Password management

Did you know the average employee actively uses thirty-six cloud services at work? Recent surveys show 77% of employees use a 3rd-party cloud app without the approval or knowledge of IT. If password management software is not provided by the organization, employees will seek it out themselves. Although this is a sign of a self-starter mindset, it can lead to gaps in cybersecurity, making your entire organization vulnerable.

However, the use of many cloud services and apps is not the problem – weak passwords are. 80% of known data breaches are due to weak, reused, or stolen passwords and credentials. Of a group surveyed, 59% of people use the same password across multiple platforms. Many employees struggle to manage over 100 credentials, with 76% experiencing frequent password problems. On average, IT teams spend 4 hours per week on password management-related issues and receive 96 password-related requests per month.

Luckily, most cyber incidents can be prevented with the right tools. Here’s what we suggest:

1. Create Employee Identities

Your users – employees, contractors, and partners – need to be able to work effectively without exposing the company to an unacceptable level of risk.

Parameters should be put in place to know you’re giving the right people access to company data. Building a unique identity for each user in your environment allows you to facilitate secure access and reliably prove it’s the right user every time. Consider the following data points to build unique employee identities:

  • User behavior
  • User devices
  • Specific services users use
  • Personal attributes

By using several data points for employee identities, no two users are the same, and should account for a wide variety of use cases and authentication scenarios. Of course, too much security can hurt employee productivity, but not enough can pose risks to the business. The key is to find the right balance between the two.

2. Implement Employee Identities and Access Management

Identity and Access Management (IAM) refers to the technologies and policies used to manage every user’s identity properly, gain greater visibility into what users are accessing across the organization, and enforce more robust control over that access. More visibility and control will bring greater security, but IAM solutions also increase employee efficiency, reduce friction in the login experience, and eliminate passwords where possible.

IAM solutions focus on defining user roles, managing privileges, and deciding when employees are granted or denied access, but they also have significant benefits for the organization overall.

The Ideal Identity Solution Will Give You:

  • Visibility: Track user activities, generate reports on those activities, and gain a detailed understanding of what users are accessing and their security behaviors.
  • Control: Enforce policies that align with the business’ security goals and government regulations, and ensure access is appropriate to each user’s role.
  • Automation: Integrate with existing technologies and infrastructure to speed up deployment, simplify day-to-day management, and standardize user offboarding.
  • Unification: Bring access and authentication together in one solution that offers a complete view of every access point and user action.
  • Security: Impose role-based permissions so every user has the least-privileged access needed to do their job. Eliminate passwords, strengthen those that remain, and add protection with more authentication factors.
  • Efficiency: Remove password-related obstacles and give users a simplified, frictionless way to access the tools they need to do their work.

3. Create Access Solutions to Reduce Passwords and Secure Every Access Point

An Access Solution helps your business achieve two goals:

  1. Eliminate login-related obstacles for employees.
  2. Increase IT’s visibility and control over every access point in the business.

Anything requiring a password is an entry point to your business and needs to be managed accordingly. There are two key Access technologies: Single Sign-On (SSO) and Enterprise Password Management (EPM). Though they can be used separately, they are most effective when used in tandem to offer complete coverage of all access points in the business.

Single Sign-On (SSO) Connects Employees To Critical Business Tools

With Single Sign-On, employees only remember one set of credentials. All other passwords are replaced with a behind-the-scenes protocol. Once an employee authenticates to their SSO portal, they can launch and connect to any assigned business apps while bypassing passwords or login pages.

Key Features of SSO Solutions Include:

  • A single password that unlocks access to all apps
  • One portal where employees can view and launch apps
  • Elimination of passwords by using SAML 2.0
  • A catalog of pre-integrated apps for easy admin deployment
  • Support for cloud, legacy, mobile, and on-premise apps
  • Integrations with directories and other technologies to automate and simplify management
  • Policies to enforce security standards and access controls

IT teams leverage SSO for the highest-priority apps in use across the organization. However, over 50% of the most popular cloud services do not have out-of-the-box support for SSO. Pairing SSO with a password manager is the most effective way to secure every access point.

Enterprise Password Management (EPM) Captures, Stores, and Fills Everything Else.

