With 80% of security breaches involving privileged credentials, it should be well understood by now that all shared or embedded enterprise passwords must be managed with accountability and control. But what about those accounts that aren’t necessarily shared or embedded – those personal passwords that are important to users and need protection, but not with the full monitoring and auditability of an enterprise password solution? In this blog, I will discuss an option available to IT security organizations that extends the control, management and centralization of enterprise passwords to end-user passwords through the ease of the cloud.
Defining Personal Password Management
Let me start by defining what exactly I mean by a personal password management solution. Essentially, such a solution could be used by all employees within an organization to store personal and work-related passwords. This type of solution would not be administered by IT security admins – but by the general user population.
Cloud-based Offers Maximum Ease of Use
Why should organizations consider a cloud-based personal password management solution? At the end of the day, it comes down to accessibility, ease of deployment, and ease of use. Cloud-based solutions provide unlimited scalability without IT having to deploy infrastructure, and at the same time provide a service that is accessible to users both inside and outside the firewall.
For example, consider some of the following use cases where a cloud-based solution might be preferred over an isolated consumer-based on-prem installation:
- Mobile credential access when a VPN connection is not available
- Break-glass use cases when access to an on-premise solution is not available
- Shared credential access with no premise technology required for DevOps, cloud, or contractors
- Zero footprint installation and no need for on-premise resources or maintenance
Personally managed passwords have a different liability aspect if compromised – thus, a cloud-based approach with zero risk to the business is beneficial
It Comes Down to Trust
There is understandable relunctance for many companies to move their credentials (even personal ones) to the cloud, which is the primary reason why many organizations look for on-prem solutions. As you evaluate options for personally managed passwords, look for solutions that:
- Have been designed from the outset to be secure. Cloud-based solutions such as those that run on the Microsoft Azure platform, for example, have undergone rigorous pen testing and architecture review by Microsoft specialists.
- Consider encryption – pre-encryption of data in trust no one (TNO) model.
- Provide secure capabilities for backups, maintenance, hardening, and access. In the cloud, there is actually a lower risk of faults in these areas than with an end user deployment.
Why a Personal Password Solution Should Be Synced with an Enterprise Password Management Solution
Using a consumer-grade personal password tool for business purposes may serve the simplest of use cases, but as an organization’s perimeters (and thus attack surfaces) expand and the lines blur between business and personal apps and devices, it’s important to have integration between what’s managing your enterprise and personal credentials.
Enterprise credentials should be rotated by an enterprise solution – personal credentials are generally managed by the user. Providing users with a capability to store personal credentials decreases the risk that they will use the same credentials for personal and business. Synchronizing strategic accounts to the cloud also offers the ultimate break glass solution for enterprise accounts.
Securing personally managed passwords can be efficient and cost-effective in a cloud-based model, and by integrating with an on-prem enterprise password management solution organizations add complete control and accountability over all of their authentication mechanisms – whether managed centrally by a privileged access management solution or directly by the user.
BeyondTrust is currently beta testing a new cloud-based solution for password management, and we want your feedback! To be a part of this program, contact me today!