Centrify Delivers Free SaaS-Based Privileged Access Management for Small Businesses

Security provider Centrify is delivering a free edition of its cloud-based Privileged Access Service, the company’s enterprise-grade privileged access management service.  Centrify’s Free Tier Vault aims to help smaller firms eliminate password spreadsheets and harden security postures.

Tags: access management, Centrify, cloud, MFA, PAS, SaaS, zero trust,

Security provider Centrify is delivering a free edition of its cloud-based Privileged Access Service, the company’s enterprise-grade privileged access management service. 


The Centrify SaaS PAS no-charge option, called the Free Tier Vault, is aimed at helping smaller firms eliminate password spreadsheets and harden security postures in minutes, according to Centrify CEO Tim Steinkopf.  


Centrify’s ‘vault’ approach lets firms securely store and manage secrets (e.g., IP addresses, API keys, SSH credentials, AWS IAM credentials), as well as enable secure communication between applications, containers and microservices. The result is what Centrify calls “cloud-ready Zero Trust Privilege,” according to Centrify’s product description.


The offering can help smaller firms “kill password spreadsheets and significantly harden security postures in minutes,”  he added.  The free tier option manages up to 50 registered systems and their associated service accounts.


“Any organization of any size in any industry that doesn’t currently have a password vault, or is starting a departmental or small cloud project, should try it now before they become the next victim of a data breach,” Steinkopf added.


Centrify PAS provides access to critical shared account passwords while also delivering other key functions, including:

  • maintaining control over who has access
  • which passwords they have access to and
  • how those passwords are managed and rotated.

Adopters of the Centrify PAS receive a “cloud-based vault,” where it discovers and registers all machines. After that preparatory step, Centrify PAS will “vault” all shared, alternate admin and service accounts. In turn, access to those accounts is brokered for users, services and applications.


For example, organizations can vault the password for their AWS root account and enforce MFA (Multi-Factor Authentication) for emergency access.


Users can also “vault” all their app passwords and secrets (e.g., IP addresses, SSH keys), according to Centrify’s description of the AWS-based free tier.


Centrify’s Push to Modernize PAM for Today’s Distributed, Cloud Enterprise

According to Centrify, Privileged Access Management needs an update in the era of hybrid and multi-cloud.  “[L]egacy PAM is not enough for the expanded threatscape, as Centrify CEO Steinkopf put it.


“At the end of the day, we want every organization to be starting down the path to Zero Trust Privilege -- that means taking a ‘never trust, always verify, enforce least privilege’ approach to PAM. Our Free Tier Vault can help get them on that path quickly, easily, and affordably,” he added in a statement.


A new, more comprehensive approach, Zero Trust Privilege is needed. Centrify’s website describes Zero Trust Privilege as follows:

Zero Trust Privilege redefines legacy PAM for the modern enterprise IT threatscape Organizations must discard the old model of “trust but verify”, which relied on well-defined boundaries. Zero Trust mandates a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network.

Zero Trust Privilege requires granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, organizations minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity and costs for the modern, hybrid enterprise.

At implementation, Centrify PAS lets firms secure and manage super user and application accounts on servers and network devices. It can also leverage its cloud architecture to store and manage secrets, as well as enable more granular and secure communication between apps, containers, and microservices. Further, Centrify PAS offers secure remote access to resources without a VPN – across on-premises and cloud.  


For administration, Centrify’s secure environment provides the flexibility to support privileged access from either native SSH or RDP clients or any browser for web-based SSH access to Linux, as well as web-based RDP access to Windows servers to eliminate any software requirements on the workstation other than a browser, the company added.


Centrify’s Free Tier Vault offer follows the release of a Centrify survey of organizations that found an astounding majority (93%) believe they are at least “somewhat prepared” against threats that involve privileged credentials. That said, the survey also found more than half (52%) admitted they are not controlling privileged access with a password vault.


Steinkopf shared some conclusions on the study, which included some 1,300 responses.


“Our research tells us that the vast majority of organizations are misinformed when it comes to the real cybersecurity threats their organizations are facing, and about how prepared they are to reduce their risk of being breached,” he said.  


Garrett Bekker, Principal Security Analyst at 451 Research, affirmed Centrify’s offer could help many SMBs. “Some of the basic steps to institute controls on privileged access – like password vaulting and MFA for administrative access – can significantly harden any enterprise’s security posture and be implemented as cloud services without a large upfront investment.”


Centrify’s Free Tier Vault subscription is available immediately in the AWS Marketplace. Detailed information is available here.