Centrify Releases Privileged Access Service 20.4
August 31, 2020

Centrify added additional modern Privileged Access Management (PAM) integration capabilities enabling DevSecOps with new Secure Shell (SSH) key management features included in the 20.4 release of Centrify Privileged Access Service.

By going beyond traditional application-to-application password management (AAPM) approaches, Centrify offers a broad range of capabilities that keep privileged access controls and security out of the way for developers, machines, and administrators.

An ongoing challenge for DevOps is seamlessly inserting PAM into the pipeline to simplify and centralize credential management. With standard AAPM this is complicated to deploy and requires a lot of manual administration. Standard AAPM approaches have leveraged the password vault for PAM, relying on IDs and static passwords to authenticate applications and services to other workloads. Some organizations prefer to use SSH keys, since they’re harder to crack and there’s no password crossing the wire.

Centrify Privileged Access Service 20.4 has extended SSH key vaulting capabilities beyond key storage and log in to now support SSH key management (inclusive of key rotation), setting policies for SSH key rotation, and leveraging an account that has an SSH key for system and account discovery operations.

“SSH keys are a step up in security posture from simple vaulting of shared, static passwords for AAPM because they can meet the most stringent governance and compliance standards while increasing agility and productivity,” said Tony Goulding, Cybersecurity Evangelist at Centrify. “However, those SSH keys still need to be managed by a set of policies, and rotated to ensure they are dynamic. These new capabilities all feed into our vision for a more modern approach to AAPM, which progressively reduces the number of service accounts and shrinks the attack surface.”

The breadth of Centrify’s platform gives DevOps teams several choices based on specific context, their maturity, and their risk tolerance. For example, while SSH keys offer a familiar solution that transcends simple password vaulting, they both still require rotation as a best practice. A more mature AAPM approach may be to use ephemeral tokens, created automatically on-demand, that are temporary, time-based, and have automatic or one-time-use expirations. This approach frees up DevOps from manual administration, application availability issues related to out-of-sync passwords, and empowers a “Just-in-Time" access control model.

Ultimately, Centrify’s vision calls for flexibility to transcend standard AAPM models and offer the right credential for the right use case, including a new approach that uses both ephemeral tokens and a trusted machine identity. Centrify Delegated Machine Credentials eliminate the requirement for hundreds or thousands of additional service accounts.

“Organizations may be at any point of maturity in both their PAM and DevOps journeys, but the good news is that a range of options are now available to build PAM into the DevOps pipeline,” Goulding continued.

Share this

Industry News

September 17, 2020

env0, a developer of Infrastructure-as-Code (IaC) management software, announced the availability of its new open source solution for Terraform users, Terratag.

September 17, 2020

Push Technology announced a partnership with Innova Solutions, an ACS Solutions company, specializing in global information technology services.

September 17, 2020

Alcide achieved the AWS Outposts Ready designation, part of the Amazon Web Services (AWS) Service Ready Program.

September 16, 2020

Portshift announced serverless container security support for AWS Fargate.

September 16, 2020

Sonatype and NeuVector announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place.

September 16, 2020

Pure Storage entered into a definitive agreement to acquire Portworx, a Kubernetes data services platform enterprises trust to run mission-critical applications in containers in production.

September 15, 2020

OutSystems announced a series of new tools and capabilities that will empower organizations of all sizes to build applications quickly, build them right, and build them for the future.

September 15, 2020

VMware unveiled new offerings to help customers further accelerate their app and infrastructure modernization initiatives. VMware vSphere 7 Update 1, VMware vSAN 7 Update 1 and VMware Cloud Foundation 4.1 product releases streamline customer adoption of Kubernetes and support stateful applications with new developer-ready capabilities and enhance scalability and operations with new features.

September 15, 2020

Oracle announced the general availability of Java 15 (Oracle JDK 15).

September 14, 2020

Actifio announced a global alliance with Persistent Systems, a global solutions company with deep technology expertise, to help enterprises with data stack modernization and acceleration of digital transformation initiatives.

September 14, 2020

Perforce Software announced the release of the Helix TeamHub Command-Line Client (hth-cli).

September 14, 2020

StackRox secured an additional $26.5 million in funding.

September 10, 2020

JourneyApps announced the official launch of its OXIDE Integrated Development Environment (IDE) which ushers in a new paradigm of building, deploying and managing secure and powerful business applications.

September 10, 2020

Solo.io announced the WebAssembly OCI Image Specification, which defines a standard format for bundling and storing a Wasm module and its metadata as an OCI (Open Container Initiative) image in order to facilitate interoperability across different solutions.

September 10, 2020

Flexential announced new dedicated Hosted Private Cloud - vCenter Access capabilities that enable organizations to use industry-leading third-party tools to manage workloads and data protection requirements on a single, consolidated cloud platform.