Centrify secures threats created by outsourced IT support and development credentials

Outsourcing IT to a third party is nothing new, but nowadays, there’s so many places for it to be outsourced to that it often requires authentication, and ergo, security.

To address this distribution of IT access, Centrify has updated its Privileged Identity Management offering to support federated privileged access across an organization’s entire security ecosystem, including secure outsourcing of IT and application development. The update includes new features such as application-to-application password management (AAPM) and multi-factor authentication (MFA) for servers.

According to a Forrester Consulting study — commissioned last month by the company — 100 per cent of organizations surveyed are outsourcing at least one IT function and at least one application development function; research firm Gartner has also forecast that IT outsourcing will be a $335 billion industry by 2019. “Almost every one of our customers outsources something,” said David McNeely, Centrify’s vice-president of product strategy.

He said that as more and more enterprises outsource IT, vendors need authentication to access systems and applications they are supporting and troubleshooting; often security breaches are caused when credentials for third party access are compromised. “A lot of organizations are outsourcing support and app development. It represents a new problem that IT needs to understand.”

McNeely said traditional privileged identity management requires organizations to create and manage identities for outsourced IT administrators within their internal environment and grant VPN access, but this increases risk as the number of privileged accounts disconnected from an authoritative identity provider grows and more laptops establish VPN connections to internal networks. This means more potential attack points for hackers, noting the high profile Home Depot breach was the result of third party credentials being compromised.

Under Centrify’s approach, the outsourcing service retains management of their employee identities, and the customer organization uses Centrify to grant web-based access and privilege for systems and applications. Privileged access is governed through request and approval workflows, monitoring with optional termination of privileged sessions and reconciliation of approved access versus actual access to critical infrastructure.

McNeely said popular cloud-based apps such as Office 365 and Salesforce can be controlled by IT, and the ID management platform supports single sign-on.

Centrify is able to reconcile approved and actual access to make sure users that are accessing systems and apps are actually the ones that have been given the privilege in the first place. McNeely said it is designed to integrate with Active Directory.

IT can also grant temporary, time-bound privileged access to on-premises and cloud-based infrastructure to minimize attack opportunities and reduce risk, and eliminate the habit of letting one user leverage another’s access on the fly, said McNeely. “This eliminates privilege creep, where users gain multiple access over time.”

He said a lot of the focus around authentication of users assumes malicious people are on the network. “We’ve been telling customers that identify is the new perimeter.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Gary Hilson
Gary Hilson
Gary Hilson is a Toronto-based freelance writer who has written thousands of words for print and pixel in publications across North America. His areas of interest and expertise include software, enterprise and networking technology, memory systems, green energy, sustainable transportation, and research and education. His articles have been published by EE Times, SolarEnergy.Net, Network Computing, InformationWeek, Computing Canada, Computer Dealer News, Toronto Business Times and the Ottawa Citizen, among others.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now