Zero-Knowledge Encryption. Why it Matters
Companies are gathering, storing and selling confidential personal and business data. Many companies storing the data might not be storing them in a secure manner. Even if the data is secured from the outside, how do you know you can trust their employees?
Why It’s Critical
Companies ranging from Google to SalesForce store and frequently use your confidential personal and company data for advertising and marketing purposes. The data can contain highly sensitive information such as employee personally identifiable information, customer accounts and details about your business plans. Most users do not understand how their data is stored and if their information is secure. This causes a range of issues from compliance to security.
How Keeper Solves It
Keeper is a Zero-Knowledge Password Management solution. This means all information that is stored in Keeper is only accessible by the end-user. All encryption and decryption is done on-the-fly in the client’s device, and the data is encrypted both in-transit (TLS) and at rest on Keeper’s Infrastructure (AES-256). The plaintext version of the data is never available to Keeper Security employees nor any outside party. The cloud component of our product is purely for the synchronization of encrypted data syncing and access controls. Keeper is fanatical about protecting customer data, but in the unlikely event Keeper was hacked, the attackers could only possibly access the worthless ciphertext.
With Keeper, the user’s master password is converted using PBKDF2 into a key that unlocks the data key on the device. Each individual record stored in the user's vault is encrypted with an additional 256-bit AES key that is randomly generated on the device. The multiple layers of encryption ensure that even if a single key were compromised, access to other records would be contained. We call this limiting the “blast radius.”
Improve Password Awareness and Behavior
Most businesses have limited visibility into the password practices of their employees which greatly increases cyber risk. Password hygiene cannot be improved without critical information regarding password usage and compliance. Keeper solves this by providing comprehensive password reporting, auditing, analytics and notifications.
Centralized Privileged Access Management (PAM)
Privileged access users such as IT admins and security professionals have one secure location to store and find all their passwords, digital certificates, SSH keys, access keys, API keys and more. With role-based access, administrators have fine-grained control of policies. Credentials may be shared among teams or contractors and then revoked.
Securely Share your Passwords
Each user has public and private encryption keys used for encrypting the vault, sharing password records and messages between users. Shared information is encrypted with the recipient's public key. Keeper’s record sharing methodology is easy to use, secure and intuitive.
Keeper is intuitive and easy to deploy regardless of the size of your business. Keeper integrates with Active Directory and LDAP servers which streamlines provisioning and onboarding. Use Keeper SSO Connect® to integrate into your existing SSO solution.
Keeper Scales With Your Business
Keeper was designed to scale for any sized business. Features such as role-based permissions, team sharing, departmental auditing and delegated administration support your business as it grows. Keeper Commander™ provides robust APIs to integrate into current and future systems.
- Keeper Enterprise Deployment Guide
- SSO Provisioning with Keeper Enterprise
- Active Directory Provisioning with Keeper Enterprise
- Why Biometrics Will Not Replace Passwords
- Enhancing and Extending Single Sign-On with Keeper SSO Connect®
- How Can I Store and Protect My Digital Certificates and Access Keys?
- All the Keys to the Kingdom: Use Keeper to Stop Trust-Based Attacks
- Learn More About Keeper for Your Business