- 8 June 2018 09:43
PageUp data breach calls for Zero Trust Security warns Centrify
Cybersecurity specialist Centrify warns that this week’s revelation of a major data breach by Human Resource services company PageUp highlights the need for companies to deploy Zero Trust Security.
PageUp, which claims to have two million active users across 190 countries, cites major enterprise and government clients including Telstra, NAB, Coles, Australia Post, Aldi and Medibank. Any data breach potentially compromises the personal details of thousands of Australians.
In the most reported data breach since Australia’s new Notifiable Data Breach law commenced in February, PageUp CEO and co-founder Karen Cariss, in a statement on the company’s website, said that investigations of its IT infrastructure had revealed a malware infection that may have compromised client data. The statement also suggested that users change their passwords.
Centrify Senior Director APAC Sales Niall King said PageUp’s data breach report epitomised the security problem facing corporations and individuals in a “boundaryless world”. “Trust no longer provides protection, whether it’s of an employee or a third-party service provider,” he said.
“While we don’t know how this malicious code got into the PageUp system or what damage it may have done, this incident is another wakeup call for corporations to rethink how they address security.
“Centrify advocates a Zero Trust Security model because it removes trust from the equation entirely. Based on the assumption that untrusted actors exist both inside and outside the network, Zero Trust leverages powerful identity services to secure every user’s access to apps and infrastructure.
“Access to resources is granted only after identity is authenticated and the integrity of the device is proven – but even then, with just enough privilege to perform the task at hand.”
Mr King said this Privileged Access Management strengthened corporate defences by only giving users the privileges they needed to do their jobs - and revoking elevated privileges once the job was done. “This is an additional barrier to an illicit or inadvertent user infecting the system with malware,” he said.
“Likewise, Zero Trust Security mandates that the days of verifying a user’s identity simply with a user ID and password are long gone. Today, user names and passwords can be phished, bought off the Dark Web - or ‘sniffed’ by malware. Zero Trust mandates that access credentials are fortified by MFA (Multi Factor Authentication), requiring something you have or are as well as something you know.
“MFA would render useless any passwords compromised by a PageUp data breach because you would need that second factor of authentication - such as a code verified by mobile phone - to log on.”
For media assistance, call John Harris on +61 8 8431 4000 or email firstname.lastname@example.org.
About Centrify Centrify delivers Zero Trust Security through the power of Next-Gen Access. The Centrify Zero Trust Security model assumes that users inside a network are no more trustworthy than those outside the network. Centrify verifies every user, validates their devices, and limits access and privilege. Centrify also utilises machine learning to discover risky user behaviour and apply conditional access — without impacting user experience. Centrify’s Next-Gen Access is the only industry-recognised solution that uniquely converges Identity-as-a-Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). Over 5000 worldwide organisations, including more than half the Fortune 100 in the US, trust Centrify to proactively secure their businesses. Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.