Key Identity Management Findings from the Centrify Blog, Q1 2018

centrify blog key findings

In what is becoming a recurring feature of the Identity Management site, the editors at Solutions Review like to review the blog posts of vendors in the field. We find they provide insights into what is trending in identity and access management and where enterprises should be most concerned. This time, we read through Californian IAM solution provider Centrify. Here are some of the key findings we found in the Centrify blog for Q1 for 2018:

The Emerging Importance of Securing Access to AWS by Jason Chow

Securing data in Amazon Web Services (AWS) has become a major concern, especially given the recently discovered data breaches and storage buckets left open despite containing valuable personal identity data. Often, it appears that negligence is the key reason for the improper configurations.

Centrify reminds us that no enterprise AWS bucket or account should be left exposed. Instead, Centrify points out that AWS itself recommends implementing IAM policies; that way, you can ensure appropriate role-based access to AWS services.

Centrify notes that AWS provides a built-in root account with absolute privileges, but advises only using it in the most dire of emergencies. To boost your AWS security, consider implementing single sign-on to centralize authentication. It will have the added side effect of providing a much smoother user experience.

Data Breaches Plague Organizations for Years by Bill Mann

Centrify uses this article to remind enterprises that data breaches don’t just end when the breach is closed. In fact, their consequences persist long afterwards. On top of siphoned funds or lost ransom, the breached enterprise suffers the financial pains of lost revenues (on average between $ 2 million and $4 million), stock drops, and lost customers. That isn’t even counting the lawsuits, angry shareholders and their lawsuits, and government investigations and fines that come with a data breach.

Centrify also mentions that cyber insurance is not a mature market. Insurance companies aren’t sure about its implementation, coverage, and payouts in the event of a breach, so it is not the cure-all some enterprises think.    

Escaping Data-Breach Groundhog Day by Mark Gibson

Some enterprises are caught in a loop of data breaches: stopping one just to get hit by another. This makes unfortunate sense: breaches are only getting worse in severity and volume. And with the rise of GDPR and other data protection laws, the initial breach may be the least of your enterprise’s problems.

What is causing these breach cycles? Partly it is an over-reliance on enterprise perimeter defense, which often stretched thin with the rise of bring-your-own-devices culture. Partly it is the improper use of cybersecurity budgets.

But as Centrify notes, ultimately it comes down to human error, whether that be via spearphishing, weak passwords, or general poor digital hygiene. No attack vector is as common or as large as your own employees. To combat this, Centrify recommends implementing a Zero Trust model of authentication. This involves verifying both users and devices as part of the authentication method as well as limiting all privileges as much as viable across the entire enterprise.   

Multi-factor Authentication (MFA) Is Ready for Prime Time by Teresa Chen

Multifactor authentication has been around for years, getting ever more refined and more layered in its security. But mass enterprise adoption still hasn’t happened. Why?

Centrify notes that enterprises claim MFA is too complex and expensive to deploy properly, but that the most consistent criticism is of the user experience in MFA. This has some roots in history: older authentication tools implemented MFA inefficiently and to the detriment of the user experience.Yet this perception no longer corresponds to the reality. It’s a necessary and powerful tool that can help prevent serious breaches.

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner