Next-gen privileged access management with Keeper

Webinar transcript

Muna: Welcome to another Atera Spotlight on Partner session hosted by Atera and our special guests here from Keeper. My name is Muna; I head the product marketing team here at Atera, and I’m delighted to be hosting this compelling topic around security and password protection. Again, if you’re joining us for the first time, I do want to invite you to visit the Atera events page on the website, where you can stay up to date on all of our webinars, including our security Spotlight webinars with our partners. 

Our topic for today is around next-generation privilege access management, and what we’re going to discuss is the security adoption paradox that many companies face and how very often password security measures that companies put in place may sometimes hinder the work of IT rather than simplifying it. We will also get a sneak peek into Keeper’s PAM solution, where the team is going to show a short demo, and we will hear from Mike, who has been a long-time user of Keeper. 

# Housekeeping 

But before we do that, we do have some housekeeping that I’d like to go through. First of all, to all of you, this webinar is being recorded and will be made available within the next 48 hours. A link will go out via email, but as I said, you can also find all of our on-demand webinars on our website. I invite you to please post your questions throughout the session; our team will be answering them at the end. We do have with us Padraigh who will be answering a lot of your technical questions, so please don’t be shy. Type in the questions in the Q&A box as the speakers are talking, and we will be addressing them here live. At the end of the webinar, we have a short survey that will pop up right at the end. It’s less than a minute with a couple of questions. Let us know how we’re doing and how we can serve you better moving forward. So please do take the time and respond to the survey. Without further ado, let’s get started because that’s what you’re here for. Gentlemen, welcome. I’m very delighted to welcome with us today Ryan Dumigan. Ryan is from Keeper; he’s really the MSP account manager for Keeper Security out of EMEA. He’s based in Cork, Ireland, and Ryan is very passionate about the sea and surfing, which is very interesting. His personal mission is to ensure that every MSP is using Keeper. Hi Ryan, welcome. 

Ryan: Hi Muna, how are you doing? Hi everybody. 

Muna: Very delighted to have you join us today. And great, we also have with us Mike Bitka. Hello Mike, welcome. 

Mike: Yeah, hello Muna, hello folks. 

Muna: Well, Mike has a really impressive resume. He’s a computer scientist, he’s a lawyer, he’s a data protection officer, and he’s an auditor. And with all of that, he’s also the founder and managing director of My Privacy GmbH company in Germany. He specializes in international data protection and SAP consulting. In Mike’s previous life, he was the head of a group around data protection for a Danish group and the largest German energy group. He’s also a development partner of the Drum Dot solution using Keeper password management. So he’s really here to share with all of us his experience. Mike has really worked with customers across all industries from ERP, energy, chemical, banking, automotive—you name it. Mike, that’s very impressive. Very delighted to have you with us today. 

# Partner Spotlights 

Before I hand over to Ryan, I just want to do a quick recap of our partner spotlights. For those of you familiar with Atera, we have within the Atera platform the App Center, which is really the marketplace of integrated and diverse IT solutions. Today we’re welcoming Keeper into the platform as part of our integrated solutions within the App Center. We really have a broad partner ecosystem, and the key benefits in that are obviously having the solution accessible to Atera customers where you can provision, sync your customers, and have easy access to the tool. We have our joint deployment team here to help you onboard and, of course, all of the centralized billing through Atera. So for those Atera customers, Keeper will be available within the App Center, I believe later this week. So please stay tuned and look out for it. We invite you to come in, give it a trial, and after you hear Ryan’s amazing presentation, I’m sure you’ll be hooked and start using Keeper. So thank you for that, and without further ado, Ryan, the stage is yours. Tell us about privileged access management. 

