Connect with us

Top Stories

Centrify Brings Zero Trust to DevOps

Published

on

Centrify Brings Zero Trust to DevOps

Centrify Zero Trust Security scales adoption of secure DevOps by integrating Next-Gen Access controls into application development pipelines

Centrify a leading provider of Zero Trust Security through the power of Next-Gen Access, today announced it is extending its Zero Trust Security platform to DevOps environments. Centrify customers can now reduce their exposure to common security threats in their application development pipelines without compromising security, velocity, or scalability by leveraging Centrify Next-Gen Access.

The introduction of microservices, container-based architectures, and DevOps practices have led to a revolution in software development. However, as companies adopt these new technologies, tools, and methodologies, access management becomes increasingly complex. Security and operations teams must manage and audit permissions and credentials for a growing number of user and system accounts. Compounding the issue is that traditional methods of securing developer environments involve manual interventions and restrictive controls that significantly restrict the agility of development and operations.

“DevOps creates a challenge for many organisations because they need to maintain agility while also recognising that the DevOps process creates a broader attack surface,” said David McNeely, vice president of product strategy at Centrify. “Prioritising functional requirements over security while building applications leaves organisations exposed to significant risk. Centrify Zero Trust Security reduces that risk by managing machine identities and access end-to-end across the entire corporate ecosystem, including DevOps environments and emerging tools and services.”

Centrify Zero Trust Security enables customers to scale adoption of secure DevOps by simplifying the integration of security into application development pipelines. This Zero Trust approach presumes that users, applications, and endpoints are not trustworthy and must be verified at every point of access so that security of the development pipeline is not compromised.

Centrify’s Next-Gen Access portfolio now enables:

  • Centralised management of Docker groups within Active Directory.

A Docker group is a permission group that allows non-privileged users to execute Docker commands. Previously, non-root users had to be manually added to local Docker group on each container host. With the Centrify platform, customers can create a single Docker group in their Active Directory to grant non-root users the ability to create, modify, or delete container resources across container hosts. For fine-grained control over Docker command execution, customers can use Centrify’s Privilege Elevation service and grant users in a specific role the ability to execute specific Docker commands.

  • Centralised management of access rights and privileges for CoreOS Container Linux.

CoreOS Container Linux is a lightweight container-optimised operating system with pre-configured Docker Engine. Previously, customers needed to rely on shared root accounts or local administrator accounts to manage access to their container infrastructure. With the Centrify platform, customers can leverage Active Directory to control access to their container hosts running CoreOS Container Linux and further secure user access with Multi-Factor Authentication (MFA) and Privilege Elevation services.

  • Access management for containerised applications.

Centrify’s platform enables containerised applications to securely access other network resources by leveraging SAML or OAuth, and provides granular access controls to containers independent of the access to container hosts. With the Centrify platform, customers can protect access to containers and container hosts with MFA, and securely store account passwords or secrets such as configuration strings, encryption keys, and SSH keys in the Centrify Privileged Access Service.

The Centrify Zero Trust Security platform can now also be used to seamlessly authenticate to HashiCorp Vault, a tool for securely storing and accessing secrets. Centrify’s authentication method grants users temporary access to Vault, eliminating long-lived credentials that can be compromised through malware attacks. With Centrify, user and service accounts can access Vault by authenticating against any connected directory source including Active Directory, LDAP, Google Directory, or the Centrify Cloud Directory. The Centrify Zero Trust Security platform authenticates users to HashiCorp Vault with their enterprise credentials, whether it is deployed on-premises, in a DMZ, or in the AWS cloud.

“With the strong growth of the HashiCorp community, having Vault integrate with Centrify Zero Trust Security is a valuable option for our users” said Burzin Patel, VP Worldwide Alliances at HashiCorp. “Centrify’s platform empowers users to leverage the control and flexibility of using their existing corporate source for identity, while also increasing security and agility. That’s huge for developers, who are usually required to sacrifice one over the other.”

