Enhancing Digital Security with Keeper Security Password Manager: Use Cases and Benefits

Introduction

We live in an increasingly interconnected world where the cyber threat environment is continually evolving. Cyber criminals target everyone – consumers, private-sector businesses and governments – and their attacks are becoming increasingly more sophisticated, damaging and costly. Yet the genesis of most successful cyber attacks remains very simple: a compromised password. For this reason, password management has emerged as a critical factor in ensuring data security.

Keeper Security, a global leader in identity and access management (IAM) and privileged access management (PAM), offers a comprehensive password management and security solution to protect organizations of all sizes from data breaches, ransomware and other password-related cyber attacks. This article explores the features and use cases for Keeper Security Password Manager, with particular emphasis on password sharing, secrets management for DevOps, and privileged session management.

Understanding Keeper Security Password Manager

Keeper Security Password Manager is a robust, cloud-based solution with a user-friendly interface and a comprehensive suite of features to help organizations control their users’ password habits, secure IT secrets such as SSH keys and digital certificates and manage privileged sessions by IT and DevOps personnel.

1. Password Sharing Made Secure

Ideally, all users should have their own, individual logins to online accounts, but this isn’t always feasible in a business environment. If users must share passwords, they need to be able to do so securely – and easily.

Keeper enables individual users and teams to securely share passwords and other data, without exposing sensitive information through email or other insecure means. Keeper supports 3 methods of sharing, which administrators can control using role-based enforcement policies:

1. Shared Folders enable administrators to share records and subfolders with individual users and teams, with specified permissions. When a user is added to a Team, they will instantly receive access to the shared folders for that Team and the records associated with those shared folders. When the user is removed from a team, their access is revoked from any shared folders, and those folders are immediately removed from their vault.
2. Direct Sharing allows individual users to safely share individual records or folders with other Keeper users, again with specified permissions.
3. One-Time Share enables users to securely share a record or file with anyone, even if they don’t have a Keeper account. One-Time Share links automatically expire at a time of the user’s choosing, and they can only be used on one device. Even if the user forgets to un-share the record, it will expire automatically, and the recipient’s access will be revoked.

Sharing uses Elliptic Curve (EC) encryption technology to preserve zero knowledge and to ensure that shared record recipients can only decrypt the data they have been provisioned.

2. Secrets Management for DevOps

In DevOps environments, common CI/CD pipeline tools such as Jenkins, Ansible, Github Actions, and Azure DevOps use IT secrets to access databases, SSH servers, HTTPs services and other sensitive systems. Typically, these secrets are stored in a config file for the deployment system or in one of a dozen different storage vaults. If teams aren’t storing credentials in config files or systems, they’re likely being stored in their DevOps environments. Neither scenario is optimal or secure, because administrators lack visibility, auditability and alerting secrets usage.

Keeper Secrets Manager provides DevOps, IT security and software development teams with a fully cloud-based, zero-knowledge platform for managing infrastructure secrets such as API keys, database passwords, access keys, certificates and any other type of confidential data.

Common use cases for Secrets Manager include:

• Removing hard-coded credentials from source code
• Replacing configuration file secrets
• Pulling secrets into CI/CD systems like Jenkins, GitHub Actions and More
• Protecting access to privileged passwords, API keys and other managed secrets.
• Providing vault access to machines and applications
• Rotating passwords, machine credentials, SSH keys and cloud identities

In addition to enhancing security, Keeper Secrets Manager optimizes the efficiency of the development pipeline by ensuring that team members have access to the secrets they need when they need them.

3. Privileged Session Management

The bold new world of remote and distributed work presents IT and DevOps teams with new challenges, as they must perform infrastructure monitoring and management remotely. IT and DevOps personnel need a reliable, scalable and secure way to remotely connect to their machines, as well as monitor and control these privileged sessions. Virtual private networks (VPNs) are a common choice, but they’re expensive, notoriously difficult to configure, maintain and use, and rife with latency, reliability, and availability problems.

Keeper Connection Manager (KCM) is a privileged session management solution that provides DevOps and IT teams with effortless access to RDP, SSH, databases and Kubernetes endpoints through a web browser. KCM is an agentless remote desktop gateway that can be installed in any on-premise or cloud environment.

Administrators can use KCM to provide privileged users with access through RDP, SSH, VNC, MySQL and other common protocols, without having to expose privileged credentials. Fine-grained controls enable administrators to provide access to the entire system – or just one machine. Access can be revoked at any time, and a robust audit trail identifies when and how the system was used.

Additionally, KCM supports both video recordings of connection sessions and (for certain connection protocols) typescript recordings that record only the text sent to the client machine. These session recordings are stored within KCM, not on end-user machines, ensuring that threat actors cannot modify or delete them.

Benefits of Using Keeper Security Password Manager

Now that we’ve examined the features of Keeper Security Password Manager, Keeper Secrets Manager, and Keeper Connection Manager, let’s look at the benefits of Keeper’s enterprise cybersecurity suite.

• Zero Knowledge Security

Keeper is a zero-knowledge security provider. This means that no one but the customer can view the passwords, files or other data stored in the customer’s Keeper vault — not even Keeper’s own employees. Data in the payload is encrypted locally on the user’s device and decrypted on the user’s device. Keeper uses Protocol Buffers within encrypted payloads to ensure data models are enforced on the client device. Data at rest is encrypted using AES 256 GCM, and data in transit is encrypted with TLS 1.2. In addition to using TLS, Keeper’s API uses Elliptic Curve (ECIES) signing to defend against replay attacks and man-in-the-middle attacks, as well as to perform integrity checks.

• Streamlined Collaboration

The ability to securely share passwords and secrets simplifies teamwork and collaboration. Team members can easily access the information they need, when they need it, without compromising security. This is particularly useful for remote teams or organizations with geographically dispersed offices and team members.

• Control of user password habits

Left to their own devices, most people tend to use weak passwords and reuse passwords across accounts. Keeper enables administrators to set and enforce password complexity requirements organization-wide. These can be adhered to via domain matching rules or as part of a record template requirement.

• Compliance and Auditing

Many industries are subject to stringent compliance requirements. Keeper’s Advanced Reporting and Alerts Module (ARAM), a critical component of the Keeper platform, provides Keeper administrators and compliance teams with tools for monitoring overall usage and adherence to policies. ARAM captures over 150 different user and administrator events for both detailed reporting and SIEM integration as well as advanced notifications via email, SMS or Slack.

• Time and Cost Savings

Keeper significantly reduces the time-consuming task of manually managing passwords, secrets and privileged access – and it virtually eliminates password reset tickets. This frees up IT and security teams to focus on internal projects that drive the business.

Conclusion

Keeper Security Password Manager, together with Keeper Secrets Manager and Keeper Connection Manager, offer organizations a comprehensive cybersecurity suite to prevent password-related cyber attacks.  Keeper’s zero-knowledge encryption, advanced authentication methods and user-friendly enable organizations of all sizes to enhance their security posture while streamlining their workflows. As the cyber threat environment evolves, investing in password, secrets and privileged session management solutions like Keeper is critical for ensuring data integrity and safeguarding sensitive information.