|By Business Wire||
|November 30, 2016 08:00 AM EST|
Centrify Booth #116 at AWS Re:Invent — Centrify, the leader in securing enterprise identities against cyberthreats, today announced new hybrid cloud capabilities and best practice guidance to speed and secure adoption of Infrastructure-as-a-Service (IaaS). Centrify’s solution uniquely provides identity freedom, deployment freedom, and the most comprehensive capabilities for securing privileged access to infrastructure and apps in a hybrid IT environment.
IaaS platforms such as Amazon Web Services (AWS) provide an excellent layer of foundational security, but the shared responsibility model is clear: businesses are still responsible for the confidentiality, integrity, and availability of their data in the cloud. Organizations that are storing sensitive data in the cloud, which is 93 percent according to a recent Forrester survey, need a consistent security model across on-premises and IaaS to reduce the risk of data breach.1 Yet Gartner predicts that 95 percent of IaaS security failures will be the customer’s fault, and more than half of those will be attributed to inadequate management of identities, access, and privileges.2
“Leveraging built-in IaaS security is a great start, but not a complete solution according to the AWS Shared Responsibility Model and AWS Security Best Practices,” said Bill Mann, chief product officer at Centrify. “Centrify makes it easy to securely move infrastructure and apps to AWS, and take advantage of the benefits of the cloud, by providing identity freedom, deployment freedom, and a single, consistent security model across on-premises and cloud infrastructure and apps.”
As IT organizations look to migrate internal servers and applications to the public cloud, the fact that these on-premises workloads are hard-wired to on-premises infrastructure such as Active Directory (AD) can slow down the ability of IT organizations to quickly and cost effectively move those workloads to the cloud. Customers want to avoid the costs and challenges associated with managing shared EC2 user accounts and replicating their on-premises identity infrastructure to the cloud. At the same time, IT organizations may still want to leverage their historic investment in Active Directory while maintaining uniform high levels of security across on-premises, private cloud, and public cloud infrastructure and applications.
Centrify’s new Identity Broker capability seamlessly connects servers deployed in the cloud to the customer’s identity provider of choice ― including Active Directory and LDAP directories — without having to replicate complex identity infrastructure in the cloud or set up site-to-site VPNs or one-way trusts and Read Only Domain Controllers (RODCs). For further identity freedom, Centrify customers can now disaggregate themselves from the use of on-premises Active Directory as the backend identity repository for server authentication and solely leverage cloud-based directories such as the Centrify Directory or Google G-Suite Directory.
This new capability extends Centrify’s robust privileged access security solution for hybrid cloud environments. Centrify’s solution simplifies and streamlines the secure adoption of IaaS, implementing and extending AWS security best practices. Centrify vaults AWS Account credentials, controls access to and role membership for the AWS console, audits all privileged activity, and secures privileged access to Amazon EC2 instances and the apps that run on them, all while enforcing Multi-Factor Authentication for identities. This complements Centrify’s single sign-on (SSO) support for thousands of cloud-based Software-as-a-Service (SaaS) applications as well as on-premises applications migrating to the public cloud via Centrify’s support for SAML ― including Centrify’s SAML Toolkit for customer-developed applications that are built in the cloud.
Centrify uniquely offers a single privileged access security solution for hybrid IT that can be deployed as a service, in a private cloud, or on-premises. Deployment tools and scripts make it easy for IT admins to deploy the Centrify solution, enroll servers in the Centrify Cloud Service, vault root accounts, and automate setup of user access to servers.
AWS Security Best Practices
Maintaining security while adopting IaaS doesn’t have to mean starting from scratch. Centrify provides guidance on both implementing and extending AWS security best practices leveraging Centrify’s solutions. Topics covered include:
- Setting up a common security model. Conventional security and compliance concepts still apply in the hybrid cloud. Leverage and extend on-premises access polices to deploy infrastructure and apps quickly and securely in AWS.
- Eliminating EC2 key pairs. Minimize attack points by leveraging Active Directory, LDAP, and cloud directories such as Google’s versus creating local accounts and managing EC2 key pairs for authentication.
- Ensuring Accountability. Leverage existing user accounts or federate access to services and resources in AWS. Create fine-grained permissions to resources, and apply them to users through groups or roles.
