Organizations are increasingly embracing multi-cloud and hybrid IT environments. According to Flexera’s 2020 State of the Cloud Report, 93% of organizations have a multi-cloud strategy, and 87% have a hybrid strategy. The report also found that nearly 60% of organizations expect their cloud usage to be greater than originally anticipated due to COVID-19.
However, companies are struggling to secure their clouds; according to Flexera’s report, cloud security was the respondents’ top challenge, exceeding even cloud spend management.
Multi-cloud & hybrid present unique IAM challenges
Because compromised passwords are responsible for the overwhelming majority of data breaches, keeping user identities secure through robust identity and access management (IAM) is the foundation of cloud security.
IAM is especially challenging in multi-cloud and hybrid environments. End-users must go through multiple authentications to use the cloud service between shared service providers, and not all of these providers may be processing login credentials in a secure manner. Each time a service authenticates a user, the user is at risk of their credentials being exposed.
To reduce this risk, many companies have turned to single sign-on (SSO), which enables end-users to use one set of login credentials on multiple websites or cloud applications. However, not all apps support SSO, and it has its own security risks, particularly if it isn’t implemented in conjunction with two-factor authentication (2FA), role-based access control (RBAC), and robust password security, such as requiring employees to use strong, unique passwords for all sites and apps.
Keeper overcomes IAM challenges with zero-knowledge encryption
Keeper protects user credentials in multi-cloud and hybrid environments through our zero-knowledge security architecture. All information that is stored in Keeper is accessible only by the end-user, with all encryption and decryption done at the device level, never on the server. The data is also encrypted both in-transit (TLS) and at rest on Keeper’s Infrastructure (AES-256).
This means that the plain-text version of the login credentials and other data stored in Keeper vaults is never accessible to any outside party — not even employees of Keeper Security.
With Keeper, each end user’s master password is converted using PBKDF2 into a key that unlocks the data key on the device. Each individual record stored in the user’s vault is encrypted with an additional 256-bit AES key that is randomly generated on the device. These multiple layers of encryption ensure that even if a single key were compromised, cybercriminals would be unable to access any of the other records.
The affordable, flexible, zero-trust IAM solution for multi-cloud & hybrid environments
Keeper is an affordable but powerful solution that easily integrates with SSO, with no need for separate logins. It also supports RBAC, 2FA, auditing, event reporting, and multiple compliance standards, including AICPA Trust Services Criteria (SOC2), ISO 27001, HIPAA, and GDPR.