BALANCING SECURITY AND PRIVACY THROUGH THE … · • Protect access to company’s web-based...

9/23/2018

1

© 2018 Centrify Corporations. All Rights Reserved. 1www.centrify.com

BALANCING SECURITY AND PRIVACY THROUGH THE POWER OF NEXT-GEN ACCESS

Presented byDr. Torsten George, Cyber Security Evangelist, Centrify

© 2018 Centrify Corporations. All Rights Reserved. 2

YET 66% OF COMPANIES ARE STILL BREACHED

ESTIMATED WORLDWIDE SPENT ON IT SECURITY IN 2018

TODAY’S SECURITY IS NOT SECURE

And worse, they’re breached on average five or more times

Press Release, Leading Analyst Firm, August 2018; Stop the Breach Report, Forrester, January 2017

9/23/2018

2


DATA BREACH STATISTICSData Records Compromised in 2017

Data Records Are Lost or Stolen at the Following Frequency

44

THE STATE OF PRIVACY

76%

22%

2%

Personal

Corporate

Other

Type of Compromised Data Threat Actor Motives

9/23/2018

3


90enterprises using cloud

enterprises cloud apps

mobile devices

IoT devices

THINGS ARE NOT GETTING EASIER…


Post-mortem analysis shows that

IDENTITYIS THE TOP ATTACK VECTOR

breaches involve weak, default or stolen passwords

breaches involve privileged credential misuse

A REALITY CHECK

9/23/2018

4

7

THIS NEW THREATSCAPEREQUIRES ZERO TRUST SECURITY


Zero Trust Security assumes that untrusted actors already exists both inside and outside the network.

Trust must therefore be entirely removed from the equation.

9/23/2018

5

99

NEVER TRUST, ALWAYS VERIFY

Connecting from a particular network must not determine which services you can access. Access to services is granted based on: BEYONDCORP

what we know about you

what we know about your device

All access to services must be authorized

CORE PRINCIPLES OF ZERO TRUST

10

BALANCING SECURITY AND PRIVACY THROUGH THE POWER OF NEXT-GEN ACCESS

9/23/2018

6

1111

INHIBITORS

FragmentedIAM Tools

Too Intrusive and Cumbersome

Static Rules

+ +

12© 2018 Centrify Corporations. All Rights Reserved.

SECURES ACCESS TO APPS

FOR ALL VERIFIED USERS

End User

Privileged User

Outsourced IT

Customer or Partner

FROM TRUSTED ENDPOINTS

SECURES ACCESS TO INFRASTRUCTURE

Cloud (IAAS & PAAS)

Applications

Data Center Servers Big Data

Network Devices

THE ANSWER:

NEXT-GEN ACCESS

9/23/2018

7

13

THE FOUR PILLARS OF ZERO TRUST SECURITY

VERIFYTHE USER

VALIDATE THEIR DEVICE

LIMIT ACCESS & PRIVILEGE

LEARN & ADAPT

@2018 Centrify Corporation. All Rights Reserved.14

HOW DOES THIS WORK IN DAY-TO-DAY OPERATIONS

9/23/2018

8


A SUCCESS STORY SHARED

QT Ultrasound is a privately held technology company engaged in the research, development, and commercialization of an innovative automated breast imaging system, producing high-resolution transmission ultrasound images.

Challenges

• Improve security posture

• Strengthen compliance to HIPAA regulations

Solution

• Protect critical company information via Privileged Access Management and Multi-factor Authentication

• Protect access to company’s web-based applications via Single Sign-On

Centrify Press Release, QT Ultrasound Chooses Centrify to Strengthen HIPAA Compliance, July 16, 2018


Challenge for MFA Block AccessSSO to App

Authorized Device

Security Posture

Approved Location

Authorized Device

Security Posture

Authorized Device

Security Posture

Blocked LocationUnknown Location

SCENARIO #1: STEP-UP AUTHENTICATION

9/23/2018

9


SCENARIOR #2: RISK-BASED ACCESS CONTROL

Risk-based Login PolicyRisk-based Privilege

Elevation Policy

Adaptive policy that balances security and user experience

18© 2018 Centrify Corporations. All Rights Reserved.

SCENARIO #3: REAL-TIME ALERTING AND RESPONSE

Investigate Anomalies Detected

Slack Alert to Remediate

Real-time detection and response to anomalies

9/23/2018

10

1919

FEWER BREACHES IN COST SAVINGSLESS ON TECHNOLOGY COSTS

FORRESTER FINDS IMPLEMENTING IDENTITY BEST PRACTICES RESULTS IN


THANK YOUVisit us at booth #16

@torsten_george

@Centrify

#ZeroTrust

BALANCING SECURITY AND PRIVACY THROUGH THE … · • Protect access to company’s web-based...

Documents

Transcript of BALANCING SECURITY AND PRIVACY THROUGH THE … · • Protect access to company’s web-based...