Centrify Releases Privileged Access Service 20.4
August 31, 2020

Centrify added additional modern Privileged Access Management (PAM) integration capabilities enabling DevSecOps with new Secure Shell (SSH) key management features included in the 20.4 release of Centrify Privileged Access Service.

By going beyond traditional application-to-application password management (AAPM) approaches, Centrify offers a broad range of capabilities that keep privileged access controls and security out of the way for developers, machines, and administrators.

An ongoing challenge for DevOps is seamlessly inserting PAM into the pipeline to simplify and centralize credential management. With standard AAPM this is complicated to deploy and requires a lot of manual administration. Standard AAPM approaches have leveraged the password vault for PAM, relying on IDs and static passwords to authenticate applications and services to other workloads. Some organizations prefer to use SSH keys, since they’re harder to crack and there’s no password crossing the wire.

Centrify Privileged Access Service 20.4 has extended SSH key vaulting capabilities beyond key storage and log in to now support SSH key management (inclusive of key rotation), setting policies for SSH key rotation, and leveraging an account that has an SSH key for system and account discovery operations.

“SSH keys are a step up in security posture from simple vaulting of shared, static passwords for AAPM because they can meet the most stringent governance and compliance standards while increasing agility and productivity,” said Tony Goulding, Cybersecurity Evangelist at Centrify. “However, those SSH keys still need to be managed by a set of policies, and rotated to ensure they are dynamic. These new capabilities all feed into our vision for a more modern approach to AAPM, which progressively reduces the number of service accounts and shrinks the attack surface.”

The breadth of Centrify’s platform gives DevOps teams several choices based on specific context, their maturity, and their risk tolerance. For example, while SSH keys offer a familiar solution that transcends simple password vaulting, they both still require rotation as a best practice. A more mature AAPM approach may be to use ephemeral tokens, created automatically on-demand, that are temporary, time-based, and have automatic or one-time-use expirations. This approach frees up DevOps from manual administration, application availability issues related to out-of-sync passwords, and empowers a “Just-in-Time" access control model.

Ultimately, Centrify’s vision calls for flexibility to transcend standard AAPM models and offer the right credential for the right use case, including a new approach that uses both ephemeral tokens and a trusted machine identity. Centrify Delegated Machine Credentials eliminate the requirement for hundreds or thousands of additional service accounts.

“Organizations may be at any point of maturity in both their PAM and DevOps journeys, but the good news is that a range of options are now available to build PAM into the DevOps pipeline,” Goulding continued.

Share this

Industry News

December 02, 2021

Mirantis announced DevOpsCare, powered by Lens, a vendor-agnostic, fully-managed CI/CD (continuous integration/continuous deployment) product for any Kubernetes environment, offering developers higher levels of productivity more quickly.

December 02, 2021

The D2iQ Kubernetes Platform (DKP) is now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services, Inc. (AWS).

December 01, 2021

Bugcrowd announced the availability of Bugcrowd's cybersecurity solutions on the AWS Marketplace, providing customers with easy access, simplified billing, quick deployment, and streamlined license management.

December 01, 2021

Kublr received Microsoft Azure Arc-enabled Kubernetes validation, including for Azure Arc-enabled Kubernetes for Data Services.

December 01, 2021

CloudSphere achieved Amazon Web Services (AWS) Migration and Modernization Competency for discovering, planning, and helping enterprise customers move business services to AWS to reduce cost, increase agility and improve security.

November 30, 2021

JFrog introduced a new container registry and package manager for running JFrog Artifactory with Kubernetes clusters on-premises, in the cloud, or both.

November 30, 2021

Docker announced the availability of Docker Official Images directly from Amazon Web Services (AWS).

November 30, 2021

Weaveworks announced the general availability of Weave GitOps Enterprise, a GitOps platform that automates continuous application delivery and Kubernetes operations at any scale.

November 30, 2021

Amazon Web Services announced AWS Mainframe Modernization, a new service that makes it faster and easier for customers to migrate mainframe and legacy workloads to the cloud, and enjoy the superior agility, elasticity, and cost savings of AWS.

November 29, 2021

Quali announced the newest release of Torque Enterprise, which includes enhanced integration with Terraform, new custom tagging capabilities, and improved cost visibility dashboards, unleashing an entirely new level of self-service access to application environments on demand.

November 29, 2021

Vertical Relevance (VR), a financial services-focused consulting firm, achieved Amazon Web Services (AWS) DevOps Competency status.

November 18, 2021

Loft Labs announced the launch of Loft version 2 with a focus on ease of use that overcomes the major complaint that Kubernetes is complex and hard to set up.

November 18, 2021

Perforce Software announced new functionality to speed remediation of discovered defects in automated scans.

November 18, 2021

Lacework raised $1.3 billion in growth funding at a valuation of $8.3 billion.

November 17, 2021

Parasoft announced the 2021.2 release of Parasoft C/C++test, the unified C and C++ development testing solution for embedded applications.