BALANCING SECURITY AND PRIVACY THROUGH THE … · • Protect access to company’s web-based...
Transcript of BALANCING SECURITY AND PRIVACY THROUGH THE … · • Protect access to company’s web-based...
9/23/2018
1
© 2018 Centrify Corporations. All Rights Reserved. 1www.centrify.com
BALANCING SECURITY AND PRIVACY THROUGH THE POWER OF NEXT-GEN ACCESS
Presented byDr. Torsten George, Cyber Security Evangelist, Centrify
© 2018 Centrify Corporations. All Rights Reserved. 2
YET 66% OF COMPANIES ARE STILL BREACHED
ESTIMATED WORLDWIDE SPENT ON IT SECURITY IN 2018
TODAY’S SECURITY IS NOT SECURE
And worse, they’re breached on average five or more times
Press Release, Leading Analyst Firm, August 2018; Stop the Breach Report, Forrester, January 2017
9/23/2018
2
© 2018 Centrify Corporations. All Rights Reserved. 3
DATA BREACH STATISTICSData Records Compromised in 2017
Data Records Are Lost or Stolen at the Following Frequency
44
THE STATE OF PRIVACY
76%
22%
2%
Personal
Corporate
Other
Type of Compromised Data Threat Actor Motives
9/23/2018
3
© 2018 Centrify Corporations. All Rights Reserved. 5
90enterprises using cloud
enterprises cloud apps
mobile devices
IoT devices
THINGS ARE NOT GETTING EASIER…
© 2018 Centrify Corporations. All Rights Reserved. 6
Post-mortem analysis shows that
IDENTITYIS THE TOP ATTACK VECTOR
breaches involve weak, default or stolen passwords
breaches involve privileged credential misuse
A REALITY CHECK
9/23/2018
4
7
THIS NEW THREATSCAPEREQUIRES ZERO TRUST SECURITY
© 2018 Centrify Corporations. All Rights Reserved. 8
Zero Trust Security assumes that untrusted actors already exists both inside and outside the network.
Trust must therefore be entirely removed from the equation.
9/23/2018
5
99
NEVER TRUST, ALWAYS VERIFY
Connecting from a particular network must not determine which services you can access. Access to services is granted based on: BEYONDCORP
what we know about you
what we know about your device
All access to services must be authorized
CORE PRINCIPLES OF ZERO TRUST
10
BALANCING SECURITY AND PRIVACY THROUGH THE POWER OF NEXT-GEN ACCESS
9/23/2018
6
1111
INHIBITORS
FragmentedIAM Tools
Too Intrusive and Cumbersome
Static Rules
+ +
12© 2018 Centrify Corporations. All Rights Reserved.
SECURES ACCESS TO APPS
FOR ALL VERIFIED USERS
End User
Privileged User
Outsourced IT
Customer or Partner
FROM TRUSTED ENDPOINTS
SECURES ACCESS TO INFRASTRUCTURE
Cloud (IAAS & PAAS)
Applications
Data Center Servers Big Data
Network Devices
THE ANSWER:
NEXT-GEN ACCESS
9/23/2018
7
13
THE FOUR PILLARS OF ZERO TRUST SECURITY
VERIFYTHE USER
VALIDATE THEIR DEVICE
LIMIT ACCESS & PRIVILEGE
LEARN & ADAPT
@2018 Centrify Corporation. All Rights Reserved.14
HOW DOES THIS WORK IN DAY-TO-DAY OPERATIONS
9/23/2018
8
@2018 Centrify Corporation. All Rights Reserved.15
A SUCCESS STORY SHARED
QT Ultrasound is a privately held technology company engaged in the research, development, and commercialization of an innovative automated breast imaging system, producing high-resolution transmission ultrasound images.
Challenges
• Improve security posture
• Strengthen compliance to HIPAA regulations
Solution
• Protect critical company information via Privileged Access Management and Multi-factor Authentication
• Protect access to company’s web-based applications via Single Sign-On
Centrify Press Release, QT Ultrasound Chooses Centrify to Strengthen HIPAA Compliance, July 16, 2018
@2018 Centrify Corporation. All Rights Reserved.16
Challenge for MFA Block AccessSSO to App
Authorized Device
Security Posture
Approved Location
Authorized Device
Security Posture
Authorized Device
Security Posture
Blocked LocationUnknown Location
SCENARIO #1: STEP-UP AUTHENTICATION
9/23/2018
9
@2018 Centrify Corporation. All Rights Reserved.17
SCENARIOR #2: RISK-BASED ACCESS CONTROL
Risk-based Login PolicyRisk-based Privilege
Elevation Policy
Adaptive policy that balances security and user experience
18© 2018 Centrify Corporations. All Rights Reserved.
SCENARIO #3: REAL-TIME ALERTING AND RESPONSE
Investigate Anomalies Detected
Slack Alert to Remediate
Real-time detection and response to anomalies
9/23/2018
10
1919
FEWER BREACHES IN COST SAVINGSLESS ON TECHNOLOGY COSTS
FORRESTER FINDS IMPLEMENTING IDENTITY BEST PRACTICES RESULTS IN
© 2018 Centrify Corporations. All Rights Reserved. 20
THANK YOUVisit us at booth #16
@torsten_george
@Centrify
#ZeroTrust