News
Centrify Brings Zero Trust to DevOps
April 2018 by Marc Jacob
Centrify announced it is extending its Zero Trust Security platform to DevOps
environments. Centrify customers can now reduce their exposure to common security
threats in their application development pipelines without compromising security,
velocity, or scalability by leveraging Centrify Next-Gen
Access.
The introduction of microservices, container-based architectures, and DevOps
practices have led to a revolution in software development. However, as companies
adopt these new technologies, tools, and methodologies, access management becomes
increasingly complex. Security and operations teams must manage and audit
permissions and credentials for a growing number of user and system accounts.
Compounding the issue is that traditional methods of securing developer environments
involve manual interventions and restrictive controls that significantly restrict
the agility of development and operations.
Centrify Zero Trust Security enables customers to scale adoption of secure DevOps by
simplifying the integration of security into application development pipelines. This
Zero Trust approach presumes that users, applications, and endpoints are not
trustworthy and must be verified at every point of access so that security of the
development pipeline is not compromised.
Centrify’s Next-Gen Access portfolio now enables:
* Centralised management of Docker groups within Active Directory.
A Docker group is a permission group that allows non-privileged users to execute
Docker commands. Previously, non-root users had to be manually added to local Docker
group on each container host. With the Centrify platform, customers can create a
single Docker group in their Active Directory to grant non-root users the ability to
create, modify, or delete container resources across container hosts. For
fine-grained control over Docker command execution, customers can use Centrify’s
Privilege Elevation service and grant users in a specific role the ability to
execute specific Docker commands.
* Centralised management of access rights and privileges for CoreOS Container
Linux.
CoreOS Container Linux is a lightweight container-optimised operating system with
pre-configured Docker Engine. Previously, customers needed to rely on shared root
accounts or local administrator accounts to manage access to their container
infrastructure. With the Centrify platform, customers can leverage Active Directory
to control access to their container hosts running CoreOS Container Linux and
further secure user access with Multi-Factor
Authentication
(MFA) and Privilege Elevation services.
* Access management for containerised applications.
Centrify’s platform enables containerised applications to securely access other
network resources by leveraging SAML or OAuth, and provides granular access controls
to containers independent of the access to container hosts. With the Centrify
platform, customers can protect access to containers and container hosts with MFA,
and securely store account passwords or secrets such as configuration strings,
encryption keys, and SSH keys in the Centrify Privileged Access Service.
The Centrify Zero Trust Security platform can now also be used to seamlessly
authenticate to HashiCorp Vault, a tool for securely storing and accessing secrets.
Centrify’s authentication method grants users temporary access to Vault, eliminating
long-lived credentials that can be compromised through malware attacks. With
Centrify, user and service accounts can access Vault by authenticating against any
connected directory source including Active Directory, LDAP, Google Directory, or
the Centrify Cloud Directory. The Centrify Zero Trust Security platform
authenticates users to HashiCorp Vault with their enterprise credentials, whether it
is deployed on-premises, in a DMZ, or in the AWS cloud.