# Password Management Challenges 

Ryan: Hi everybody. Okay, so I’m just going to take you through a brief summary of Keeper, the security adoption paradox, and what we do. So basically, when it comes to passwords, about 11 hours are wasted each year resetting passwords per person, and about 50% of all help desk calls are password related. Seventy dollars is the average cost for a business to reset one password. God knows I know this because I am that ultimate use case. As a salesperson, passwords and changing them have been the bane of my life. You could see this on a sales floor and in a collective society every time passwords have to be changed—every 30 days, every 45 days sort of thing. At Keeper, we try to eliminate all this and make everything simpler for our end users. Obviously, SSO is fantastic, but it doesn’t cover everything. Hundreds of thousands of cloud and native applications do not support SSO. A lot of people think SSO is some sort of silver bullet; unfortunately, it isn’t. It’s great, but it isn’t completely comprehensive.

# Multi-Factor Authentication 

The importance and limits of multi-factor authentication (MFA) are significant. MFA is a must, but it can be very painful for end users. By providing an extra barrier layer of security, it makes it incredibly difficult for attackers to get past. MFA can block over 99.9% of compromised attacks. However, a password plus a one-time code or authentication can be cumbersome for employees to set up and use. With that in mind, you have strict password policies that often create more help desk tickets to reset passwords as employees struggle to remember complex rotating passwords. Legacy SSO solutions are complex to set up and often end up not fully deployed. Only 28% of Microsoft users have MFA as users don’t like the extra security steps. The complexity and strength of password policies implemented by organizations can influence the frequency of password reset requests. Stricter password requirements result in more frequent resets as users struggle to remember complex passwords. Connecting users through legacy solutions can be difficult, as mentioned already. People don’t like going through extra security steps, and that’s a key factor in a lot of password management solutions. 

# Mike’s Experience with Keeper 

So I think Mike is going to jump in now and describe how he’s come to Keeper and how he’s found Keeper. Is that correct? 

Mike: Yeah, thank you, Ryan, and thank you for your introduction, Muna. As you can imagine, as a data protection and SAP consultancy, we have extensive access to customer information, and some of it is highly sensitive. For us, a highly secure central storage of sensitive information and simple, effective access control are important for my company and my customers. We wanted to avoid having important information in some directories or email accounts that you don’t know about or don’t have access to. In our search, we found Keeper, which offers us exactly these possibilities. In this way, we can authorize our employees and our consultants only for the information that is decisive for their tasks. Sometimes we do this for our customers. An additional point is that our employees can also create their own private folders for their information without anybody else having access to them. We mainly use Keeper in the following three cases: first, for our important data like contracts, certificates, keys, software licenses, or bank details. Keeper offers several predefined data types for this, and we can define our own ones if necessary. Secondly, as part of our consulting activities for securing access data to customer systems, this affects access to Citrix, including two-factor tokens, SAP, Azure, Oracle, and so on. The tool in the taskbar helps me a lot here because I only need to know three key combinations or use autofill, so I don’t need a long search to find the password, the system, or where the information is stored. Thirdly, and that’s something special we’re talking about here, as part of the development of the Marvelous Run. We are developing what I call an IAM system, which is in a better way of using IAM as identity and access management systems for our partner company, Marvelous Run. Our system aims to administer or implement new functionalities or analyze and optimize authorizations using AI. Our aim is to avoid SOD conflicts or data privacy incidents by using task-related authorizations. It’s crucial that no one can use our interface for destructive activities. Therefore, our cloud-based software solution temporarily stores highly secure certificates and keys for communication between our system and the customer system in Keeper using API for Keeper. That’s something really special we’re using here. We’re not just using it for contracts or login information; we’re using it temporarily for the communication between highly sensitive systems. Overall, we can say that we are more than satisfied with the usability of Keeper. Apart from the fact that startup application and autofill no longer work for me on the ferry with the latest version, I hope this will work again in the next update, but that’s just a little wink. We can manage our customers, manage our consultants, use it for private purposes, and for some really special parts using API. So I would like to hand it over back to Ryan.

# Introduction 

Ryan: Okay, you’re on mute. Thanks, Mike. That’s great, that’s great. So, okay, moving on. With the password manager, what we do is we fine-tune the access levels across the organization. It gives the administrators the power to fine-tune the organization’s access levels to critical data and credentials across individuals and teams. 

# User-Friendly Features 

User-friendly features help reduce IT help desk costs. An example of this is that it’s very easy to administer the product from a technical perspective. But the real payoff for all of this is the end-user experience for the non-technically minded—your salesperson, your receptionist, your marketing person—the people who aren’t invested in the tech itself. It’s just so easy to use. An example of this is when people leave companies, they generally take their personal license with them and then they end up purchasing it, so we’re obviously doing something right. We also integrate with all major SSO providers, so we can eliminate and close security gaps. We ensure the use of two-factor authentication by enforcement policies. 

# How It Works 

How does it work? Basically, what happens is you would get an invite to set up a vault. When you set up your vault, you can either import from a different password manager or import from a browser. You can drag and drop a CSV file, finder folder—it’s just so easy. You get to choose what color background you want and all these other little things as the user. 

# Demonstration 

Muna: Let me know if you want me to share, Ryan. I know that you don’t have it in here. I can share the screen. 

Ryan: Oh, good. Okay, if you want it up, I can share it. 

Muna: Perfect. Okay, just a second and I will… Let me know when it’s up. 

Ryan: Alright, here we go. So here you can see our enforcement policies enforcing our administrator, enforcing two-factor authentication, sharing and uploading, and using login settings in KeeperFill. Your administrator can set up all these different types. You can even allow IP whitelisting, so you can block a whole range of IPs if you want people to work just from the office or block a range of IPs from a country you don’t want people logging in from. 

# Role-Based Access Controls 

This role-based access control allows you, as the administrator, to set the enforcement policies. The enforcement policies can be changed and set for each additional managed company as well, making it very easy to administer. You can set up alerts, real-time alerts where if somebody disables two-factor authentication, you can get an SMS, an email, or a webhook directly in real-time to show you that you need to take corrective action. 

# Browser Extension 

This is an example of a browser extension and how it auto-generates passwords and how we can share passwords as well. As you can see from the example here, you’re signing into your Keeper account, signing into Amazon, saving your password, and creating the record inside your account as you go. The next time you want to sign into Amazon, you can either launch directly from your vault. 

# SSO Connect 

We have our SSO Connect for single sign-on, showing how easy it is. You pick an account, set it up, stay signed in, and away you go. It’s just showing how simple it is with just a few clicks. You can drive provisioning from one to a thousand people within a couple of minutes by sending out invites to people so they can create their vaults. 

# TOTP Codes 

You can also keep your TOTP codes in the vault, so you can go into the vault and pull them out. An important thing to say here is that, unlike most password managers that offer protection like securing a building with main doors and windows, Keeper ensures that every single room in the building, every single record, is encrypted by its own 256-bit AES encryption key. Everything is encrypted and decrypted on the client side, which means the level of security is absolutely phenomenal. 

# Questions and Next Steps 

So, that’s it. Does anyone have any questions? The next step is a full-scale demonstration where we can show you how the product works in real life, discuss various use cases, and how it may look for you. I’d like to hand it over to you guys if you have any questions. Obviously, this is just a quick sneak peek, and we can go into much further detail. You can ask some questions here in our Q&A, and we have engineers ready to go. 

# Company Background 

Muna: Okay, Ryan, thank you so much for that. I know this has been a really quick overview, so I do want to step back a little bit if you don’t mind. We’ve gone to the assumption quickly that people are very familiar with the concept of privileged access management. Can you give us a quick highlight of Keeper as a company, just a little background of the company and the various offerings that you provide? 

Ryan: Yeah, of course. Primarily, when we started, we were doing a password management solution. The idea behind that was you would put all your credentials in one place where they’re guarded, and then you could launch everything, making your life easier. Instead of having passwords written down on notes all over the place, everything was consolidated in a safe and controllable environment. 

