Bill O’Neill, vice president of Public Sector for ThycoticCentrify, recently spoke with ExecutiveBiz for the publication’s latest Executive Spotlight interview to explore the advantages of bringing Thycotic and Centrify together to create complex solutions for large enterprises.
In addition, O’Neill also discussed recent disruptions in our supply chain management and the lessons we should learn from the big money losses they caused as well as cloud transformation efforts, the importance of identity consolidation and privilege elevation, adopting zero-trust capabilities and protecting against ransomware.
“The strengths of Centrify and Thycotic are truly complementary, and we’ve already had several conversations with some of our business customers to communicate our strategy and vision, and how it will impact them, and the response has been overwhelmingly positive.”
You can read the full Executive Spotlight with Bill O’Neill below:
ExecutiveBiz: You wrote recently about many big businesses losing two to four trillion dollars as a result of pandemic disruptions in our nation’s supply chains. With cybersecurity security only becoming more important by the day, what are the lessons we should learn from the funds we’ve lost and changes we need to make to minimize supply chain disruptions?
Bill O’Neill: “You see numbers like that and obviously, it’s alarming. Cybercriminals are no longer just going after personal data – they’re trying to deeply embed themselves into everything. And it goes so much further than just the dollars lost.
When you have the federal government declare the attacks on our critical infrastructure as a national emergency with funding to address it, you know how big of a problem it’s become, how dire the situation is, and how urgently we need to address it.
The call to action made to the public and private sectors as well as funding available through the Infrastructure Bill, the Technology Modernization Fund, and via CISA and Cyber Command show that the federal government is ready to take this risk more seriously, because it’s a national emergency with national consequences.
And disruption is just the tip of the iceberg. These are breaches that will have longevity, and long-reaching effects across a range of industries. It’s important they prioritize this threat now.”
ExecutiveBiz: What can you tell me about the advantages of bringing Thycotic and Centrify together to create complex solutions for large enterprises and offer your clients the “best of both worlds?”
Bill O’Neill: “What I’m really impressed by as we go through this integration together as ThycoticCentrify is that what looks good on paper is actually what is coming to fruition day-by day.
There’s always a lot of skepticism when two companies with similar offerings come together because sure, there are going to be synergies, but at what disruption to the business and the customers.
But the strengths of Centrify and Thycotic are truly complementary, and we’ve already had several conversations with some of our business customers to communicate our strategy and vision, and how it will impact them, and the response has been overwhelmingly positive.
They understand why it makes sense, why we will be better together, and how our combined solutions offering will make them more secure and empowered to better address a range of cyber threats.
ExecutiveBiz: What can you tell us about the importance of identity consolidation and privilege elevation, as well as the importance of adopting zero-trust capabilities and protecting against ransomware?
Bill O’Neill: “When you think about the anatomy of a hack, the reality is that the first step is fairly easy. We have a saying that cyber attackers no longer ‘hack’ in, they log in using weak, stolen, default, or otherwise compromised passwords and credentials. Getting access to the network is the easy part.
It’s what an organization does to stop those intrusions that matter. All too often, they are looking to elevate their privileges and get the ‘keys to the kingdom’ that will enable them to move laterally, find valuable data and sensitive systems, and engage in profitable cybercrime.
By consolidating identities with a zero-trust approach, organizations can reduce the attack surface and make sure that anyone or anything requesting privileged access must pass strict security controls beyond just a username and password.
In the case of ransomware, often those intrusions can be stopped before they are even able to install their malware because they won’t be able to get access to a system they shouldn’t.”
ExecutiveBiz: A lot of organizations have accelerated their cloud transformations as a result of the pandemic, work from home workforces, and more. What does that mean for their security?
Bill O’Neill: “The cloud obviously represents a massive expansion of the enterprise attack surface, and it needs to be prioritized. In fact, I’d say it’s a strong testament to the foresight of creating programs like FedRAMP.
Many organizations think that securing their cloud environments is dramatically different than securing on-premises data centers, but the reality is that most of the same best practices are still applicable. What’s important is making sure to have cloud-ready cyber solutions that can address those needs across on-prem, hybrid, and multi-cloud environments.
And another important distinction is to have a proper understanding of the Shared Responsibility Model, where the cloud provider is responsible for securing the cloud itself and the organization is responsible for securing the data in the cloud itself including admin accounts and controls.”
ExecutiveBiz: With ThycoticCentrify moving forward under a united cloud platform, what can we expect from the platform and your capabilities and next steps for the rest of 2021 and beyond?
Bill O’Neill: As we integrate our solutions portfolios, the cloud platform will be the foundation upon which all Privileged Access Management solutions build upon to provide comprehensive controls and protection against identity and access threats, whether internal or external, human or machine, in the cloud or on-prem.
This includes features such as federated access based on identity and verified with multi-factor authentication, hub-and-spoke gateway connectors, unified policy management, and continuous discovery of privileged accounts and systems.
Many PAM vendors only offer these as add-ons, or plug-ins with other providers because they don’t offer these capabilities. We feel they are the bedrock of any Privileged Access Management strategy.”