Today it’s not just users in the IT, even non-human entities can have real-time permissions and access to databases and cloud services. Cybercriminals on a mission to unlock unauthorized access to enterprise secrets understand this and use it to their advantage. That explains how some attacks spread well beyond the initial scope of the breach. At the Security Field Day in March, Keeper Security presented the Keeper Secrets Manager (KSM), a Knowledge platform designed to aid businesses cope with the new challenges around secrets management in enterprises.
Hardcode Sensitive Information Is High-Value Target
With the uptick of successful data breaches, attackers are now too close to comfort. It all starts with a password breach and once past that point, there’s unfettered access to critical infrastructure secrets like AWS access keys, API keys, certificates, database passwords, service account passwords, SSH keys and whatnot. And yet password security is still in the fringes of the bigger cybersecurity discussion.
This problem is exacerbated by the secrets sprawl that enterprises are experiencing in their journey of digitization. The way to manage and protect sprawling privileged systems and the confidential data they house is to have an intelligent platform that enforces security policies for both human and non-human identities with a bulletproof security model.
Keeper Security for IT Secrets Management
Since 2011, Keeper Security has been into password management. Slowly branching out to enterprise secrets management in the face of rising supply chain attacks, they are now pivoting towards infrastructure protection with the goals of introducing broader cybersecurity coverage for more diverse use cases. Its recent acquisition of Glyptodon and integration to the proprietary Keeper Secrets Manager is a step in that direction.
In the beginning, their focus was consumer products, like their subscription-based password manager. From there, Keeper Security has built a rich and diverse portfolio of business and enterprise grade products, a customer base with over 1.7 paying customers and offices in the US and Ireland, in just a decade. Now close to acquiring its FedRAMP certification, Keeper Security serves government and public sector companies.
Keeper Secrets Manager
Keeper Security showcased their cloud-based secrets management platform, Keeper Secrets Manager (KSM) at the recent Security Field Day event in March. At the presentation, Craig Lurey, CTO and Co-founder at Keeper Security walked us through the Keeper encryption model and later gave a demo of the platform.
The Keeper Security Manager is a fully cloud-based, multi-platform solution that has two versions, a web-based application called the Web Vault and a native desktop app – the Keeper Desktop App that runs on Mac, Windows and Linux. Browser extension KeeperFill supports all browsers and allows for a faster login for enterprise customers.
At it’s foundation, the Keeper Secrets Manager has two components that form the Keeper encryption model that they adhere to for their security products. It’s Zero Knowledge and Zero Trust. Zero Trust as a security approach does not need an introduction, but Zero Knowledge surely deserves some spotlight.
Keeper Security’s Zero Knowledge approach involves encryption and decryption locally on the device for highest levels of security. Once in the cloud, users have access to their passwords irrespective of where they are logging from. Secured with mechanisms like 256-bit AES, Elliptic Curve cryptography and multi-layer encryption, the data is non-decryptable between users in the same enterprise environment, as well as from the provider.
As part of multi-level authentication, Keeper Security assigns a key to every individual record in the vault with a record level encryption, which is further encrypted by a data key that is either derived from the user’s master password or created using other encryption mechanisms.
Furthermore, protection is offered through a device approval system that disables authentication for unrecognized devices until approved. The Keeper Secrets Manager also has a biometric key which it uses instead of the key created from the master password when a user logs in with a face id.
The Keeper Secrets Manager, with its multi-step authentication, umbrella protection against varied attacks and latest encryption technologies is a smart choice for enterprises to protect credentials and confidential data from malicious actors. For its fine-grained control access and permissions, it should be in the toolkit of any organization that is looking to find failsafe ways to safeguard its sensitive resources from cybercriminals. Get a free trial today.