How Small Businesses Can Stay Safe While Making Access Easy for Authorized Users

How Keeper’s Password Management Works

Keeper safeguards worker login credentials in an encrypted digital vault that’s only accessible with a master password. For deployment, AHP made extensive use of the KeeperFill browser extension, which runs on employees’ web browsers and autofills login credentials for the company’s apps and websites.

“It puts an extension icon within the browser that you can click on to sign in,” Woodruff explains. “Once you’ve signed in to it, you can see a list of all of the accounts that you have access to in there. You can then launch those accounts, and Keeper automatically and securely fills in the credentials.”

Keeper integrates well with the rest of AHP’s IAM infrastructure. The firm uses Microsoft Intune to manage its devices and endpoints. Intune provides conditional access along with multifactor authentication (MFA) to safeguard AHP’s resources, relying on signals such as group membership and IP location to determine which resources to grant the user.

EXPLORE: Learn about these threat and vulnerability management solutions.

Microsoft Entra ID is used for authenticating users’ devices and managing access to resources. In addition, SAML 2.0 protocol is implemented with Entra ID to provide single sign-on, providing AHP employees with an easy, secure way to work.

“We’re really happy with how well Keeper works with Microsoft, SAML and SSO,” Woodruff says. “It does a great job of keeping bad actors out. Not just anyone with a username and password can get onto the network.”

One Keeper feature Woodruff particularly appreciates is BreachWatch, which scans the dark web for compromised passwords and sends notifications to users and administrators.

“When our team logs in, BreachWatch tells them a certain password has been found somewhere on the dark web,” Woodruff says. “It prompts them to change the password. And once they change the password, network administrators must confirm it’s been resolved.”

How IAM Aligns Security and Operational Goals

AHP’s use of Keeper as one part of a wider and deeper IAM strategy highlights the complexity of security that small businesses are navigating today, explains Henry Bagdasarian, who founded the Identity Management Institute and serves as its president.

“While passwords remain a major component of IAM as the main authentication method, they are slowly being replaced with stronger authentication mechanisms, at a minimum being strengthened with MFA, as evidenced in the latest NIST password change guidelines,” Bagdasarian says.

Small organizations are evolving as the threat environment changes. In addition to keeping IAM systems updated and able to address the latest threats, they also want to keep the user experience front and center in their identity management strategies, Bagdasarian says.

“IAM systems contribute to a streamlined user experience by enabling SSO and adaptive authentication,” he says. “These capabilities enable users to access numerous applications with minimal disruptions while simultaneously upholding security protocols. As businesses prioritize agility and scalability, IAM solutions have become an integral component of their digital transformation strategies, aligning security needs with operational goals.”

Click the banner below to learn why cyber resilience is essential to enterprise success.

How Going Passwordless Can Reduce Risk

With most of its staff working remotely, the nationwide mortgage banker NQM Funding needed a way to keep important financial information secure while also making it easy for its employees to access systems and quickly get to work.

“We had the biggest problem with end users either not remembering their passwords or creating really weak passwords,” says Brent A. Sudeck, network architect and IT adviser for NQM. “That introduces risk into our security posture, and it takes a lot of time and energy for IT people to respond to password problems. So, we decided to jump in and go passwordless.”

Like AHP, NQM is using Microsoft Entra ID as part of its IAM infrastructure. Entra ID manages the company’s database of usernames and passwords. A separate authentication platform is connected to Entra ID, managing the passwordless MFA process.

“To protect the network today, you have to implement multiple layers of protection,” Sudeck says. “There’s no one thing that solves all of your problems. You must use all of them in conjunction with one another. If you’ve done the core things and addressed all of the potential angles of attack, that’s a good start.”

DISCOVER: Follow these steps to achieve effective data classification.

Further Layers of Protection for IAM

This is especially true when the network includes cloud resources accessed by employees spread out across the country. The Harmony secure access service edge platform by Check Point serves as an additional layer to NQM’s IAM infrastructure. Harmony helps deliver secure, optimized access to resources whether employees are onsite or remote.

“Harmony verifies that the machine trying to connect uses Entra ID” and its authentication platform, Sudeck says. “It also verifies that the machine meets certain requirements before logging in to our network, including that our endpoint detection and response software is running on it, that it’s up to date, and that it truly is one of our machines being used to access the network.”

Harmony then goes one step further. “It’s zero trust,” Sudeck says. “When that person and machine log in, it essentially maintains firewalls between them and our network, only allowing them access to the resources that they need to do their job. That is critical, especially today, with the prevalence of ransomware.”

Managing Privileged Passwords for PCI-DSS

For First Premier Bank, a financial organization based Sioux Falls, S.D., that issues its own payment card, aligning with the Payment Card Industry Data Security Standard meant that its privileged access accounts needed to be locked down. In addition, the bank was transitioning many of its workloads to the cloud. This provided the perfect opportunity to onboard Password Safe, a new cloud-based password management solution from BeyondTrust.

“We use Password Safe to maintain our administrative accounts,” says David Lokke, First Premier’s senior systems administrator. “Our technology teams use it to retrieve their passwords, access applications and use resources such as servers. The passwords change every 24 hours, using a new, 25-character password on each server, workstation and shared service account.”

Password Safe capabilities include managing both privileged account passwords and account secrets. Lokke has made good use of Password Safe’s Smart Rules feature, which allows him to automate the discovery, management and access control of First Premier’s privileged accounts and assets. He then organizes them into Smart Groups for easier management and permissions assignment.

“Password Safe is very customizable,” Lokke says. “Smart Rules helps me organize our users and point them to a certain application or server. I really like its flexibility. It’s opened up possibilities for our technology teams. Now, I’m getting requests for different features. They come up with an idea, and then they want to know if they can do it with Password Safe. We’re constantly finding ways to reorganize how we manage accounts to make it easier for our users.”