Releasing its so-called Zero Trust approach to security, Centrify says this approach assumes that everything — users, endpoints, resources — is untrusted and always must be verified to decrease the chance of a major data breach.
Centrify accompanies its warning with a note that the problem with old security models is a “significant lesson” for Australia with its mandatory data breach notification law taking effect from February next year.
According to Centrify chief product officer Bill Mann, Zero Trust is the right approach to security today due to the porous network perimeter created by the rise of remote workers, BYOD devices and cloud resources.
“Zero Trust is based on the motto of ‘never trust, always verify’, which assumes that internal networks can no longer be relied upon as a way of protecting enterprise resources and that users and devices within a network are no more trustworthy than users and devices outside of the network.
“Remote employees on BYOD devices accessing SaaS applications are as common today as someone sitting at their workstation inside the office. Centrify is committed to helping its customers embrace this reality by moving towards a Zero Trust security model where all access is authenticated, authorised and encrypted – with identity at the centre.”
According to Centrify, customers increasingly recognise that older, network-centric security approaches no longer apply, and today’s hybrid enterprise requires more application-centred models, with access grounded in identity.
Mann explains how Zero Trust delivers benefits including:
- Identity Assurance, which evaluates the security posture of a user based on location, device and behaviour to determine users are who they say they are;
- Trusted Endpoints, which only allow access to corporate resources from trusted endpoints, whether it’s a corporate owned, BYOD or public desktop, laptop or mobile device;
- Conditional Access, which grants just-in-time access to specific applications and infrastructure for a limited timeframe to users with a confirmed identity and who are using a trusted endpoint when logging in; and
- Least Privilege, where just enough privilege is granted, just in time to perform the needed operations and lateral movement is limited.
And Mann says major innovations amplify the need for Zero Trust networks, such as machine learning, move to ephemeral servers, adoption of microservices and security convergence, and claiming that to further Centrify’s move towards a Zero Trust security model, it has joined the FIDO (Fast IDentity Online) Alliance and strengthened its integration with Yubico.
“As co-creator of the FIDO U2F standard, Yubico believes that secure, easy-to-use and scalable authentication should be available to everyone,” said Jerrod Chong, vice-president of Product at Yubico.
“Centrify shares our mission to bring greater security and convenience to the enterprise. By adding FIDO U2F support, Centrify has the most complete set of YubiKey integrations available from a technology partner.”