to simplify infrastructure management, protect against breaches, improve compliance postures, and securely transform their business by leveraging the cloud.
“The market is experiencing a changing threatscape, where PAM is shifting away from a vault-centric approach to a more secure and less cumbersome identity-centric requirement,” said Tim Steinkopf, CEO of Centrify. “Centrify’s identity-centric Privileged Access Management solutions evolve PAM to a seamless experience by leveraging individual identities, granting least privilege just-in-time, and empowering machines to protect themselves.”
Identity-Centric PAM is designed to handle requesters that are not only human but also machines, services, and APIs. For increased assurance, best practices now recommend strongly authenticated individual identities – not shared accounts – where least privilege can be applied. All controls must be dynamic and risk-aware, which requires modern machine learning and user behaviour analytics. PAM must integrate and interoperate with a much broader ecosystem including the cloud providers, DevSecOps tools, containers, microservices, and more.
Centrify’s approach to Identity-Centric PAM is founded on the Zero Trust principles of, “Never trust, always verify, enforce least privilege.” Centrify helps customers minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity, and costs through seven pillars of Identity-Centric PAM:
– Establish Trust: to enforce an authoritative security policy, securely establishing unique identities for every system with the authoritative security management platform.
– Verify Who: leverage enterprise directory identities to authenticate and authorize humans, machines, or services while eliminating local accounts and decreasing overall total number of accounts and passwords.
– Contextualize Requests: leverage ITSM solutions to elevate privileges, leveraging context to make just-in-time access decisions and leave zero standing privileges.
– Secure Admin Environment: ensure access is only achieved through a clean source, reducing the risk of exposing servers to malware or introducing infections during a connection.
– Grant Least Privilege: allow Just enough privilege, for just enough time to get the job done. Enable just-in-time privilege based on temporary access through a simple request process, and limit lateral movement by only granting access to the target resources needed and no more.
– Audit Everything: maintain audit logs and video recordings as evidence of compliance, a best practice for privileged sessions should forensic analysis or other review be required.
– Enable Adaptive Control: leverage modern machine learning algorithms to analyze user behaviour, identify anomalous activities, and issue alerts and take active response.
Centrify also made announcements at RSA that ease administrator authentication while strengthening the verification methods for privileged users:
– Passwordless Authentication: support for the FIDO2 standard enables administrator authentication using biometrics such as Face ID, Touch ID, and Windows Hello, offering the ability to replace passwords and other weak “something you know” factors for more powerful forms of multi-factor authentication.
– Red Forest Extension to *NIX: extended privilege elevation configurations in Microsoft’s Red Forest to Linux and UNIX, building on Centrify’s investment and leadership in this critical bridge between heterogeneous systems.