# Daily Routine Example 

Just to give an example, when I come to work in the morning, the first thing I do is take out my phone, log into my vault, and the security code to enter the building, which is changed constantly, is shared with me. I enter the security code, go upstairs, and enter another code to get into the office. Then I sit down at my desk, log into Keeper, and launch my email, LinkedIn, Salesforce, HubSpot—all my applications are in there. I don’t even know the passwords to half of them. It just makes my life really simple. Anything that needs to be shared with me, like a SOC 2.2 certificate or an ISO 27001 certificate that we would only share with another company under NDA, can be securely shared. 

# Connection Manager and Secrets Manager 

We have a connection manager as well for secure RDP access. We also have a secrets manager, which means you have no hard-coded credentials or secrets hanging around. Everything is pulled directly from a vault, encrypted, decrypted, and then pulled out from there. Based on my experience, my customers’ growth is phenomenal. I generally have two types of conversations with potential MSPs: one is if they’ve already installed the trial, it goes down to a few technical questions and then we’re talking commercials because they just want to buy it. The second conversation is if they haven’t installed it already, it’s just getting them to install it and work from there. 

# Competitive Advantage 

The product in the MSP space is just so far ahead of anything that’s out there and so secure. We have every single certification you could possibly want. We have data centers in Canada, the US, EMEA, and Japan, so we’ve got something for everybody. It’s good having Mike with us today as well because, as some of you may know, Germany is the country that created data protection with the first laws on it in 1971. I would encourage everyone to have a quick look at our product and see how it fits into your needs. Password managers are a hot topic at the moment, and we have a consumption-based model with no minimum user requirement. Just have a look and see how you find it. 

Muna: That’s great, and you did answer some of the questions that we’re seeing here in the chat, like where the servers are located. I do have a question here. There are several questions around comparisons with competitor solutions. I see that Padraigh has been answering some of these, and I don’t want to go in-depth by each partner. I do want to ask, for example, what steps are being taken to prevent a breach such as the one that LastPass had. Is that something that you would like to address? 

# Security Measures 

Padraigh: Yeah, can I take that one? I’ll save Ryan from that particular one. The way we do our things is very different from what LastPass has. When I give a demo, I talk about our security and how we’re secured. We talk about zero knowledge, which means only you can log into your own vault. Your data is encrypted and decrypted on your device, not on the cloud. There’s no application above that to do it. So it’s only done on your device. Everybody has their own individual vault, and inside that vault, you have records. Each record is protected by an AES 256-bit key. If you have a thousand records or a thousand passwords, each one is protected by an AES 256-bit key. What happened with LastPass was that they didn’t encrypt all the data inside the record. We encrypt all the data inside the password, including the username, password, URL, any attachment, and any notes. All of that data is encrypted by the AES 256-bit key. According to statistics, if you were to try and decrypt or reverse engineer an AES 256-bit key, it could take you 30 years to do that. Now, multiply 30 years by the number of records you have and the number of users in your organization. That takes huge computing power and time, and by that stage, the data is out of date and useless. So it’s much tighter and better designed as an architecture from the very start. 

# Data Centers 

Our data centers are located in Europe, the US, Australia, Japan, and Canada.

# Data Location and Security 

So you choose where you actually put your data, and that’s very important for you as well, that your data is in the location that you actually want. We don’t have a data center in every country—that is almost impossible for us. There isn’t an AWS data center suitable in every single country either, so we wouldn’t be able to put up an instance for everybody in every single country. It is kind of go with the nearest country that you actually have or the rules of your own country that you actually require to abide by. It’s important to get it right at the start so that your data is in the correct location. If you needed to move from the U.S. to the EU data center, it is a delete and start all over because we can’t move your data at all, not easily. You would take a backup to a CSV file and then start all over in the data center that you want to choose, let’s say inside Europe. 

