Keeper Security today launched a remote-access gateway that provides secure access from endpoints via any web browser.
Keeper Security CTO Craig Lurey said Keeper Connection Manager (KCM) uses remote access technology based on the open source Apache Guacamole protocol the company gained with the acquisition of Glyptodon earlier this year. In effect, KCM adds a secure layer above transports like SSH from any web browser.
That approach is unique because it enables zero-trust security without the need to deploy client or agent software, he said. Instead, KCM is integrated with an existing Keeper Vault platform to securely provide access to infrastructure without requiring organizations to manage passwords, added Lurey. Credentials are encrypted and centrally managed via role-based access control (RBAC) policies in a way that doesn’t expose them to individuals managing the IT environment, he said. Users can be authenticated using multiple factors such as FIDO 2 hardware keys and biometrics. In effect, KCM enables a zero-knowledge architecture that should make it easier to pass a security audit, noted Lurey.
With more employees regularly working from home, the need to find a way to securely provide remote access has become a higher priority. Many companies today rely on remote access technologies that have known vulnerabilities and are accessed using passwords that are easily compromised. The Keeper Security approach provides an encrypted overlay on top of existing transport protocols that eliminate the need for passwords. Compromised passwords can eventually lead to privilege escalations that can expose entire IT environments, said Lurey.
Legacy approaches to managing passwords, meanwhile, require client software and application platforms that can all be replaced using a more modern approach to managing identities, said Lurey.
It’s not clear to what degree organizations are moving to replace legacy remote access tools and platforms such as virtual private networks (VPNs). Most VPNs, however, were never intended to support large numbers of workers accessing applications at unpredictable times of the day. Most IT teams are at least evaluating remote access platforms that are easier to manage and scale.
Regardless of the level of zero-trust maturity, pressure to find ways to provide remote access that don’t create as much friction as legacy approaches also is mounting. Employees don’t want to work for companies that make them jump through hoops to remotely access applications. At the same time, digital business transformation initiatives require IT teams to provide remote access to the suppliers, partners and customers that make up an ecosystem. Requiring each of them to download client software to participate in a workflow is a nonstarter.
Like it or not, change is coming. IT security professionals are being asked to simultaneously lock down environments while making applications more accessible. That may seem like a set of contradictory goals, but as advances in core encryption technologies are made, the overall state of cybersecurity continues to improve. There may never be such a thing as perfect security, but given its current state, it’s clear there’s plenty of room for improvement.