Keeper Automator: Device authentication is a crucial part of a zero-trust security architecture.Keeper SSO Connect On-Prem: Just like Keeper SSO Connect Cloud, our on-prem SSO integration works with all major SAML 2.0-compatible identity providers, including Microsoft Azure, Okta, Google Workspace, Centrify, OneLogin, Ping Identity, JumpCloud and more, with zero-knowledge encryption and seamless authentication for end-users.Keeper Commander toolkit: This provides AD password rotation plugins that can be configured or customized to fit the customer’s business needs.The Keeper Bridge is designed to use the Lightweight Directory Access Protocol (LDAP and LDAPS) to communicate with LDAP-based Directory Services for the purpose of onboarding and offboarding users to the Keeper platform. Active Directory Bridge: Keeper Bridge allows businesses on-prem Active Directory (AD) environments to integrate with Keeper for the automatic provisioning and deprovisioning of Users, Roles and Teams to Keeper.While on-prem components are not required to operate the Keeper platform, numerous Keeper components can be optionally hosted and installed on-prem, including: Keeper’s encryption model supports the Bring Your Own Key (BYOK) management process, because the keys are either derived from the user’s master password, or they are distributed through the functionality of the SSO Connect client-side encryption platform. Sharing of data uses public key cryptography for secure key distribution.The Keeper application never stores any plain text (human readable) data, only encrypted ciphertext.When data is synchronized to another device, the data remains encrypted until it is decrypted on the other device. Data is encrypted on the user’s device before it is transmitted and stored in Keeper’s digital vault. Keeper’s servers never receive or store data in plain text.For users who log in with Single Sign-On (SSO) or passwordless technology, Elliptic Curve cryptography is used to encrypt and decrypt data at the device level.For users who log in with a master password, the keys to decrypt and encrypt data are derived from their master password.Customer data is encrypted and decrypted at the device level, not on the server.In stark contrast, Keeper is a zero-knowledge security provider. For security purposes, the data is encrypted, but the SaaS vendor can access the decryption keys and, therefore, access your data. When using a “true” cloud computing SaaS product, such as Gmail, every keystroke you type is immediately transferred to the cloud, and that data lives completely in the cloud. This is what makes Keeper fundamentally different from most SaaS products. Because of Keeper’s zero-knowledge encryption model, none of our employees can access our customers’ vault data, no matter what. It can only be decrypted on the device level – in other words, “on-prem.” Keeper’s zero-knowledge security architecture ensures that customer data is never stored in plaintext on our servers.While Keeper is a SaaS product, it incorporates on-premises components, meaning features can operate independent of the cloud. Keeper stands out from most other SaaS products in two areas: While Keeper is a SaaS product hosted on AWS, our platform does not fit into the traditional model of what many think of as “cloud computing,” where data lives solely in the cloud. Keeper Security’s zero knowledge SaaS platform helps federal government agencies build zero-trust security architectures as directed by EO 14028, OMB M-22-09, CISA’s Zero Trust Maturity Model and DoD’s zero trust strategy and roadmap. The drive to get all agencies to zero trust is cruising along at warp speed, as evidenced by White House Executive Order 14028, CISA’s Zero Trust Maturity Model, OMB OMB M-22-09 and the DoD zero trust strategy and roadmap, all of which were released within the span of less than two years. federal government tends to move very slowly – except when it comes to zero-trust cybersecurity. Strengthen your organization with zero-trust security and policiesĪchieve industry compliance and audit reporting including SOX and FedRAMP Restrict secure access to authorized users with RBAC and policies Initiate secure remote access with RDP, SSH and other common protocols Manage and protect SSH keys and digital certificates across your tech stack Securely manage applications and services for users, teams and nodes Protect critical infrastructure, CI/CD pipelines and eliminate secret sprawlĪchieve visibility, control and security across the entire organization Securely share passwords and sensitive information with users and teamsĮnable passwordless authentication for fast, secure access to applications Seamlessly and quickly strengthen SAML-compliant IdPs, AD and LDAP Protect and manage your organization's passwords, metadata and files
0 Comments
Leave a Reply. |