For this issue of SaaS Talk, we spoke with the company’s President Tim Steinkopf about the business and what the future holds for Centrify.
Centrify’s mission is to stop the leading cause of breaches: privileged access abuse. According to Forrester Research, 80% of data breaches involve compromised privileged credentials such as passwords, tokens, keys and certificates. Cyber attackers no longer “hack” in against sophisticated technology. Instead, they use weak, stolen or otherwise compromised credentials to log in. Then they move laterally inside the network to find valuable data, elevate their privilege and extract the data while covering their tracks. Centrify’s solutions assume that ”bad actors” are already in the system and counter them by verifying the user, analyzing the context of the request and assessing the risk of the access environment to grant the least privilege necessary to fulfill said request. This is known as a Zero Trust Privilege model, designed to give just enough access, just in time.
For our particular focus area, which is Privileged Access Management (PAM), there is tremendous growth opportunity as our business becomes increasingly SaaS-based. Right now we still see a lot of on-premises requirements, especially in certain security and compliance-focused industries, including government and public sector, financial services and healthcare. But clearly cloud-delivery is the future of our business and most of our customers already recognize this and have made the move to our cloud-ready Zero Trust Privilege solutions.
According to Gartner’s Forecast Analysis: Information Security, Worldwide, 2Q18 Update, the PAM software market is expected to double from $1.4 billion in 2018 to $2.8 billion in 2022 at about a 15-20% CAGR. So obviously there is a huge market opportunity available for Centrify to capitalize with our dedicated focus on PAM.
Two challenges facing us are education in general about Zero Trust, which is becoming a buzzword many companies are grabbing onto whether rightly or wrongly. The other is cybersecurity spending priorities. Gartner projects $124 billion to be spent next year but perhaps not on the right initiatives. We know from research that we conducted with Dow Jones earlier in 2018 that:
i. 62% of CEOs still think the biggest threat to their organization is malware, while only 35% of technical officers (CIOs, CTOs, CISOs) agree with that statement.
ii. 68% of all executives surveyed whose companies experienced significant breaches indicate it would most likely have been prevented by either privileged user identity and access management or user identity assurance.
Centrify has industry-leading solutions that help organizations adopt a Zero Trust Privilege approach.
Zero Trust is becoming widely-recognized as the best way to harden cyber security postures as the traditional network perimeter continues to dissolve. We are consistently recognized for our offerings, strategy and market presence, such as being named a leader in the most recent Forrester Wave Report for Privileged Identity Management (PIM) and the first ever Gartner Magic Quadrant for Privileged Access Management (PAM). All this is made possible by our amazing team that is dedicated to stopping privileged credential abuse.
In short, a lot of where we’re headed is about the cloud. The erosion of traditional perimeters has largely been enabled by the cloud, and that has resulted in a massive expansion of the potential threatscape that now includes Infrastructure-as-a-Service, Big Data, IoT, DevOps, containers and microservices, and more.
While the cloud is one of the drivers of new security concerns, the good news is that it’s also the delivery vehicle to secure this new expanded threatscape. Looking down the road, we anticipate growing our business both organically and inorganically, and innovating so we can stay ahead of the leading attack vector. Today that threat is privileged credential abuse, and while we still rely on passwords that will continue to be the case. But there are some great things coming in the identity space that can help to close some of those human-fallibility weaknesses, like biometrics and AI. We plan to be at the forefront of that innovation.
The biggest thing that keeps me up at night is the question of whether we are moving at a fast enough pace. We have a dynamic market and demanding customers—and the bad actors are trying to stay ahead of the solutions—we need to outpace both.
Sadly, one of the first things I do when I wake up is to see who has made headlines for the latest breach, because it feels like it’s about one per day. Companies must do a better job of securing their data and the privacy of their customers, and it’s not just large enterprises: 61% of SMBs were breached in 2017. A lot of that starts with low-hanging fruit like implementing multi-factor authentication and taking a Zero Trust approach to security.