Centrify Zero Trust Security through the power of Next-Gen Access is a mature and proven approach that unifies single sign-on (SSO), MFA, mobility management, privilege management and behavior analytics. Zero Trust rethinks the “trust but verify” approach to security, replacing it with a stronger “never trust, always verify” approach to secure endpoints, networks, servers and applications.

To learn more about Centrify Zero Trust Security, visit www.centrify.com or booth 501 at RSA Conference 2018.

Top Stories

The UK’s National Data Strategy – Too Much Love?

Published

on

The UK’s National Data Strategy – Too Much Love? 1

By Julian Hayes, Partner at BCL Solicitors LLP

“We want the UK….to be the best place in the world to start and grow a digital business”. With this ambitious aim, the Government has laid out its National Data Strategy, focusing on unlocking the value of data, establishing a pro-growth data protection regime, and championing international data flows to promote economic development. Already a feted success, the UK’s digital sector now stands behind only the US and China in global venture capital funding and directly employs more than 1.5 million people in London and other major UK cities. Despite its laudable aspiration, however, the Data Strategy signals post-Brexit regulatory intentions which risk inhibiting and choking off the future growth of this successful UK industrial sector.

Bonfire of data obligations?

Though it emphasises the importance of public support and maintaining trust in how personal data is used, the Data Strategy highlights business’ lack of clarity about current data protection rules, takes implicit aim at the burden of the current data regime on innovators and entrepreneurs, and laments costly over-compliance and consequent risk aversion. In response, the Data Strategy foreshadows alleviating data compliance obligations, particularly for SMEs, once the Brexit transition period ends on 31 December 2020. Although the Data Strategy carefully avoids specifics, the complexity of the GDPR’s principles-based system and one-size fits all approach have long been a bugbear for micro-enterprises. Indeed, acknowledging concern in its recent two-year review of the GDPR, the European Commission (EC) itself urged national data regulators to lend SMEs a helping hand by offering ready-made templates, training and consultancy helplines. Nevertheless, the EC rejected calls to exempt smaller businesses from GDPR obligations, arguing that data risks were not dependent on an operator’s size.

Cross-border transfer dilemmas

Equally contentious is the Data Strategy’s approach to cross-border data transfers, cited as being of fundamental importance for economic development. The Data Strategy complains that such transfers of personal data are currently being inappropriately constrained and celebrates that the UK will be able to make its own ‘data adequacy’ decisions to allow for extra-territorial personal data transfers in a post-Brexit world. Unlike EC adequacy decisions which involve consultation between the Commission, the European Data Protection Board (EDPB) collectively representing EU data regulators, and member state representatives, UK adequacy decisions will be in the gift of the Secretary of State, subject only to Parliament’s rarely used negative resolution procedure. The Data Strategy effectively suggests UK adequacy decisions will be ‘up for grabs’ in future bilateral trade negotiations.

The transfer of personal data from the EU to ‘third countries’ has been a running sore in relations with the US which has not been granted an EC adequacy decision. The European Court of Justice (CJEU) has twice torpedoed hard-negotiated EU-US personal data transfer mechanisms, first ‘Safe Harbour’ and most recently the ‘Privacy Shield’ on which an estimated $7.1 trillion of annual transatlantic digital trade relied. US-UK trade documents leaked to the media in late 2019 suggested the US was seeking to weaken European data protection in its ongoing free trade negotiations with the UK.

These revelations merely added to pre-existing concern in Brussels, based on the UK’s Investigatory Powers Act (IPA), that Britain’s legal regime already falls short of offering an “essentially equivalent” level of personal data protection to that enjoyed in the EU. Aspects of the IPA have been repeatedly criticised by the European Courts, most recently in Privacy International’s challenge to the UK’s bulk retention powers. UK data sharing with third countries for law enforcement purposes has also raised concern in Brussels, with reservations at the UK’s participation with non-EU allies in the ‘Five Eyes’ agreement and expressions of disquiet by the EDPB and Members of the European Parliament at the implications for personal data protection of the UK-US bilateral data sharing agreement signed in October 2019.