# Converting to MSP Version 

We’ve also got a question here: “We already have Keeper, can we convert it to an MSP version?” My answer to that is yes, but we’d need to take that on a case-by-case basis. I need to look and see if you have an individual account or if you’re using an enterprise account and if we can actually move that over. If, for whatever reason, you were a customer and you wanted an MSP to take you over, we’d have to look at that as well. The answer is always yes, but we need to take it on a case-by-case basis to ensure the data is protected at each step. 

# Importing Data from Other Password Managers 

Can we import from 1Password? Not directly from 1Password into the vault. If you go to your vault, go to your email address, go to settings, and then you can go to import. There are steps from many, I can’t say all, but many of the other vendors to export to a CSV file and then import into Keeper. It’s a two-step process except in the case of LastPass, where we can use the Keeper desktop app to connect directly into LastPass and import them directly from that vault or database, so you can have it all done in one step. 

# Comparing Keeper to Competitors 

Why is Keeper better than 1Password? While I saw that, I actually went to our webpage. If you go to keepersecurity.com, there’s a huge amount of information inside here. There’s no shortage of information from Keeper—it is immense. If you can’t find something, ask as you have done so right now. If we go down to the very bottom here, we go to 1Password and we start above here. Going by the user ratings, we actually get a 4.9-star rating compared to 1Password’s 3.4. On the Play Store and for Chrome extensions, we also get a better rating. They are also zero knowledge, but they do it on a vault level. We do it on an individual record level, so if they were to try and reverse engineer the 1Password vault, they would get everything in one go as opposed to Keeper, where they would have to crack every single one of the records to get an individual piece of information. Sharing is easier with Keeper. Market-leading security infrastructure and policies: 1Password has not exhibited the same rigor in security practices. It obtained a SOC 2 Type 2 certification more than four years ago. Keeper has also obtained the SOC 2 and ISO 27001 certifications, whereas 1Password has not. 1Password is based out of Canada, and so is its support, which means the support level is always going to be a couple of hours behind unless they work overnight. As far as I know, they don’t have support outside of Canada. 

# MSP Package 

Ryan: Just to jump in, I’m sure most of the people here who have used 1Password or contacted them are still waiting for them to set up an MSP package. They don’t have one. That’s probably a key point when we’re talking about MSP. I’m sure 1Password does some great things, they’re just not doing them in the MSP space. 

# Onboarding with Atera 

Muna: I know we’re coming very close to the end of the session, and I want to respect everybody’s time. I do want to ask a question related to the onboarding with Atera. There’s a question here about the process of onboarding and configuring Keeper for PAM in an organization. Can you explain a little bit about that and the process within Atera? 

Ryan: What essentially happens is you start off with a trial, which I believe with Atera would be a 30-day trial. You set up your account through Atera, work through your evaluation, and see if the product is a good fit for you and your organization. From day one, you can start onboarding managed companies. It’s really simple. As you add users, the licenses are provisioned. You choose which flavor you want, which licenses you want, and what sort of packages you want to go with. You can turn them on and off and move users in and out throughout your evaluation. After you go live, the process to move forward with Atera is just to keep doing what you’re doing, add your details, and you’re live. It’s a really simple process. Once you’re happy with the evaluation, you just hit go. 

# Encouragement to Evaluate 

I would encourage everyone to just evaluate, to try it. It’s really simple to set up, and you’ve got nothing to lose. Just go for it. You can look online and read all the reviews. Our reviews are based on hundreds of thousands of user reviews. That’s a key differentiator. Some of our competitors might only have a couple of thousand reviews. I look at it like if I’m booking a hotel room and a place has a 9.9 rating based on six reviews, it’s going to be a bit iffy. But if it’s a 9.9 rating over maybe a couple of hundred reviews, that’s obviously a place I’m going to choose. Just have a look at that. 

# Industry-Specific Benefits 

Muna: Wonderful. I absolutely second that. We’ve got just under a minute. I want to ask a quick question to Mike from his experience. Are there any specific industries or sectors where you feel Keeper’s PAM solution is particularly beneficial? 

