Centrify Releases Privileged Access Service 20.4
August 31, 2020

Centrify added additional modern Privileged Access Management (PAM) integration capabilities enabling DevSecOps with new Secure Shell (SSH) key management features included in the 20.4 release of Centrify Privileged Access Service.

By going beyond traditional application-to-application password management (AAPM) approaches, Centrify offers a broad range of capabilities that keep privileged access controls and security out of the way for developers, machines, and administrators.

An ongoing challenge for DevOps is seamlessly inserting PAM into the pipeline to simplify and centralize credential management. With standard AAPM this is complicated to deploy and requires a lot of manual administration. Standard AAPM approaches have leveraged the password vault for PAM, relying on IDs and static passwords to authenticate applications and services to other workloads. Some organizations prefer to use SSH keys, since they’re harder to crack and there’s no password crossing the wire.

Centrify Privileged Access Service 20.4 has extended SSH key vaulting capabilities beyond key storage and log in to now support SSH key management (inclusive of key rotation), setting policies for SSH key rotation, and leveraging an account that has an SSH key for system and account discovery operations.

“SSH keys are a step up in security posture from simple vaulting of shared, static passwords for AAPM because they can meet the most stringent governance and compliance standards while increasing agility and productivity,” said Tony Goulding, Cybersecurity Evangelist at Centrify. “However, those SSH keys still need to be managed by a set of policies, and rotated to ensure they are dynamic. These new capabilities all feed into our vision for a more modern approach to AAPM, which progressively reduces the number of service accounts and shrinks the attack surface.”

The breadth of Centrify’s platform gives DevOps teams several choices based on specific context, their maturity, and their risk tolerance. For example, while SSH keys offer a familiar solution that transcends simple password vaulting, they both still require rotation as a best practice. A more mature AAPM approach may be to use ephemeral tokens, created automatically on-demand, that are temporary, time-based, and have automatic or one-time-use expirations. This approach frees up DevOps from manual administration, application availability issues related to out-of-sync passwords, and empowers a “Just-in-Time" access control model.

Ultimately, Centrify’s vision calls for flexibility to transcend standard AAPM models and offer the right credential for the right use case, including a new approach that uses both ephemeral tokens and a trusted machine identity. Centrify Delegated Machine Credentials eliminate the requirement for hundreds or thousands of additional service accounts.

“Organizations may be at any point of maturity in both their PAM and DevOps journeys, but the good news is that a range of options are now available to build PAM into the DevOps pipeline,” Goulding continued.

Share this

Industry News

June 20, 2024

Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).

June 20, 2024

SUSE® announced new capabilities across its Linux, cloud native, and edge portfolio of enterprise infrastructure solutions to help unlock the infinite potential of open source in enterprises.

June 20, 2024

Redgate Software announced the acquisition of DB-Engines, an independent source of objective data in the database management systems market.

June 18, 2024

Parasoft has achieved "Awardable" status through the Chief Digital and Artificial Intelligence Office's (CDAO) Tradewinds Solutions Marketplace.

June 18, 2024

SmartBear launched two innovations that fundamentally change how both API and functional tests are performed, integrating SmartBear HaloAI, trusted AI-driven technology, and marking a significant step forward in the company's AI strategy.

June 18, 2024

Datadog announced the general availability of Datadog App Builder, a low-code development tool that helps teams rapidly create self-service applications and integrate them securely into their monitoring stacks.

June 17, 2024

Netlify announced a new Adobe Experience Manager integration to ease the transition from legacy web architecture to composable architecture.

June 17, 2024

Gearset announced a suite of new features to expand the capabilities of its comprehensive Salesforce DevOps platform.

June 17, 2024

Cequence announced a new partnership with Singularity Tech, an Australia-based professional services company with expertise in APIs and DevOps.

June 13, 2024

Elastic announced a partner integration package with LangChain that will simplify the import of vector database and retrieval capabilities of Elasticsearch into LangChain applications.

June 13, 2024

Fastly announced the launch of Fastly AI Accelerator, the company’s first AI solution designed to create a better experience for developers by helping improve performance and reduce costs across the use of similar prompts for large language models (LLM) apps.

June 13, 2024

Shreds.AI, ant AI capable of generating complex, business-grade software from simple descriptions in record time, announced its formal beta launch.

June 12, 2024

GitLab announced the public beta of expanded integrations with Google Cloud that will help developers work more effectively, quickly, and productively.

June 12, 2024

Pulumi announced Pulumi Copilot, AI for general cloud infrastructure management.

June 12, 2024

Harness completed the acquisition of Split Software, a feature management and experimentation provider, effective June 11, 2024.