Data adequacy – wait and see

Against this unpropitious backdrop, the prospects of Britain being granted an EC adequacy decision by the end of the Brexit transition period – something which the UK is pursuing – appear somewhat forlorn. From the Commission’s perspective, in the face of concerns over US authorities’ access to personal data, how could it grant an EC adequacy decision to the UK, allowing the free flow of EU personal data to Britain when the UK could, in turn, grant its own adequacy decision to the US, theoretically facilitating EU personal data to flow westwards to the US without what the EC regards as adequate protection? Even were the Commission to grant a EC adequacy decision to the UK, it is likely the decision would quickly face challenge in the CJEU from privacy campaigners. In any event, with the Data Strategy foreshadowing imminent changes to UK legislation, how could the Commission practically compare its own data protection regime with one which is morphing into something as yet undefined? Logic surely dictates it would delay making an EC adequacy decision until the future outline of the UK’s data protection regime becomes apparent.

Tech unicorns tethered

Avowedly aiming to drive UK economic growth by alleviating the deadweight of data protection obligations, the Data Strategy envisages digital entrepreneurs and innovators of the UK’s digital economy powering the country to success after the COVID-led downturn. But with the status quo of the Brexit transition period drawing to a close and an EC data adequacy decision potentially on-hold until the UK’s data protection regime becomes settled, the UK’s tech start-ups may in fact find themselves hamstrung by having to satisfy the EC’s data protection requirements in other ways, including the use of Standard Contractual Clauses and Binding Corporate Rules, if they wish to do business in Europe, adding an unwelcome layer of bureaucracy and expense to their overheads. Looking across the Atlantic, even if a US free trade deal is agreed, those same UK unicorns which the Government wishes to prosper would confront the formidable stranglehold of the US tech giants when seeking to break into the North America market. That would leave them reliant on the altogether smaller domestic market which would likely inhibit their growth. Despite the Data Strategy’s good intentions, its inadvertent consequence may in fact be the stifling of the very sector it was designed to assist.

Continue Reading

Top Stories

How to overcome the ‘groundhog day’ effect Of remote working

Published

on

How to overcome the ‘groundhog day’ effect Of remote working 2

By Chris Farmer, leadership and management training expert and founder of Corporate Coach Group

The ongoing pandemic means that for many people their place of work has been the lounge, the spare room or the ‘home office’ for more than the past six months. While it might have been a novelty at first, for many the lack of human interaction and spending so much time within the same four walls is becoming monotonous and this could lead to common bad habits which could destroy productivity and peace of mind.

In order to improve productivity and retrain the mind as we head into the winter period, here are some simple but powerful techniques you can use to make the most of working from home.

Don’t work in the room where you rest, relax or entertain yourself

Everyone is affected by their environment. We form strong mental-emotional associations between a particular activity and its location. When we are in a restaurant, we feel like eating; when we are in a swimming pool, we do NOT feel like eating.

When working from home, the associations between “Work” and “NOT-Work” become blurred because the two activities are taking place at the same location.

Consequently, both activities suffer. We feel we are never quite “at work”, and we feel we are never quite NOT at work. We feel we are in a strange “No man’s land” between the two states, and it is unsettling.

It is vital to separate our “work-space” from “rest space”. Ideally, you should have a separate room where you do all your work and NONE of your rest. Your living room is not where you work. If you do not have a separate room, then at least have a separate chair, and face an opposite wall.

We know people who work in their lounge. They sit in the same chair that they will be in, that evening, when watching TV. This is a mistake.

Dress for work, even when at home

Everyone is affected by the clothes they wear. When a police officer, a nurse, or a firefighter gets ready for duty, they put on their uniform. Why? Because every profession has its own identity; and every identity has an associated appearance.

