KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Comprehensive protection of networks, system infrastructures, hardware and software, applications and data is part of every cyber security strategy. But what does this actually mean for identity and access management? Unloved for many years and repeatedly declared dead: passwords. Large IT companies have been promising us a password-free future for a long time. Is it really that easy to finally turn your back on passwords? The fact is that we have to deal with a large number of passwords every day in order to complete our professional and private tasks. Every password should be unique, highly complex and as long as possible. But what does the frightening everyday life with passwords look like today, what will it hopefully look like in the future and why it is essential to deal with the topic right now, explains Daniel Holzinger in his lecture.
Comprehensive protection of networks, system infrastructures, hardware and software, applications and data is part of every cyber security strategy. But what does this actually mean for identity and access management? Unloved for many years and repeatedly declared dead: passwords. Large IT companies have been promising us a password-free future for a long time. Is it really that easy to finally turn your back on passwords? The fact is that we have to deal with a large number of passwords every day in order to complete our professional and private tasks. Every password should be unique, highly complex and as long as possible. But what does the frightening everyday life with passwords look like today, what will it hopefully look like in the future and why it is essential to deal with the topic right now, explains Daniel Holzinger in his lecture.
Good morning. From my side, I am pleased to, to talk about a topic, A topic that has annoyed me for many years. Guess what? Passwords right? 100 points. So this is a really interesting topic.
So, and the question is, do we have alternatives and how to handle the situation with passwords right now, and especially for users, this approached rights, how to protect these users. So, and that's what I'm going to talk about in the next couple of minutes. So my name is Daniel Inger. I am management consultant located in Vienna, Austria. My company is called collided, stands for Collaboration United. And we did a lot of password management and PAM projects in recent years. So this from smaller corporations up to larger organizations with really large organizations.
And I am happy to speak about this topic today. Kipa security is our partner of choice and I'm happy to talk about KIPA a little bit later. So you may know this acronym. So we live in really dynamic times Of course. Yeah. And it's necessary to deal with several challenges and crisis at the same time.
So, and WCA describes from my perspective the world and living in never done better than with this four letters. So volatility, uncertainty, complexity, and ambiguity. There's another word called Barney and we can discuss what is better, Barney or vuca. But from my point of view, VUCA is better. The term originated in the 1990s at the US Army War College and was initially used to describe the world after the Cold War.
So, but as I said, it's never been better than now. So I guess, you know, the Verizon data breach investigation report, the actual one. So this report describes that 74% of all breaches are related to the human factor. And we are talking about the human factor. We have to talk about credentials and of course passwords. So the other fact in the dark web. So there are more than 24 billion usernames and passwords in the dark web. This is a number from 2020. I haven't found a bigger number, but I guess it's much, much bigger right now.
So this means a lot of passwords and usernames aren't the dark web. So, and the problem here is that people like to reuse passwords.
So, and of course everyone knows how a good password is. It should unique, really complex, and of course long, there may be 15 characters with special characters numbers from my point of view, common sense. But is it common practice? I think you have good password practices in your organization, but, and you have your own accounts completely under control. But your users in your organization, do they have the same understanding of using passwords? Probably not. So this is a tech radar study and it's also showing an impressive number.
65% of the respondents reuse passwords across multiple platforms. And that's shocking. That's really shocking from my point of view.
So, and many other studies shows the same result so that we are not really good with passwords, but pass keys could be a solution. Pass keys are just starting in these days.
So, and try to replace passwords. But question to you, do you use pass keys? Gimme a shorthand. Yeah. Okay.
1, 2, 3, 4, 5. Okay, so pass keys could be a revolution, but it takes time to implement and pass keys in the daily business. So in an organization, I think it will be some time before we change the last password through a pass key. And it takes many, many years to do. So. It all seems complex, but it doesn't have to be. So this is my picture of of my world what we do. So imagine a place where we can store passwords and pass keys securely, and that's where enterprise password management and private password management.
This is a term founded by myself, comes in place, so a password manager for business. So I recommend every time that users in an organization uses a password manager in the business context should also have the possibility to use a password management solution for private purpose sponsored by the company. So why is this important? We see that the password behavior from the private per perspective is transferred to the organization, to the company. And normally the private password behavior is much, much better than in the company because it's my account, my email address and so on.
And so then I have a teaser. I have the IT department that will care about my passwords and my logins in an organization, but my private, that's important. So thing is anon of course, it's always the goal to, to try to connect as many applications as possible, but sometimes it's not possible from a technically standpoint. Sometimes it's too complex, too cost intensive and so on. And of course our special users, the privileged users to connect to server databases, to rotate passwords, to do everything what a, a complex PAM solution should do.
So this is my world and at the end of the day have all this discussion how many password to we really have in in an organization and quite frankly a lot. So I would like to challenge this with you. If you say you don't have any passwords, you have everything connected to SSO, so please come to me, challenge me and we can talk about this topic later. Yeah.
