Centrify Brings Zero Trust to DevOps
April 2018 by Marc Jacob
Centrify announced it is extending its Zero Trust Security platform to DevOps environments. Centrify customers can now reduce their exposure to common security threats in their application development pipelines without compromising security, velocity, or scalability by leveraging Centrify Next-Gen Access.
The introduction of microservices, container-based architectures, and DevOps practices have led to a revolution in software development. However, as companies adopt these new technologies, tools, and methodologies, access management becomes increasingly complex. Security and operations teams must manage and audit permissions and credentials for a growing number of user and system accounts. Compounding the issue is that traditional methods of securing developer environments involve manual interventions and restrictive controls that significantly restrict the agility of development and operations.
Centrify Zero Trust Security enables customers to scale adoption of secure DevOps by simplifying the integration of security into application development pipelines. This Zero Trust approach presumes that users, applications, and endpoints are not trustworthy and must be verified at every point of access so that security of the development pipeline is not compromised.
Centrify’s Next-Gen Access portfolio now enables:
* Centralised management of Docker groups within Active Directory.
A Docker group is a permission group that allows non-privileged users to execute Docker commands. Previously, non-root users had to be manually added to local Docker group on each container host. With the Centrify platform, customers can create a single Docker group in their Active Directory to grant non-root users the ability to create, modify, or delete container resources across container hosts. For fine-grained control over Docker command execution, customers can use Centrify’s Privilege Elevation service and grant users in a specific role the ability to execute specific Docker commands.
* Centralised management of access rights and privileges for CoreOS Container Linux.
CoreOS Container Linux is a lightweight container-optimised operating system with pre-configured Docker Engine. Previously, customers needed to rely on shared root accounts or local administrator accounts to manage access to their container infrastructure. With the Centrify platform, customers can leverage Active Directory to control access to their container hosts running CoreOS Container Linux and further secure user access with Multi-Factor Authentication (MFA) and Privilege Elevation services.
* Access management for containerised applications.
Centrify’s platform enables containerised applications to securely access other network resources by leveraging SAML or OAuth, and provides granular access controls to containers independent of the access to container hosts. With the Centrify platform, customers can protect access to containers and container hosts with MFA, and securely store account passwords or secrets such as configuration strings, encryption keys, and SSH keys in the Centrify Privileged Access Service.
The Centrify Zero Trust Security platform can now also be used to seamlessly authenticate to HashiCorp Vault, a tool for securely storing and accessing secrets. Centrify’s authentication method grants users temporary access to Vault, eliminating long-lived credentials that can be compromised through malware attacks. With Centrify, user and service accounts can access Vault by authenticating against any connected directory source including Active Directory, LDAP, Google Directory, or the Centrify Cloud Directory. The Centrify Zero Trust Security platform authenticates users to HashiCorp Vault with their enterprise credentials, whether it is deployed on-premises, in a DMZ, or in the AWS cloud.