Just because your physical place of work has changed doesn’t mean that your appearance needs to as well, and that’s not just because of video calls and meetings. It’s the same principle as working from your living room, if you adopt the identity of working in your casual clothes you will likely have the same mindset as you do when not at work.

We all know people who hang around the house in their dressing gowns and slippers, working with one eye on the TV and this is not conducive to productive working.

Dress as if you were going to work. Groom yourself as if you were going to work, because you are! When you have finished work, it is equally important to change back into your scruffs and relax.

Don’t allow the media to become your new best friend

People who work at home do not have the company of their colleagues, and so may turn to mainstream news for company. Everyone is susceptible to the suggestive influences of the media, which would be fine, if the media was objective and reasonably optimistic.

Unfortunately, the majority of headlines suggest; “It is bad and it’s going to get worse” and while it’s important for all of us to be aware of the latest updates regarding the pandemic and wider current affairs, it can also have the tendency to fill the mind with negative, pessimistic information.

The constant low-level hypnotic suggestions have an inevitable negative effect on our thoughts, feelings, actions and therefore our outputs. Avoid spending all of your time soaking your mind in the news agenda where possible such as through Facebook or Twitter and concentrate your attention onto something more productive to add value to your life.

Form a “Mastermind Alliance” with like minded people and talk to them every day

We are all profoundly affected by the company we keep and the voices we listen to.

Forming an alliance with two or three like minded individuals who (preferably), you do NOT work with, but who are in a similar position as you can be a really effective way of reminding yourself of the bigger picture and that in a sense we’re all in this together.

Your Mastermind Alliance may be from different companies or even a different industry but it is key this is composed of people who have an upbeat and can-do attitude.

Talk to them every day. The purpose of your mastermind alliance is mutual inspiration and emotional support. We ally ourselves with a small number of the right people: people whom we admire and who will challenge us to be at our best.

Keep good health habits; eat, sleep and exercise well

One of the basics that in particular needs to be prioritised as we head towards the winter is the focus on good health habits.

Why? Everything that we do in life requires energy – even if it’s just engaging your brain to perform your daily work from your desk at home. Energy defines your capacity to do work and it must be generated effectively to allow for maximum productivity.

This means you must maximise sleep, nutrition and exercise to generate sufficient energy while also minimising other negatives such as alcohol, calorific food and smoking, or using coping mechanisms such as comfort eating.

Instead, maximise the quality of your Sleep, nutrition and exercise.

  1. Sleep eight hours a night
  2. Eat small but eat well
  3. Exercise three times a week
  4. Avoid alcohol where possible

Keep your eye on the end goal

I know many of us are fed up of hearing this advice but it really is important to remember that this pandemic will not last forever. Life will return to some normality again and it’s important that we all continue to focus on our long term aspirations which we had before this all kicked off in March.

The human mind can tend towards one of two states: “goal focused” or “drifter mentality” and it’s important to focus on the former.

When working from home our biggest danger is that we lose our focus. We become distracted, disenchanted and we lose our edge. The solution is to continually monitor our state of mind and to do everything necessary to maintain a “Goal focused mentality”.

Goal focused mentality means continually setting goals: Set goals to:

  1. Improve your Work life balance (deliberately and knowingly separate your work activities from your non-work activities)
  2. Improve your dress code, grooming and appearance
  3. Maintain your professional identity
  4. Reduce your time on social media
  5. Engage the services of your mastermind alliance
  6. Increase the QUALITY of your nutrition
  7. Increase the quality of your sleep
  8. Reduce the amount of alcohol
  9. Increase the quality of your exercise programme.
  10. Generate more energy.

The only way out of trouble is to go forwards, by setting goals, formulating plans, motivating ourselves to take priority actions, and continually adapt ourselves so we are able to make progress, even when working from home.