Similar to SSO, Enterprise Password Management (EPM)only requires employees to remember one password. All other passwords are captured and stored in the password manager, which fills them in when an employee needs to log in to something. A password manager also facilitates other password-related tasks, like generating passwords, sharing credentials, and updating old passwords.

Key Features of EPM Solutions Include:

  • A single password that unlocks access to all apps
  • One portal where employees can view and launch apps
  • Elimination of passwords by using SAML 2.0
  • A catalog of pre-integrated apps for easy admin deployment
  • Support for cloud, legacy, mobile, and on-premise apps
  • Integrations with directories and other technologies to automate and simplify management
  • Policies to enforce security standards and access controls

EPM can significantly improve an organization’s security posture by identifying and eliminating weak and reused passwords. IT gains greater visibility into all apps and services in use and ensures strong passwords are protecting access to hidden services.

4. Use Authentication Solutions to Add Intelligent Security at Every Access Point.

When someone wants to access a system or resource, it’s essential to prove, 1) the person is who they claim to be, and 2) they should be allowed access to said system or resource. An Authentication solution does this by verifying a user’s identity based on unique data points, then securely authorizing access after checking their privileges. Passwords may be the first line of defense for most organizations, but nearly 80% of breaches caused by hacking feature the use of stolen credentials. Once a password is stolen, if nothing else is in place to detect and stop unauthorized access, a breach is inevitable. Relying on passwords alone – a form of single-factor authentication – is not enough.

Your Business Needs Multifactor Authentication

With Multifactor Authentication (MFA), two or more pieces of information (factors) are required to prove a user’s identity and connect them to the technology they use to do their job.

Those Factors May Include a Combination Of:

  1. Something the user knows (a knowledge factor). This can include a password, PIN, or security question.
  2. Something the user is or does (an inherence factor). This includes fingerprint recognition, face scan, retinal scan, or voice recognition.
  3. Something the user has (a possession factor). Examples are an ID card, hardware token, or software token.

Many businesses are familiar with two-factor authentication (2FA), which combines two factors – typically your password (knowledge) and a code generated by an app on a smartphone (possession).

5. Find the Right Balance of Security and Usability.

For an Identity solution to be successful in your business, you need to address the needs of both IT admins and end-users.

IT Administrators need

  • One place to manage all users and access points
  • Policies that allow control across the organization, at the group and individual user level
  • Out-of-the-box setup that can plug into existing infrastructure
  • Coverage of all use cases across the business
  • Compatibility with single sign-on, enterprise password management, and other IAM solutions
  • A variety of MFA methods, whether biometric, push notification, or adaptive, can be offered at the user or group level

End-users want:

  • Minimal setup
  • Little to no training needed
  • A frictionless login experience
  • Privacy of their data

6. Find a Holistic, All-In-One Identity Solution.

Single Sign-On, Enterprise Password Management, and Multifactor Authentication solutions each provide important security and productivity benefits to an organization. Managing multiple solutions, however, can be challenging. The solutions may not integrate with each other, more tools create more complexity, and employees face more hurdles just to do their work. When combined in one solution, your organization will achieve unified visibility and control across every access point. As small businesses tend to have more limited budgets and resources than large enterprises, we recommend a holistic, all-in-one solution to maximize your IAM investment.

A Comprehensive Identity Solution Should Include:

  • A single, easy-to-use admin dashboard
  • Automation and minimal day-to-day IT management
  • Custom, granular policies across SSO, EPM, and MFA
  • One portal to unlock access to all apps and credentials
  • Flexible MFA with support for many authentication methods
  • Adaptive authentication that combines biometrics and contextual factors
  • A frictionless experience for users
  • Security by design

An all-in-one Identity solution should give IT the oversight they need to increase security across your organization, while also removing access-related obstacles for your users. A solution that is easy to learn and use, and that simplifies day-to-day management for busy IT admins, is the most likely to lead to a successful implementation. With unified visibility into user access and authentication across the business, you can reap the rewards of balancing user experience and increased security.

The Anderson ZurMuehlen Technology Services team is pleased to be a resource to you. Please contact us with any questions you have about password management or building a password management system.

This article was written by Robert Culpon, CIO and Shareholder in our Helena Technology Services Office.



Comments are closed

Do you have a question about our latest news?

The team at AZ is pleased to be a resource to you.