We all use countless apps, websites, and other network connected services every day for the most mundane use cases, such as ordering a cup of coffee or online banking services. The one common link across all of these services? They require passwords to keep you and your PII (personally identifiable information) safe and secure. For businesses, keeping these passwords or “credentials” secure is mission critical to their ability to perform their day-to-day services and keep their customers’ PII private.
Over the last decade the increasing frequency of respected brands and public figures being hacked has been brought into the spotlight by the media, but unfortunately all kinds of businesses from SMBs to enterprises face these challenges every day. What’s even more alarming is that hacking techniques have advanced to the point that teenagers are able to carry out sophisticated attacks against the likes of Twitter, Elon Musk, and even Presidential candidate Joe Biden. But how is this possible – wouldn’t Twitter have top-notch cybersecurity tools & protocols to prevent this?
Historically, Privileged Access Management (PAM) solutions have served as the core Identity and Access Management (IAM) solutions for enterprises to prevent attacks like these. However, PAM solutions were designed around IT applications and use cases, and have been geared towards a more highly technical user, leaving business applications and their users defenseless. But what about “passwordless” solutions like Single Sign On (SSO)? Yes, password usage is reduced with an SSO solution, but it’s impossible to share access and accounts across multiple users, and applications must be SAML compliant to be SSO compatible. Ultimately, there will always be a “long tail” of industry or use-case specific applications that will never be SAML compliant.
As a result, PAM and SSO solutions leave a large gap in enterprise security, and in the case of the recent Twitter hack, a teenager was able to use social engineering to pose as a co-worker from the IT department and gain access to the credentials protecting the customer service portal. Unfortunately, sharing passwords across employees without permission (or even posting sticky notes with passwords on monitors, desks, etc.!) is fairly common practice across organizations of all sizes, although top-down governance from management discourages this behavior. Just ask any cybersecurity expert and they’ll tell you that people are actually the weakest link to compromise any organization, and ultimately, this is where Keeper comes into play as it fortifies weak spots ignored by PAM & SSO vendors.
So how does Keeper help? Keeper’s SaaS-based password manager enables enterprises to provision and maintain encrypted passwords for individuals and teams to use across their business applications, eliminating the need for employees to keep track of their passwords and instead centralizing them in an encrypted password vault. More importantly, administrators can assign different permissions or “privileges” to different individuals within the organization, allowing all password sharing to be governed top-down and preventing credentials from ending up in hands of malicious actors.
As for the Keeper Security / Insight Partners story, our first conversation with CEO Darren Guccione was back in 2013! At the time, Darren and his team were solving serious pain points for consumers but hadn’t yet taken the foray into enterprise security. Needless to stay, the entire team at Insight saw the potential in Keeper and stayed in close contact with Darren, checking in on a regular basis as the business transitioned to a more B2B centric model. 2020 saw Keeper’s B2B business growing at triple-digit rates, posting its best month in the company’s history in July. Insight and Keeper were eager to partner on a $60M “growth round” to pour more fuel on the fire and solidify Keeper as the market leader in Enterprise Password Management (EPM).