Keeper has done an really outstanding survey about privileged access management and also in, in the context of Nitish two, it's a really relevant topic and 60 56% of the respondents have tried to deploy a PAM solution but have not fully implemented it. That's hard.
You're, you're paying a lot of money for features you are not using. So 92% of this, 56% say that they do not fully understand the solution because it's too complex and not efficient.
It's also, and very interesting saying, and here's the translation a little bit wrong I would say, but 70% of respondents expressed to wish a better PAM solution that is easier to manage. So Pam solution it are really complex and you can see everything. So we have this report in in English too, but I have only found in my, on my file storage the German version. But we can provide you with the English version of course too.
So, but what's, what's new or what's next? Maybe you know this lady Grace Hopper then US based computer pioneer.
So, and she, she shared this and she, she, she's so right with this sentence. Definitely. So in many companies I see the following, like this toy horse, there's a lot of movement in an organization going forward, back forward back. But the question is do we really move in some cases not if you would like to have this slider, I you, I you can have a copy S-A-P-D-F if you want. Yeah.
What can we do to make everyday life easier for users as a users would like to have an easy life in the corporate environment that you get more control about the password behavior and at the end of the day more security. That's, that's our three goals. And now I would like to talk about the solution. So keeper, my partner of choice offers a, so-called privileged access management solution consists of three model modules. Keep us talking about the next generation and why we do so, why we challenge the status quo. That's our goal to say we can do it better than before.
So it's three modules, enterprise password management of course where can secure the store, your passwords. They keep a connection manager where you can access to databases to file server to everything what have and and, and web interface via H-D-D-P-S and the secrets manager store, all infrastructure security, AP API keys, you can rotate passwords and things like that. But this is, yeah, the solution from keeper, but keeper stands not alone and that's really important. It's an integrated solution. You can integrate keeper in almost everything. A SIM solution.
For example, Microsoft Splunk of course as a really cool solutions to integrate keeper. We have inkeeper a really strong reporting and compliance reporting capability including alerting. But it's always good if you have a same solution to connect it. Password radiation, of course I talked about Passwordless, that's the future. So I hate passwords.
So, and definitely I would like to replace it as soon as I can on every single device and service. Then we have developer SDKs, we have MFA of course MFA is so important. A strong password alone is not enough.
So, and CI ICD integrations for developers and of course SSO, yeah, many my, of my customers are federated. And it's so important to have this feature that not logging in into a password management or a pump solution with some password and the username and then multifactor. So it's a federated login is always recommended. So you can see key, an integrated part of our whole IRM strategy. So at the end of the day, however, a solution like keeper, the security concept of a password management and pump solution is very important.
So keeper, for example, the, the, the vault is completely encrypted and in addition, not only the vault is encrypted, also every entry in the world is encrypted too. So, and I would like to briefly explain how far the security concept goes with keeper security. Here you can see Bridge Watch, it's a dark web monitoring of of keeper. So other vendors try to integrate solutions like have been point for, for example, and keeper a do not share any of these information with external parties. So Keeper A developed their own dark web monitoring.
So we have experts, I will introduce it later to explain it this slide in a detailed way. So unfortunately I can't, but we have the experts to do so. So of course there are several reasons that I'm happy to address in an individual conversation why we as a partner decided to go with Keeper. But however, I would like to highlight two more reasons. Since 2011, the focus has been 100% on password management and Pam at Keeper. And both founders are working in the company as the CAO and CTO. It's not an investment, it's not a a management organization. It's led by the founders.
And that's really important to me that both are on board. Yeah. And for me, really important, I am in this space, in, in this industry space for many years and worked with another company before that it's super easy to import the whole structure of other password management solutions to transfer from one solution into another solution.
So, and that's, that must be very, very easy to do so, and Kipa can support this. So on the first slide I spoke about wca.
For me, WCA stands also for vision, understanding, clarity and agility. That's another meaning. And I hope I have gave you an short impression in my world what I'm doing and what I'm doing with Keeper. And now I would like to introduce the real experts, Federico, he's from Keeper in Cork. He is the sales manager. And of course Silvan, maybe you have heard Silvan yesterday. He's the expert. He gave this short speech, the short introduction about why we challenge the status quo.
Thank you guys, as I'm so proud to working with you and we have done a lot of good projects and I think we will done it, we will do it also in the future. So we would like to invite you to come to our pools. We have really nice looking polo shirts for golfers, t-shirts for non-golfers. And if you want to win a bow headset. So every day we will ruffle a bull headset to one booth visitor if you have any questions. So we have I think three minutes left, four minutes left.
So we are here to answer your questions or if you want, if you are behind the time schedule, we can stop here and you come to our booth. Thank you. Good on time Schedule as you said. Thanks. Thanks first of all.