Continue Reading

Top Stories

Supply Networks: The Future of Procurement

Published

on

Supply Networks: The Future of Procurement 3

By Sean Thompson, EVP of Network and Ecosystem, SAP Procurement Solutions

No supply chain has been spared by the impact of the coronavirus. Some parts of the world are indeed seeing businesses slowly look toward recovery and a gradual move to a ‘new normal’. But we cannot ignore that small shops and multinational corporations alike will continue to face challenges with regard to their manufacturing, distribution, logistics, and demand functions, as well as their overall financial well-being and that of their business partners.

A contributing factor to this disruption is the traditional, linear supply chain model, where each step is dependent on the one before it. Inefficiencies at one stage result in a cascade of inefficiencies down the line. And when the buyer and supplier are located at either end of the chain, it’s easy to see how collaboration breaks down and end-to-end visibility is nearly impossible.

The resulting reactive and uncoordinated response makes it challenging for procurement teams to know exactly which suppliers, sites, parts and products are at risk, and therefore, extremely difficult to secure new sources of supply in a timely manner.

Fostering the Partner Ecosystem

As businesses grapple with the ramifications of COVID-19, they must learn key lessons as they look to recovery. At the crux of this is rebuilding and restructuring resilient supply chains for a better future. This means moving beyond the traditional linear supply chain model to the implementation of a dynamic, collaborative supply network.

Unlike traditional supply chains, supply networks shift away from singular, point-to-point processes to a many-to-many structure that enables 360-degree visibility. Once an organisation is connected to a network, they become both a buyer and a supplier and gain broad visibility into the interconnected operations of their trading partners. Beyond allowing companies to identify emerging trends or issues more easily, access to a network also enables them to collaborate with new partners, improve cash flow, develop new products and accelerate sustainability.

Connecting to a network that includes producers, vendors, distribution centres, warehouses, transportation companies and retailers contributes to a businesses’ overall ability to move with agility, respond more quickly to demand and address unforeseen circumstances like those we’ve seen this year.

Building the Business Pillars of the Future

The global COVID-19 pandemic has suddenly accelerated the need for organisations to transform and respond to the unplanned and unprecedented. As a different world takes shape, longer term strategies for supply chains and operating models need to be re-assessed and prioritised in order for an organisation to advance in the following three key business pillars of the future: resiliency, profitability, and sustainability.

Sean Thompson

Sean Thompson

Digital transformation will play a major role for an organisation to withstand future disruptions and help pivot them toward recovery when disruptions do occur. In turn then, supply networks offer a holistic approach that enables greater transparency between trading partners and help organisations make decisions in real-time. Unlike linear supply chains, supply networks optimise operations and break down functional silos to enable organisations to realise the untapped potential of existing capabilities and achieve higher performance as well as greater value. Indeed, this is demonstrated by recent data from Bain & Company, which reveals how companies with resilient supply chains grow faster because they’re able to move quickly when market demand shifts.

When it comes to an organisation maximising its profit margins, resiliency and profitability go hand in hand. Businesses that run reliable, automated supply chains generate increased revenue because digital supply networks can smooth over any friction, and in turn, maximise the output. With automation and transparency in place, the ROI handles itself and the network becomes a profitability-driving tool.

Finally, businesses should always consider their sustainability goals; not only across their organisation, but within their supply network too. Beyond the need for creating long-term value, sustainability can foster innovation and encourage new ways of thinking that can ultimately lead to increased revenues, stronger customer relationships and improved brand perception. One way this is often addressed is by looking to reduce carbon footprints as a result of operations. However, sustainability exists deep within supply chains, like modern slavery and single-use plastics; these need to be addressed in equal measure too.  The use of technology can help spot inefficiencies and risk so that today’s business leaders can instil long-lasting change and dig into the supply chains of their partners and suppliers, prioritising those who are also making sustainability a priority too.

It’s a New Dawn

Transforming from a supply chain to a supply network should support a business’ total digital transformation strategy. By taking advantage of the latest digital tools, businesses can remain resilient and scale at a rate that creates a competitive advantage.

