Centrify is enabling digital transformation at scale, modernizing how organizations secure privileged access across hybrid and multi-cloud environments by enforcing identity-centric Privileged Access Management (PAM) based on Zero Trust principles. In the context of PAM, Zero Trust requires establishing a root of trust, and then granting least privilege access based on verifying who is requesting access, the context of the request, as well as the risk of the access environment.

By implementing identity-centric PAM, organizations minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world's largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches — privileged credential abuse.

Centrify is FedRAMP Authorized.

For more information, visit: https://www.centrify.com/​.

Privileged Access Service

  • Cloud-ready Zero Trust Privilege is designed to handle the rudimentary use case of privileged access management (PAM), which lies in granting access to privileged user accounts via a shared account, password or applications password and secrets vault, as well as securing remote access. Centrify Privileged Access Service allows for all the above as well as secure administrative access via jump box, workflow-driven access requests and approvals as well as multi-factor-authentication (MFA) at the vault.

Authentication Service

  • Cloud-ready Zero Trust Privilege is designed to handle requesters that are not only human but also machines, services and APIs. There will still be shared accounts, but for increased assurance, best practices now recommend individual identities, not shared accounts, where least privilege can be applied. Centrify Authentication Service allows properly verifying who requests privileged access. This can be achieved by leveraging enterprise directory identities, eliminating local accounts and decreasing the overall number of accounts and passwords, therefore reducing the attack surface.

Privilege Elevation Service

  • Centrify Privilege Elevation Service minimizes the risk exposure to cyber-attacks caused by individuals with too much privilege. The service allows customers to implement just enough, just-in-time privileged access best practices and in turn limiting potential damage from security breaches.

Audit and Monitoring Service

  • For privileged sessions it is best practice to audit everything. With a documented record of all actions performed it not only can be used in forensic analysis to find exactly the issue and attribute it to a specific user and session. Because these sessions are so critical it is also best practice to keep a video recording of the session that can be reviewed or used as evidence for your most critical assets or in highly regulated industries. With the Centrify Audit and Monitoring Service monitoring and session recording can be achieved through either a gateway-based and/or host-based technique. Advanced monitoring capabilities even allow for process launch and file integrity monitoring.
Contract Name Contract Number Sector State
CIO-CS HHSN316201500012W Federal
SEWP V Group A: NNG15SC07B; Group D: NNG15SC98B Federal
State of California Multiple Award Schedule (CMAS) 3-16-70-1047B State California
State of Texas DIR Multi-Vendor Cloud IDIQ DIR-TSO-4054 State Texas

Cloud-ready Zero Trust Privilege is designed to handle the rudimentary use case of privileged access management (PAM), which lies in granting access to privileged user accounts via a shared account, password or applications password and secrets vault, as well as securing remote access. Centrify Privileged Access Service allows for all the above as well as secure administrative access via jump box, workflow-driven access requests and approvals as well as multi-factor-authentication (MFA) at the vault.

  • Shared Account & Password Vault: Secure and manage super user and application accounts on servers and network devices, both on-premises and in the cloud. Provide security for the modern enterprise where IT is increasingly outside the firewall with a secure service that is faster to implement and delivers quicker ROI.
  • Application Passwords & Secrets Vault: Store and manage secrets (e.g., IP addresses, API keys, SSH credentials, AWS IAM credentials) and enable secure communication between applications, containers and microservices.
  • Credential Management: Secure, auto rotate after checkout and control access to passwords, SSH keys and privileged credentials based on policy to prevent cyberattacks and meet audit and compliance requirements.
  • Secure Remote Access: Provide remote admins, outsourced IT and third-party vendors with secure access to the specific infrastructure they manage — on-premises and in the cloud. Risk-aware MFA combined with VPN-less access and flexible deployment models deliver the security your hybrid IT environment demands.
  • Secure Administrative Access via Jump Box: When accessing privileged resources, it is vital that we do not introduce infections during our connection. To achieve this, we need to make sure access is only achieved through a clean source. Access should only be achieved through approved Privilege Admin Consoles, which can include web-based, native client or thick client access to sensitive systems via a locked down and clean Server Gateway that serves as a distributed local jump box.
  • Access Request and Approval Workflow: Minimize your attack surface by eliminating static and long-lived privilege grants. Govern temporary access to roles that grant privilege, shared account credentials and remote sessions with self-service access request and multi-level approvals. Capture who approved access and reconcile approved access with actual access.
  • MFA at Vault: So that we are always verifying the "who," we must apply multi-factor authentication (MFA) everywhere. This applies during vault login and upon password checkout, or remote session initiation…anytime there is a new request and we must know with certainty who is on the other end before granting access.

Contact DLT to learn more.