Outsourcing IT to a third party is nothing new, but nowadays, there’s so many places for it to be outsourced to that it often requires authentication, and ergo, security.
To address this distribution of IT access, Centrify has updated its Privileged Identity Management offering to support federated privileged access across an organization’s entire security ecosystem, including secure outsourcing of IT and application development. The update includes new features such as application-to-application password management (AAPM) and multi-factor authentication (MFA) for servers.
According to a Forrester Consulting study — commissioned last month by the company — 100 per cent of organizations surveyed are outsourcing at least one IT function and at least one application development function; research firm Gartner has also forecast that IT outsourcing will be a $335 billion industry by 2019. “Almost every one of our customers outsources something,” said David McNeely, Centrify’s vice-president of product strategy.
He said that as more and more enterprises outsource IT, vendors need authentication to access systems and applications they are supporting and troubleshooting; often security breaches are caused when credentials for third party access are compromised. “A lot of organizations are outsourcing support and app development. It represents a new problem that IT needs to understand.”
McNeely said traditional privileged identity management requires organizations to create and manage identities for outsourced IT administrators within their internal environment and grant VPN access, but this increases risk as the number of privileged accounts disconnected from an authoritative identity provider grows and more laptops establish VPN connections to internal networks. This means more potential attack points for hackers, noting the high profile Home Depot breach was the result of third party credentials being compromised.
Under Centrify’s approach, the outsourcing service retains management of their employee identities, and the customer organization uses Centrify to grant web-based access and privilege for systems and applications. Privileged access is governed through request and approval workflows, monitoring with optional termination of privileged sessions and reconciliation of approved access versus actual access to critical infrastructure.
McNeely said popular cloud-based apps such as Office 365 and Salesforce can be controlled by IT, and the ID management platform supports single sign-on.
Centrify is able to reconcile approved and actual access to make sure users that are accessing systems and apps are actually the ones that have been given the privilege in the first place. McNeely said it is designed to integrate with Active Directory.
IT can also grant temporary, time-bound privileged access to on-premises and cloud-based infrastructure to minimize attack opportunities and reduce risk, and eliminate the habit of letting one user leverage another’s access on the fly, said McNeely. “This eliminates privilege creep, where users gain multiple access over time.”
He said a lot of the focus around authentication of users assumes malicious people are on the network. “We’ve been telling customers that identify is the new perimeter.”