C
Centrify Docs
Open Dashboard

Security Best Practices

Recommendations for securing your Centrify deployments and integrations.

Overview

While Centrify implements robust security measures at the platform level, security is a shared responsibility. This guide provides recommendations for securing your Centrify deployments and integrations to ensure the highest level of protection for your data and AI applications.

Account Security

  • Strong Authentication: Enable multi-factor authentication (MFA) for all user accounts to prevent unauthorized access.
  • Role-Based Access: Implement the principle of least privilege by assigning users only the permissions they need to perform their job functions.
  • Regular Access Reviews: Periodically review user access and remove accounts for users who no longer require access.
  • Password Policies: Enforce strong password requirements and regular password rotation.

API Security

  • API Key Management: Treat API keys as sensitive credentials and store them securely.
  • Regular Key Rotation: Rotate API keys regularly to limit the impact of potential key compromise.
  • Scoped API Keys: Use API keys with the minimum required permissions for each integration.
  • Secure Storage: Store API keys in secure credential management systems, not in code repositories or configuration files.

Network Security

  • IP Allowlisting: Restrict API access to specific IP addresses or ranges when possible.
  • VPC Integration: For enterprise customers, consider using VPC peering or private endpoints for enhanced network security.
  • TLS Configuration: Ensure your clients use modern TLS versions and secure cipher suites when connecting to Centrify APIs.
  • Network Monitoring: Implement monitoring for unusual API access patterns that could indicate compromise.

Data Security

  • Data Minimization: Only send the data necessary for your use case to Centrify's APIs.
  • PII Handling: Consider anonymizing or pseudonymizing personally identifiable information before processing.
  • Data Classification: Implement data classification policies to ensure appropriate handling of sensitive information.
  • Secure Development: Follow secure coding practices in applications that integrate with Centrify.