Enterprise employees hold hundreds of passwords to access the accounts and applications they need to perform their jobs. But this huge volume makes it impossible for them to remember and create unique, high-entropy passwords for each online account, which creates dangerous security risks for the enterprise, says Mike Newman, CEO of My1Login, an identity and access management product company.
With so many passwords circulating among employee hands, this makes it easier for criminals to steal them via phishing scams. Suddenly the keys to the enterprises’ most sensitive assets are held by hundreds of people and it only takes one successful phishing attack for a criminal to compromise them.
To counter this risk, many organisations have turned to Enterprise Password Managers (EPM), which enable them to eliminate password risks and meet compliance requirements, without impacting employee productivity.
EPMs can offer employees a Single Sign On experience for applications that still require passwords, but some can also be used to enforce highly secure, high-entropy passwords that would be almost impossible to crack using a brute force attack. The solutions also remove passwords from the hands of users, instead they are automatically authenticated with the sites and applications an employee needs access to without them ever seeing or knowing the password. However, when it comes to modern EPM solutions, there are certain features they must possess to enhance the security of enterprises. So, what are these?
1.Zero Sign-in to the Enterprise Password Manager to Reduce User Friction
One purpose of a password manager is to make things easier for employees, not to give them yet another password to remember. An EPM that integrates with the enterprise’s corporate directory means no sign-in is required to the password manager itself. This creates a frictionless user experience and guarantees user adoption.
2.Zero User Interface Option to Guarantee Adoption
For widespread enterprise use, it is recommended to choose an EPM that can be configured to run silently in the background, providing users with access to the passwords they need at the time when they need them. An EPM that can present the relevant passwords to the user at the point they are attempting to access an application means no training is required, which in turn means significantly higher adoption and greater security benefits.
3.Password Policy Enforcement to Eliminate Phishing Risks
Use an EPM that can generate strong, random passwords that comply with policies and automate user password updates on external (third-party) applications, without the need for an API. It’s also important that the solution can automate synchronisation of newly updated passwords to ensure that, where passwords are shared, all permitted users and groups have immediate access to the updated credentials.
4.Zero Knowledge Encryption for Greatest Security
Zero Knowledge Encryption means that no-one outside the enterprise can access stored passwords – not even the vendor of the EPM. This is crucial in giving organisations complete control and eliminating a potential security risk.
5.Provides Single Sign-On for Apps
Allowing easy, one-click access to apps by automatically filling login forms completes the journey towards an unobtrusive user experience, making the need for copying and pasting of credentials from the password manager unnecessary.
6.Multiple Credentials per App
Frequently, employees need to access multiple accounts for the same application. A password manager that facilitates easy switching between multiple identities used for a single-application is essential to cater for broader use-cases that exist within departments such as finance and IT.
7.Sharing of Credentials with Granular Permissions
When access to accounts and services need to be shared between users and teams, it is important to ensure that appropriate security and governance is maintained. The EPM should enable the secure sharing of credentials with specific permissions associated (i.e. read, write, update, view, allow onward sharing etc.) meaning effective governance and control is maintained without compromising on efficiency or user experience.
8.Full Audit Trail and Integration with Security Information and Event Management (SIEM) Solutions
Any effective EPM should be able to provide a full audit trail of who accessed what system and when to help support compliance and any retrospective investigation following a security incident.
9.Optional Ability to Discover Applications and Learn Credentials
EPMs that can discover the apps being used by employees and learn the credentials for these expedites time-to-value by reducing setup effort whilst detecting shadow-IT.
10.Policy-based, Application-specific Step-up and Multi-Factor Authentication
Credentials for some critical applications and systems will potentially have a higher risk profile that necessitates additional security before there are made available to users. The EPM should provide the capability to apply application-specific policies for step-up and Multi-Factor Authentication.
An EPM needs several critical features to deliver value and guarantee return on investment. Being secure goes without saying but it is also critical that the user experience is unobtrusive and frictionless, so there are minimal barriers to workforce adoption of the product. By finding a solution that meets these needs, organisations will significantly improve their cybersecurity, while keeping their passwords and employees safe.