An example of this done successfully is demonstrated by the Danish manufacturing company VELUX Group, which automated 64% of its 20,000 monthly order lines after digitally transforming supply chain operations and streamlining supplier collaboration. Now, the VELUX Group seamlessly conducts transactions with more than 200 vendors and enjoys improved processes, accelerated delivery dates and more time saved.

Digital supply networks are built to anticipate disruptions and mitigate risks. They leverage technology and data analytics to provide a continuous flow of information which allows business leaders to gain a holistic insight to all areas of the business. While moving to a supply network requires fundamental changes to many aspects of an organisation’s planning – from strategy, to business processes, to IT – the ability to keep up with fast-moving market dynamics is essential in today’s business environment more than ever.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

The UK’s National Data Strategy – Too Much Love? 4 The UK’s National Data Strategy – Too Much Love? 5
Top Stories12 mins ago

The UK’s National Data Strategy – Too Much Love?

By Julian Hayes, Partner at BCL Solicitors LLP “We want the UK….to be the best place in the world to...

B2B plays a big role in our economy, but how can it contribute to our recovery? 6 B2B plays a big role in our economy, but how can it contribute to our recovery? 7
Business26 mins ago

B2B plays a big role in our economy, but how can it contribute to our recovery?

By Richard Parsons from True, creative B2B marketing agency, discusses the current state of marketing and looks ahead to what...

UK leads the way in sustainable finance with the first set of requirements for investment management 8 UK leads the way in sustainable finance with the first set of requirements for investment management 9
Investing2 hours ago

UK leads the way in sustainable finance with the first set of requirements for investment management

BSI, in its role as the UK National Standards Body, has today published the first specification for responsible and sustainable...

Why investing should be treated like healthcare 10 Why investing should be treated like healthcare 11
Investing6 hours ago

Why investing should be treated like healthcare

By Qiaojia Li, co-founder and CEO at the award winning wealthtech company, Rosecut For many people, the process of investing...

Endpoint Security Industry: An Overview 12 Endpoint Security Industry: An Overview 13
Technology7 hours ago

Endpoint Security Industry: An Overview

Endpoint protection is the practice of stopping unauthorised actors and campaigns from targeting endpoints or access points of end-user computers...

Tech-enabled cash management strategies have come to the fore during the Covid-19 pandemic – and will be key to firms’ recovery from it 14 Tech-enabled cash management strategies have come to the fore during the Covid-19 pandemic – and will be key to firms’ recovery from it 15
Finance7 hours ago

Tech-enabled cash management strategies have come to the fore during the Covid-19 pandemic – and will be key to firms’ recovery from it

By Ed Thurman, managing director and head of Global Transaction Banking at Lloyds Bank Commercial Banking, outlines how technology-enabled solutions are...

5 ways to keep your team connected with split working 16 5 ways to keep your team connected with split working 17
Business7 hours ago

5 ways to keep your team connected with split working

By Sam Hill, Head of People and Culture at BizSpace  As the government switches its message back to “work from...

How to overcome the ‘groundhog day’ effect Of remote working 18 How to overcome the ‘groundhog day’ effect Of remote working 19
Top Stories7 hours ago

How to overcome the ‘groundhog day’ effect Of remote working

By Chris Farmer, leadership and management training expert and founder of Corporate Coach Group The ongoing pandemic means that for...

FinTech in Credit Markets: Efficiency and Potential Risks - Free webinar 20 FinTech in Credit Markets: Efficiency and Potential Risks - Free webinar 21
Uncategorized1 day ago

FinTech in Credit Markets: Efficiency and Potential Risks – Free webinar

As the financial industry’s landscape continually changes, the ever-quickening development in information technology has led to an unprecedented wave of...

The new virtual leaders – adapting your leadership style for a changed workforce 22 The new virtual leaders – adapting your leadership style for a changed workforce 23
Business1 day ago

The new virtual leaders – adapting your leadership style for a changed workforce

By Debbie Clifford, Head of People and Talent at Olive During this pandemic, organisations across all sectors have witnessed a dramatic...

Newsletters with Secrets & Analysis. Subscribe Now