- Implementing least privilege access. Grant users just the access they need in the AWS console, on EC2 instances, and to apps. Implement cross platform privilege management for AWS console, Windows, and Linux.
- Auditing everything. Log and monitor both authorized and unauthorized activity in EC2 instances. Associate all activity to an individual, and report on both privileged activity and access.
- Implementing MFA everywhere. Thwart in-progress attacks in AWS. Consistently implement MFA for AWS service management, on login and privilege elevation for EC2 instances, and when accessing enterprise apps.
“Centrify is the only vendor that comprehensively addresses identity for SaaS, IaaS, and on-premises with a single architecture,” added Mann.
1 For more information about this survey, please download the Thought Leadership Paper summarizing the findings at: http://www.centrify.com/forrester-study
2 Gartner “Mitigate Common IaaS Security Risks With Identity and Access Management” by Felix Gaehtgens, August 2016.
Centrify is the leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile, and on-premises. The Centrify Identity Platform protects against the leading point of attack used in data breaches ― compromised credentials — by securing an enterprise’s internal and external users as well as its privileged accounts. Centrify delivers stronger security, continuous compliance, and enhanced user productivity through single sign-on, multi-factor authentication, mobile and Mac management, privileged access security, and session monitoring. Centrify is trusted by over 5,000 customers, including more than half of the Fortune 50.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service, and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Mar. 27, 2017 08:30 AM EDT Reads: 1,193
Building custom add-ons does not need to be limited to the ideas you see on a marketplace. In his session at 20th Cloud Expo, Sukhbir Dhillon, CEO and founder of Addteq, will go over some adventures they faced in developing integrations using Atlassian SDK and other technologies/platforms and how it has enabled development teams to experiment with newer paradigms like Serverless and newer features of Atlassian SDKs. In this presentation, you will be taken on a journey of Add-On and Integration ...
Mar. 27, 2017 08:15 AM EDT Reads: 3,052
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
Mar. 27, 2017 08:15 AM EDT Reads: 3,022
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Mar. 27, 2017 08:00 AM EDT Reads: 4,233
Interoute has announced the integration of its Global Cloud Infrastructure platform with Rancher Labs’ container management platform, Rancher. This approach enables enterprises to accelerate their digital transformation and infrastructure investments. Matthew Finnie, Interoute CTO commented “Enterprises developing and building apps in the cloud and those on a path to Digital Transformation need Digital ICT Infrastructure that allows them to build, test and deploy faster than ever before. The int...
Mar. 27, 2017 07:45 AM EDT Reads: 1,038
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership abi...
Mar. 27, 2017 05:00 AM EDT Reads: 11,051
The essence of cloud computing is that all consumable IT resources are delivered as services. In his session at 15th Cloud Expo, Yung Chou, Technology Evangelist at Microsoft, demonstrated the concepts and implementations of two important cloud computing deliveries: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). He discussed from business and technical viewpoints what exactly they are, why we care, how they are different and in what ways, and the strategies for IT to transi...
Mar. 27, 2017 05:00 AM EDT Reads: 6,167
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
Mar. 27, 2017 03:45 AM EDT Reads: 2,975
Niagara Networks exhibited at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
Mar. 27, 2017 03:15 AM EDT Reads: 3,160
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
Mar. 27, 2017 03:00 AM EDT Reads: 2,999
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you ...
Mar. 27, 2017 02:15 AM EDT Reads: 4,182
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
Mar. 27, 2017 01:45 AM EDT Reads: 2,921
Virtualization over the past years has become a key strategy for IT to acquire multi-tenancy, increase utilization, develop elasticity and improve security. And virtual machines (VMs) are quickly becoming a main vehicle for developing and deploying applications. The introduction of containers seems to be bringing another and perhaps overlapped solution for achieving the same above-mentioned benefits. Are a container and a virtual machine fundamentally the same or different? And how? Is one techn...
Mar. 27, 2017 01:45 AM EDT Reads: 2,981
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
Mar. 27, 2017 01:15 AM EDT Reads: 1,869
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Mar. 27, 2017 12:45 AM EDT Reads: 2,119