Centrify enables organizations to stop breaches that start on Mac endpoints
Centrify, the leader in securing hybrid enterprises through the power of identity services, today announced enhancements to the Centrify Identity Platform that deliver local administrator password management for Macs and comprehensive Mac application management and software distribution via turnkey integration with the Munki open source solution. These new capabilities enable Mac administrators to solve critical challenges by implementing best practices for controlling privileged access on Macs while at the same time simplifying management of Mac endpoints.
“Our latest security capabilities extend shared account password management (SAPM) from servers, network devices, Windows and Linux endpoints to Mac, while at the same time simplifying Mac application management with Munki support that enables users to install applications without knowing the admin password,” said Bill Mann, chief product officer at Centrify. “The Centrify Identity Platform secures Mac endpoints as well as Windows and Linux with our market leading Identity-as-aService (IDaaS) and privileged identity management (PIM) solutions that help stop breaches across endpoints, infrastructure and apps.”
Control Shared Passwords
It is common for organizations to maintain administrative accounts on their users’ Macs and use the same admin password across all Macs. This introduces risk, because inevitably the password is shared with an end user who needs to install applications on their Mac, or is known by admins who leave the company. These users and ex-employees now have full administrative privilege across every Mac. This leaves an organization highly susceptible to breaches that start on Mac endpoints, and demands a solution that enables organizations to minimize and centrally control access to Mac administrative accounts, just like they do for Windows and Linux endpoints, servers and network devices.
The Centrify Identity Platform closes this gap in security with local administrator password management (LAPM) for Mac that enables administrators to generate a unique administrator password for each Mac. With Centrify, organizations are eliminating the sharing of a single Mac admin password across an entire organization. The solution can be enabled for all Macs enrolled in the cloud-based management service, ensuring support for remote machines as well as those on the corporate network. Authorized admins can check out the admin password, and the rotation of the admin password is automated. Who accessed what and when is fully audited across Mac administrative access and all other endpoints and infrastructure and available through comprehensive reporting.
End users cannot install software without local admin rights. However, local admin rights mean your end users-or anyone who compromises their accounts-are privileged users on their Mac. This increases your attack surface and makes endpoints an effective target for malware and rogue applications. By seamlessly combining the Centrify Identity Platform with the open source Munki solution - the leading Mac app and patch management solution - your end users can install and manage applications without local admin rights.
Munki’s open-source toolset provides a rich Apple App Store like end user experience, where the specific apps an organization approves are available for seamless installation. Centrify simplifies the Munki setup, management, security and ongoing support to make it easier for organizations to deploy and operate their own enterprise Mac app store. Additionally, Centrify’s cloudbased app repository extends Munki to remote Mac users regardless of their location or status on the corporate network.
Controlling access to shared administrative passwords for endpoints and eliminating the need for local admin rights to install software on Macs are established PIM best practices. A recent Forrester study found a direct correlation between the number of PIM best practices an organization has implemented and the number of security incidents it encounters. The Centrify Identity Platform now makes it easy for organizations to extend best practices to Mac in order to stop breaches that start on endpoints.