The Centrify Encryption Service
The Centrify Encryption Service, now part of Delinea (following the merger of Thycotic and Centrify), is a robust component of the broader Centrify Identity Platform, designed to enhance the security and compliance of enterprise environments. Here’s a detailed overview of what the service does and its key features:
Purpose and Functionality
The Centrify Encryption Service is integral to the Centrify Privileged Identity Management solution, focusing on securing and managing access to sensitive resources, particularly privileged accounts. This service is designed to protect enterprises from cyber threats by ensuring that privileged access is tightly controlled and audited.
Key Features
Privileged Access Management (PAM)
- The service manages privileged user access to various resources such as applications, servers, database management systems, and other infrastructure components through a centralized authentication process.
Secure Storage and Management of Credentials
- It utilizes a Secret Server to store and manage passwords, usernames, and other credentials securely. This includes automated password rotation and the ability to discover, manage, and delegate access to all accounts.
Multi-Factor Authentication (MFA)
- Centrify implements MFA for IT administrators accessing systems that require elevated privileges, protecting against hackers using stolen passwords and credentials.
Federated Privileged Access
- The service supports federated privileged access across the entire security ecosystem, including secure outsourcing of IT and application development. This allows for web-based access and privilege management for systems and applications, governed by request and approval workflows.
Session Monitoring and Control
- It provides the ability to monitor and optionally terminate privileged sessions, ensuring that access to critical infrastructure is closely governed and audited.
Integration and Compatibility
- The service integrates with various systems, including Linux and Windows servers, some legacy databases, and supports authentication through LDAP and Active Directory (AD).
Compliance and Security
- Centrify’s solutions are designed to ensure continuous compliance and reduce the attack surface by securing internal and external users as well as privileged accounts. The service leverages secure data storage and supports encrypted storage of account passwords using appliances like SafeNet KeySecure.
Cryptographic Capabilities
- Although the primary focus is on access management, the underlying Centrify Cryptographic Module supports various cryptographic functions such as symmetric encryption and decryption, key generation, and message integrity generation using algorithms like AES, Triple-DES, and HMAC. This module is compliant with FIPS 140-2 standards and supports NIST-approved algorithms.
In summary, the Centrify Encryption Service, as part of the Delinea portfolio, offers a comprehensive solution for securing privileged access, managing credentials, and ensuring compliance in hybrid IT environments. Its features are designed to protect enterprises from cyber threats by enforcing least privilege access, multi-factor authentication, and robust session monitoring.