SAN FRANCISCO —A lot of people are talking about doing something to better protect the upcoming U.S. mid-term elections from malevolent outside influences. Santa Clara, Calif.-based security provider Centrify is doing something about it.
Centrify, a proponent of a relatively new approach to enterprise security called Zero Trust, on April 16 at the RSA Security Conference revealed the industry’s first IT campaign to Secure the Vote for the 2018 elections.
The initiative involves the free distribution of Centrify software to election boards that includes multi-factor authentication and validation of device access for voters in their jurisdictions.
“It became readily apparently over the last month or so that not enough is being done to protect voter databases,” CEO Tom Kemp told eWEEK. “It came to a head this past weekend (April 8) when (CBS’s) ‘60 Minutes’ talked about how the Russians had penetrated at least 20 different states and the voter database in Illinois was taken.”
'60 Minutes' Segment Brings Election Hacking into Sharp Relief
The newsmagazine segment, “When Russian Hackers Targeted the U.S. Election Infrastructure,” validates that the main target of the 2016 U.S. election was election boards, and that up to 90,000 voter records were compromised. The report confirmed how fragile the state of the U.S. democracy is: election meddling by foreign interests, database breaches of both political parties, and most recently a high-profile breach of trust.
The security of private data and credentials is top of mind not just for enterprises and government officials, but for the electorate at large regarding private information, who has access to it and how is it used.
“Even if they (the Russians) had done a very simple change (in the database), like in the address field changing all zeroes to a ‘2,’ complete chaos would break out, because no one’s driver’s license would match the record in the database,” Kemp said.
So Centrify dug into this, and because the Constitution requires that the voting process is actually the states’ and counties’ responsibility, the company started to talking to local election boards.
“We’ve decided to allow state and local election boards to use our service for free, through the entirety of this calendar year, to protect the midterm elections,” Kemp said. “A lot of counties are (financially) strapped, and so we’re willing also to put in some (read that “a limited amount of”) services to help them. It’s our way of giving back and helping protect voter information.”
More than 15 boards already have signed up, Kemp said. A number of others are currently looking at the offer.
Details of the Election Board Offer
Centrify’s package is called Identity-as-a-Service and Privileged Access Management leadership Effective April 16, the company is providing its access solutions to eligible election boards at no cost for the first eight months of a 12-month (or more) SaaS subscription, representing a 66 percent discount on MSRP. Centrify is also offering a 10 percent discount to new election board customers to take advantage of its Jump Start professional services program to ensure a smooth deployment of Centrify Zero Trust Security.
More details: Boards get a choice of Centrify’s Next-Gen Access portfolio for Zero Trust Security, which includes:
- Application Services: Secures every user’s access to apps through SSO, MFA, and mobility management;
- Endpoint Services: Grants access to apps and infrastructure only from trusted and secured endpoints;
- Infrastructure Services: Minimizes the attack surface and control privileged access in hybrid environments;
- Analytics Services: Determines, in real-time, the risk of every access attempt across all apps and infrastructure, fulfilling even CDM’s most stringent requirements;
- 8 months included at no cost on a 12-month (or more) SaaS subscription; and
- 10 percent discount on Centrify Jump Start packages.
Centrify claims that Next-Gen Access is the only industry-recognized solution that converges Identity-as-a-Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). This approach unifies single sign-on (SSO), multi-factor authentication (MFA), mobility management, privilege management and behavior analytics.
What Zero Trust Means
Centrify's Zero Trust security enables customers to scale adoption of secure DevOps by simplifying the integration of security into application development pipelines. This approach presumes that users, applications and endpoints are not trustworthy and must be verified at every point of access, so that security of the development pipeline is not compromised.
“The reality is, as the world becomes more deperimeterized, that the old model (‘trust but verify’) is really no longer applicable,” Kemp told eWEEK. “You really need to move to a model of ‘never trust, always verify.’ Forrester termed this ‘zero trust,’ Google has an internal IT initiative called BeyondCorp. But at the end of the day, what you really need to do with zero trust is: first verify the user (and device), and then from there, to limit privilege and access.
“In reality, in many scenarios you’re not using AV (anti-virus), VPN (virtual private network), a next-gen firewall, so what can you secure? You secure the user, the device and then limit access and privilege. Hopefully you have some smarts that figures out what normal behavior is through risk-based scoring, et cetera.”
For more information on Secure the Vote, go here.