As employees use more and more cloud apps, they also need to keep track of more and more passwords. Managing so many sets of credentials can often lead to poor security practices, such as weak or reused passwords. An enterprise password manager enables organisations to achieve compliance and eliminate risk by enforcing robust password security policies whilst providing the workforce with simple and secure access to applications.
However, there are a wide range of products on the market and the features they offer can have a significant impact on user adoption and therefore your return on investment from the product. The wrong product can leave security ‘blind spots’ so here is our round up of the ten critical features when deciding which enterprise password manager is right for your business.
1. Zero Sign-in to the Password Manager
One purpose of a password manager is to make things easier for employees, not to give them yet another password to remember. An enterprise password manager that integrates with your corporate directory means no sign-in is required to the password manager itself. This creates a frictionless user experience and guarantees user adoption since the user does not have to take any action to engage with the enterprise password manager.
2. Zero User Interface Option
For widespread enterprise use, choose an enterprise password manager that can be configured to run silently in the background providing users with access to the passwords they need at the time when they need them. An enterprise password manager that can present the relevant passwords to the user at the point they are attempting to access an application means no training is required, which in turn means significantly higher adoption and greater security benefits.
3. Password Policy Enforcement on External Applications (and Synchronisation)
Use a password manager that can generate strong, random passwords that comply with your policies and automate password updates on external (third-party) applications. It’s also important that the solution can automate synchronisation of newly updated passwords to ensure that, where passwords are shared, all permitted users and groups have immediate access to the updated credentials.
4. Zero Knowledge Encryption
Zero Knowledge Encryption means that no-one outside your organisation can access your secured data – not even the vendor of the enterprise password manager. This is crucial in giving your organisation complete control and eliminating a potential security risk. The main consideration here is to make sure the vendor has no access to the encryption keys that protect your enterprise data.
Allowing easy, one-click access to apps by automatically filling login forms completes the journey towards an unobtrusive user experience, making the need for copying and pasting of credentials from the password manager largely unnecessary. This eliminates user friction and increases productivity.
6. Multiple Credentials per App
Frequently, employees may need to access multiple accounts for the same application. A password manager that facilitates easy switching between multiple identities used for a single-application is essential to cater for broader use-cases that exist within departments such as finance and IT.
7. Sharing of Credentials with Granular Permissions
When access to accounts and services need to be shared between users and teams, it is important to ensure that appropriate security and governance is maintained. Your enterprise password manager should enable the secure sharing of credentials with specific permissions associated (i.e. read, write, update, view, allow onward sharing etc.) meaning effective governance and control is maintained without compromising on efficiency or user experience.
8. Full Audit Trail and Integration with Security Information and Event Management (SIEM) Solutions
Often, data breaches can take months or even years to detect. Providing a full audit trail of who used, accessed, read or updated passwords that is integrated with real-time monitoring systems is critical to effective governance and monitoring whilst underpinning compliance obligations.
9. Optional Ability to Discover Applications and Learn Credentials
Password managers that can discover the apps being used by employees and learn the credentials for these, if required, expedites time-to-value by reducing setup effort whilst detecting Shadow-IT. These apps can then be easily added to the enterprise password manager with the click of a button ensuring there are minimal barriers to usage less residual, security ‘blind spots’ for the enterprise.
10. Policy-based, Application-specific Step-up and Multi-Factor Authentication
Credentials for some critical applications and systems will potentially have a higher risk profile that necessitates additional security before there are made available to users. Your enterprise password manager should provide the capability to apply application-specific policies for step-up and Multi-Factor Authentication. Step-up will require the user to re-authenticate with the corporate directory before making the credentials available to the user, whereas Multi-Factor will require the MFA challenge to be satisfied before making the credentials available.
An enterprise password manager needs several critical features to deliver value and guarantee return on investment. Being secure goes without saying but it is also critical that the user experience is unobtrusive and frictionless so there are minimal barriers to workforce adoption of the product. This will maximise your return on investment. Hopefully these ten, critical features will provide a great starting point for your evaluation of enterprise password managers but do look out for value added benefits such as the ability to eliminate phishing risks and the ability to integrate desktop applications.
If you’d like to understand how My1Login can help please don’t hesitate to get in touch.
