Centrify Identity Service Balancing Security & Productivity Peter Havens, Product Management at Centrify John Wu, Solutions Engineer at Centrify

About Centrify Founded in 2004 HQ in Santa Clara, CA with global offices in UK, Japan and Brazil Strategic alliances with Microsoft Apple, Samsung and more 250+ resellers

Product Awards and Certifications Forrester Wave Leader: Privilege Identity Management Magic Quadrant Leader: Identity and Access Management as a Service Azure Certifications “Clear choice winner” for SSO and many more …

5,000 + Customers, 29 of Fortune 50 Banking & Finance Pharma & Health Defense & Government Consumer & Energy Technology & Telecom K12 & HiEd We have a strong presence in many important industries such as banking, Retail and Federal Agencies. Centrify is a very trusted technology, proud to have over 5000 deployed customers and 26 of the Fortune 50. 4

Centrify Solutions: Unified Identity Management Mac Workstations Mobile Identity management SSO Group policies VPN-less access Internal Web Apps SAAS Privilege management SAPM/SUPM Session monitoring MFA Internal Servers and Network Appliances What makes Centrify unique is that we offer a unified identity platform across cloud, mobile and data center. Not only do we have the ability to manage your on premise Macs but we also can help unify your data center, manage web based applications and your mobile environment. Essentially we replace the handful of tools currently being used by most companies by offering a single identity management platform. It’s very important to remember that Centrify is non intrusive we don’t require any schema modification nor do we punch holes into your fire wall, we simply leverage your current AD. Cloud Infrastructure

We believe that Identity is the New Perimeter Identity at the center of cyber attacks IT is becoming De-perimeterized

Identity at Center of Cyber Attacks… Centrify’s identity platform was architected to protect businesses against today’s leading attacks. 95% of breaches are from compromised credentials 100% of breaches involved stolen credentials End Users and Privileged Users Problem – Identity is the leading target for today’s attackers. Experts attribute compromised credentials to between 95-100 percent of all recent data breaches. Verizon 2015 Data Breach Investigations – 95% of breaches from compromised credentials Recent report by Mandiant declared 100% of attacks involved stolen credentials Verizon 2016 Data Breach Investigations - 63% of confirmed data breaches involved weak, default or stolen passwords

— 2016 IBM X-Force Cyber Security Intelligence Index 60% of attacks were carried out by insiders, both malicious and inadvertent actors — 2016 IBM X-Force Cyber Security Intelligence Index

Modern Enterprises are showing us the future The IT Perimeter is Dissolving Mac and Chromebooks Mobile SaaS IaaS Access Anywhere Cloud and Mobile Mean Attackers Have More Targets Than Ever

Centrify Secures Enterprise Identities against Cyberthreats … BIG DATA APPLICATIONS CLOUD (IAAS & PAAS) NETWORK DEVICES DATA CENTER SERVERS Secure Access to Apps & Infrastructure From Any Device For All Users PARTNER END USER PRIVILEGED IT USER CUSTOMER OUTSOURCED IT

Empowering the Modern Workforce

Balance Security Productivity

Empowering the Modern Workforce Multi-factor Authentication Once we have strongly authenticated the user and secured the endpoint… Centrify Identity Platform ... Empower the User with Access Automated Account Provisioning to cloud Apps True SSO to cloud Apps Access to on-prem Apps without a VPN (App Gateway) 802.1x Provisioning for e-mail, WiFi & VPN Native Apps deployed to Mac and Mobile Devices App Catalog with Automated Provisioning and Workflow On-prem SSO to Apps and Files (OS X via Kerberos)

Mac Management Architecture APNS APNS Mobile App or Web portal OS X DirectControl Agent Web portal Deployment tool and ZPS Group policies and authentication CSS HTTPS Cloud Connector Group policies templates Active Directory Firewall

Provisioning, SSO and MFA to SAAS Apps Mobile App or Web portal Web portal HTTPS Cloud Connector Active Directory Firewall

VPN-less access to internal resources Mobile App or Web portal Cloud Connector Active Directory RDP or SSH Firewall HTTPS Network appliances, Unix, Linux and Windows servers Internal web applications

Demo New User Onboarding

Identity AND Endpoint Management The Power of AND Identity AND Endpoint Management

What are We in the Business of Protecting? Why is Endpoint and Mobile security so important? Securing the endpoints is great but why is so much effort being poured into it? Its all about protecting data, corporate data, PCI data, IP, etc. In today’s modern workforce, the App IS the data. And that is what we are really trying to protect. The App IS the Data!

It’s Good to be the Identity Provider… Since Centrify is the IDP granting access we can make intelligent decisions Who can access what? From Where, when and how? Authentication Profiles Per App Authentication Policies Secured Endpoints get Special Treatment Browsers configured with Identity Certs for True SSO True SSO – Regardless of how the App is Accessed Adaptive Authentication Authentication is truly Adaptive Based on Identity, Device Security Posture, and Context Identity Security Context

True SSO & Adaptive Auth Per App Policies

Enabling MFA Everywhere Beyond Passwords Enabling MFA Everywhere

MFA Across Your Enterprise MFA for VPN MFA for Cloud Infrastructure (IaaS) Centrify Identity Platform MFA for On-Prem Apps MFA for Cloud Apps MFA for Server Login and Privilege Elevation MFA for Shared Resources

Centrify Multi-factor Authentication Capabilities Strong authentication – without user hassle Adaptive MFA limits user frustration Based on context, including: Time of day, work hours Inside/outside corporate network User role or attributes Device attributes (type, management status) Location Specific privileged role or command Flexible factors for full freedom Take advantage of a wide set of authentication factors Push notification to smartphones and wearables Biometrics for mobile One time passcode (OTP) over SMS, email, or from OATH-compliant devices Smartcard and derived credentials Interactive phone call to user’s mobile device

Multi-factor Authentication for Secure App Access Reduce password risk Enable MFA on a per-app basis Available for on-premises and cloud apps Combine with SSO using standards like SAML and OpenID Connect

Multi-factor Authentication for Secure VPN Access Protect VPN Logins Support for a broad range for VPN servers via RADIUS protocol VPN server communicates with Centrify Cloud Connector to initiate MFA

OATH Token Integration Customers with OATH-based H/TOTP Tokens can use them for MFA Soft Tokens: Google Authenticator, Hard Tokens: YubiKey, etc…

Smart Card Login Smart Card devices provide strong authentication Eliminating passwords completely Derived Credentials for Mobile YubiKeys as a SmartCard

Multi-factor Authentication for Servers Multi-factor Authentication to Cloud Service Multi-factor Authentication for Login and Privilege Elevation Block cyber attacks MFA for Linux login and privilege elevation Unique zone-based policies control step-up authentication through role assignment Servers communicate securely with on-premises Cloud Connector to initiate MFA Centrify Identity Platform ENTERPRISE DATA CENTER Centrify Cloud Connector Jump Box Audit DB Multi-factor Authentication for Linux Login Privilege Elevation Shared Account Sessions and Auditing SERVER SUITE

Demo CIS Admin Portal & Mac GPO

Q & A

SS026-2012-11-29