CENTRIFY AND SAILPOINT:
ZERO TOLERANCE FOR
PRIVILEGED ACCESS ABUSE
©2019 Centrify Corporation. All Rights Reserved.
1
www.centrify.com
Today’s Security Is Not Secure
$137B
66%
EXPECTED SPENT
ON IT SECURITY IN 2019
YET 66% OF COMPANIES
ARE STILL BREACHED
And worse, they’re breached
on average five or more times
©2019 Centrify Corporation. All Rights Reserved.
2
Today’s Realities
AN EXPANDED ENTERPRISE ATTACK SURFACE
90%
81%
53%
use the Cloud
adopted DevOps
use Big Data
59%
plan or already use
Containers in production
PRIVILEGE ABUSE IS THE LEADING CAUSE OF DATA BREACH
80%
©2019 Centrify Corporation. All Rights Reserved.
breaches involve privileged
credential misuse
Private vs. Public vs. Hybrid Cloud, Logicworks, March 2015; 2017 Big Data Analytics Market Study, Dresner Advisory Services, December 2017;
2016 DevOps Trends Report, RightScale; 2018 Container Adoption
Benchmark Study, Diamanti; Forrester Wave™: Privileged Identity Management, Q3 2016
3
Exposing You to Imminent Risk
It takes only
©2019 Centrify Corporation. All Rights Reserved.
1
compromised privileged credential
to impact
Millions
4
Legacy PAM is Not Enough
for the Expanded Threatscape
©2019 Centrify Corporation. All Rights Reserved.
5
From Legacy PAM to
Cloud-Ready Zero Trust Privilege
Cloud-Ready Zero Trust Privilege
Legacy PAM
ATTACK SURFACE
INFRASTRUCTURE
ACCESS REQUESTER
ACCOUNTABILITY LEVEL
CONTROL POSTURE
AUTHENTICATION STRENGTH
ECOSYSTEM
©2019 Centrify Corporation. All Rights Reserved.
DATABASES
NETWORK DEVICES
CLOUD
BIG DATA
DEVOPS
CONTAINERS
Humans
Humans, Machines, Services, & APIs
Shared Accounts
Shared Accounts & Individual Identities
Static Policy
Dynamic & Risk Aware (AI)
Passwords
MFA Everywhere
Servers
Servers, IaaS, DevOps, Containers
6
Zero Trust Privilege Approach
ADAPTIVE CONTROL
VERIFY WHO
CONTEXTUALIZE
REQUEST
SECURE ADMIN
ENVIRONMENT
AUDIT EVERYTHING
©2019 Centrify Corporation. All Rights Reserved.
7
GRANT LEAST
PRIVILEGE
Avoid Identity Silos
Identity Governance &
Administration
Privileged Access Management
Silo 1
©2019 Centrify Corporation. All Rights Reserved.
Silo 2
8
•
Lack of centralized visibility
•
Loss of productivity
•
Potential security gaps
•
Lacks consistent governance, provisioning,
and authorization process
Reduce Risk by Combining
Privileged Access with Identity
Governance
©2019 Centrify Corporation. All Rights Reserved.
9
Better Together
Privileged Access Controls
and Identity Governance and Administration
+
©2019 Centrify Corporation. All Rights Reserved.
10
Centrify and SailPoint: Two Industry Leaders
©2019 Centrify Corporation. All Rights Reserved.
11
Combining Privileged Access and Identity Governance
CENTRIFY ZERO TRUST PRIVILEGE SERVICES
SailPoint IdentityIQ
Privileged Account
Management Module
(SCIM PAM API)
Privileged Access
Service
Authentication
Service
Privilege Elevation
Service
Audit & Monitoring
Service
SHARED ACCOUNT &
PASSWORD VAULT
MULTI-DIRECTORY
BROKERING
PRIVILEGE ELEVATION
SESSION RECORDING &
AUDITING
APPLICATION PASSWORDS &
SECRETS VAULT
ACTIVE DIRECTORY BRIDGING
DELEGATED PRIVILEGE ROLE
& POLICY MANAGEMENT
MACHINE IDENTITY &
CREDENTIAL MANAGEMENT
TIME-BASED ROLE
ASSIGNMENT
LOCAL ACCOUNT & GROUP
MANAGEMENT
MFA AT PRIVILEGE ELEVATION
CREDENTIAL MANAGEMENT
SECURE REMOTE ACCESS
SECURE ADMINISTRATIVE
ACCESS
VIA JUMP BOX
CENTRIFY ZONE TECHNOLOGY
GROUP POLICY MANAGEMENT
ACCESS REQUEST &
APPROVAL WORKFLOW
MFA AT SYSTEM LOGIN
MFA AT VAULT
Privilege Threat Analytics Service
ADAPTIVE MULTI-FACTOR AUTHENTICATION
©2019 Centrify Corporation. All Rights Reserved.
12
USER BEHAVIOR ANALYTICS
GATEWAY SESSION
MONITORING & CONTROL
HOST-BASED SESSION
AUDITING, RECORDING &
REPORTING
Two Solutions. One View.
PROVISION SAILPOINT IDENTITYIQ USERS
TO CENTRIFY ROLES AND SETS
ATTESTATION AND REMEDIATION FOR CENTRIFY
ROLE MEMBERSHIP AND SETS PERMISSIONS
• Provision users from SailPoint IdentityIQ
• View the complete list of entitlements within
directly into Centrify Privileged Access Service
(PAS) ‘Roles’ and grant them permissions on
‘Sets’.
Centrify PAS for a given user and integrates
the information into the user's certification
process.
✓ Centrify ‘Roles’ define user rights for operations
within Centrify PAS, and access rights to
resources.
• History of a user's entitlements provisioning is
available from within SailPoint
IdentityIQ. Centrify PAS maintains its own
separate record of a user's entitlements, which
also includes any user entitlements
provisioned outside of SailPoint IdentityIQ.
✓ Centrify ‘Sets’ are collections of resources,
including systems and accounts.
• Provision user entitlements and permissions to
Centrify PAS from within SailPoint IdentityIQ.
©2019 Centrify Corporation. All Rights Reserved.
13
Centrify and SailPoint: Better Together
• Centralize provisioning, governance, and identity management processes,
including privileged users and their access entitlements.
• Gain transparency and control of privileged user access entitlements from
within SailPoint IdentityIQ.
• Identify risks and subsequently align privileged user entitlements.
• Increase operational efficiency in the context of attestation for compliance
purposes.
©2019 Centrify Corporation. All Rights Reserved.
14
CENTRIFY.COM
SAILPOINT.COM
Visit us online
Or contact your local representative today
©2019 Centrify Corporation. All Rights Reserved.
15
THANK YOU
©2019 Centrify Corporation. All Rights Reserved.
16