As you’ve probably seen around here, Centrify is excited about our features which enable enterprises to deploy MFA across their enterprise, so that you are fully protected.
We’ve been calling this initiative “MFA Everywhere.” But, what does “everywhere” mean? To me it means protect your data/apps/network with a modern identity perimeter wherever you expose access. Imagine if all the doors to enter your house required keys, except one. That wouldn’t be a very good solution to protecting your home, so make sure you aren’t doing something similar to your network. Remember, half protected, is half not.
VPN’s are often overlooked for this form of protection because they can be difficult to configure, the vendors and features are constantly changing, and the majority of users who use VPN access heavily are naturally your remote users. The ones who often are the biggest burden to IT, because when they want access at 3am, they will wake up the on-call guy and demand access NOW. So keeping this solution simple is an understood necessity.
VPN’s can sometimes represent the largest attack-surface to your enterprise. If someone is allowed to gain access, they have IP-level connectivity to a large part of your internal network. You know — the part that’s supposed to be “secure.” Protecting that VPN front door with MFA is a great way to boost your security.
Centrify chose to implement a RADIUS gateway as part of the Cloud Connector. This is a great approach — the advantages are:
- No new software to install. Your Cloud Connector will automatically have this feature when it auto-upgrades to 16.2
- Works with ANY VPN that uses RADIUS for authentication
- All configuration done from cloud admin portal
We chose a few of the most popular VPN’s to get IT admins started, but like I said, if it supports RADIUS it will likely just work. If you are already familiar with RADIUS, it’s pretty easy to set-up. You can learn more about out Radius support – and some specific VPNs we work with here.
We’re proud to help our customers boost security for their VPNs, but for many users, eliminating VPN’s altogether can be a better security choice. Especially for users who only need app access and not IP-level connectivity. Centrify’s App-Gateway solution provides such capability while still layering secure SSO, and MFA to secure the app access.