Mike: At the moment, we are working with many energy companies here in Europe, for example, Vattenfall, E.ON, Juniper, and so on. They have very high security levels for passwords, as you can imagine with an atomic plant, for example. They are very interested in this solution. 

# Onboarding Process 

Muna: Wonderful. As you go forward to put such a solution to your customers, is there something specific that you prepare in order to be able to sell the solution to your end clients, or does it sell itself? 

Mike: Normally, we start with a small group of the customer’s team and say, “Okay, you have access to the system now, and you can start playing around with it. If you feel confident with it, then we can go on with the next steps.” Mainly, the IT administrators have many passwords, or CFOs have very sensitive passwords. We talk to the CIOs and ask them if they have a group of five to ten users who might be interested. Then we start, see how it goes, and if they feel good with it, we distribute it further. 

# Reporting and Auditing 

Muna: Regarding reporting or auditing, is there a need or a request for Keeper to support auditing and reporting features? 

Mike: Yes, one of my favorite features in Keeper is generating a password and then not having to remember it because I just use a simple key combination to enter the password. As you can imagine, most passwords are something like “Summer123” or similar. With Keeper, I can discover very easily if users are using simple passwords. I can generate a breach report or conduct an audit, saying, “These passwords are too simple; please generate a new one.” Users don’t have to remember the password; they just use the key combination, and the password is there. It’s very easy for users. 

# Final Words 

Muna: This has been very informative. From the number of questions we have here, Ryan, I think we really need to do a more in-depth session and give our customers more insights around Keeper and what it can offer. I will reiterate what Ryan said: if you’re on the Atera platform, please go ahead and start a trial. There’s nothing easier than experiencing the product firsthand. As Mike said, as an MSP, speak to the CSO, speak to those that lead security, and get through the door from there. Any final words, gentlemen, before I open up the survey and have people answer it before they drop off? 

Ryan: There are a couple of questions there while we actually get to them, can the company retrieve passwords from an employee that leaves the company? Yes, there’s a feature called Transfer Account, so we can move the vault over to someone else. 

# Security Options 

Can we use YubiKeys? Yes, you can use them as a secondary option. You first need to set up your 2FA, and then you can use YubiKeys or biometrics as well. 2FA would need to be set up first, and then YubiKeys or biometrics would be the option to set up those. 

# Future Features 

Passwordless is coming. We also integrate with passwordless providers already. You can see that in our documentation. We’re also hoping to implement a passwordless feature in the coming months. I’m not quite sure how that is going to work yet, as I haven’t seen mock-ups of how that’s actually going to run, so I won’t give any steps on how that’s going to be, but there is passwordless on the way. 

# Pricing and Partnership 

I think I’ve covered all the other questions previously in writing, so I hope that’s of use. The pricing will all be through Atera’s platform as well, and all commercials will go through Atera. That’s our partnership, and they’ve got some great people over there, as most people in the audience already know because they are Atera customers already. 

# Closing Remarks 

Ryan: Look, I’d just like to say thanks to everyone. Sorry if it was a bit jumpy at the start; this is my first time on one of these types of webinars on a different platform, so thanks for bearing with me and us as we took a tour. Obviously, we’re all available for questions. You can direct all your other inquiries to Muna and the team at Atera, but we can answer any questions. We have documentation galore with an MSP Academy, a partner portal, online training courses, co-brand documentation—whatever you need, we have it. The reason we’re growing so quickly is because we just get in, land, expand, and help you. Our biggest priority is to help you guys win more business, look after your end users, and make sure everyone’s secure and happy using a simple, secure product. Thank you. 

Muna: Thank you, Ryan. Mike, any final words on your end? 

Mike: No, just thank you very much to the audience for having such a good platform here, and to you, Muna, for administering all this. Thank you very much. 

Muna: Thank you very much, gentlemen, for joining us today. Like we said, go out and try Keeper through the Atera platform. There’s nothing like the experience. Thank you so much for your time. Last minute, please don’t forget to answer the survey—it’s less than a minute. All right, goodbye.