Historically, most organizations used a “castle and moat” model to ensure network security. Users and devices inside the network perimeter were trusted by default, while those outside of it were not. This was a logical approach when most or all equipment and employees were on-prem, ensuring a clearly defined network perimeter.
Then, cloud computing and mobility fundamentally changed organizational data environments. Instead of residing in machines locked up in on-prem server rooms, applications and data were distributed among multiple public and private clouds, computers, and smart devices, more employees were able to work remotely, and companies began outsourcing IT services to third-party contractors who accessed systems remotely.
Suddenly, the “network perimeter” wasn’t just blurred; it no longer existed, and the castle and moat model was rendered obsolete. Companies began moving towards a modern model called zero trust, and the remote work boom caused by the COVID-19 pandemic accelerated its adoption. Dark Reading reports that 70% of organizations are moving towards zero trust to secure their remote workforces post-pandemic.
Trust No One Mentality
What is zero trust? Far more than just an IT buzzword, zero trust was crucial to data and network security in modern digital environments even before the COVID-19 remote work boom; the post-pandemic workplace will only solidify its importance.
Instead of implicitly trusting all users and devices within the network perimeter, zero trust doesn’t trust any of them. Zero trust assumes that all users and devices could potentially be compromised, and everyone, human or machine, must be verified before they can access the network.
Zero trust isn’t about deploying a particular technology; it’s about altering the organization’s approach to security. When done properly, zero trust gives IT administrators full visibility into all users, systems, and devices, helps ensure compliance with industry and regulatory mandates, and helps prevent cyberattacks caused by compromised user credentials or stolen devices.
This means that without password security, zero trust falls apart.
Password Security is Fundamental to Zero Trust
With its emphasis on user and device verification, a successful zero trust implementation hinges on the ability for organizations to enforce comprehensive password security among its users, including the use of strong, unique passwords for every account and multi-factor authentication (2FA) on all accounts that support it. IT administrators must also set up and enforce role-based access control (RBAC) and least-privilege access.
Without a password management and encryption platform, these are impossible feats. Organizations have no visibility or control over what their users are doing with their passwords, and they desperately need visibility and control. The remote work boom has increased the risk of password-related cyberattacks. SC Magazine reports that 93% of at-home workers admit to reusing passwords across accounts, and 29% say they allow family members to use company-provided devices.
Keeper Supports Zero Trust with Password Security & Zero-knowledge Encryption
If the zero trust tagline is “Trust no one,” zero-knowledge’s tagline is, “We know nothing, and we can’t access your data.”
zero-knowledge is a security model that utilizes a unique encryption and data segregation framework that helps support zero trust by protecting against remote data breaches. IT service providers that use a zero-knowledge framework are prevented from having any knowledge as to what is stored on their servers.
In Keeper’s case, we have “zero-knowledge” of our users’ master passwords, and we have no access to customers’ encryption keys to decrypt their data.
Keeper’s zero-knowledge password management and security platform provides organizations the total visibility and control over employee password practices that they need to successfully implement a zero trust security model. IT administrators can monitor and control password use across the entire organization, both remote and on-prem, and set up and enforce RBAC and least-privilege access. Keeper also has the following benefits:
- Ease of use for both IT admins and end users; rapid deployment on all devices with no upfront equipment or installation costs
- Personalized onboarding and 24/7 support and training from a dedicated support specialist
- Support for auditing, event reporting, and multiple compliance standards, including HIPAA, DPA, FINRA, and GDPR
- Easy integration with SSO; no need for separate logins
- Secure storage for sensitive files, documents, photos, and videos on unlimited devices
- Private vaults for each employee, plus shared folders, subfolders, and passwords for teams
- Complete flexibility; whether your organization is an emerging business or a multinational enterprise, Keeper scales to the size of your company
Password security is the foundation of cybersecurity, and it’s also the foundation of a zero trust architecture, especially in a remote work world. It’s impossible to successfully implement a zero-trust architecture without securing user passwords.