Story image

Companies caught between crooks and compliance - Centrify

12 Jun 2018

Businesses in Australia and New Zealand are increasingly squeezed between defeating cyber-attacks and complying with surging volumes of government regulation, cybersecurity company Centrify says. Centrify is concerned that complying with the increasing amount of red tape required to retain personal information may hamper the ability of a business to protect that customer information successfully. Already this year, Australian companies have seen the implementation of national Notifiable Data Breach legislation and the mandating of GDPR regulations for businesses with a presence in Europe.

In addition, the Australian Prudential Regulation Authority (APRA) is currently developing a new proposed cybersecurity standard, CPS 234, planned to take force from July next year to further strengthen the Australian financial system.

In April this year, the New Zealand Government announced plans to refresh its three-year-old Cyber Security Strategy. Centrify APAC sales senior director Niall King says regulatory protection of information privacy is completely commendable.

“The challenge that faces companies is they have to defend against cyberattacks while also having to comply with multiple regulations from diverse jurisdictions,” he says. “In an ideal world, these two activities would be aligned, but the reality is that while companies must jump through bureaucratic hoops to demonstrate their regulatory compliance, the bad guys don’t follow rules, so they keep on innovating to find new ways to get illicit access to private data. “The bottom line is that if companies want to keep the crooks out and comply with government regulations, they need to rethink how they approach cybersecurity by putting identity protection at the centre of their defences.”

King says that in many cases, hackers did not try to break in through corporate defences.

“The fact is, they use the path of least resistance by deploying our own weak credentials against us,” he says. “Reports show that 81% of data breaches exploit weak, default or stolen passwords. That means four out of five breaches occur through a failure in identity protection. “Centrify advocates a model of Zero Trust Security which assumes that every user - whether inside or outside the network - is a potential threat, so we verify every user, validate their devices, and limit their access and privilege to what is required to do their jobs,” he says.

“Centrify also uses machine learning to identify risky user behaviour and apply conditional access without impacting user experience. King says, “Securing identity while still making it easy for employees and partners to do their jobs is the key to delivering cybersecurity and regulatory compliance.”

Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
Nuix eyes legal sector as eDiscovery demand skyrockets
eDiscovery must encompass so much more than email and documents. If you haven’t looked at text messages and online chats, digital images, mobile devices, data in the cloud and social media, you’re not getting the whole story.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."