With many still working remotely or from home, it’s never been more important to secure your software-as-a-service (SaaS) accounts, Keepabl included. When you use SaaS, the security of your data is both your supplier’s responsibility and your responsibility as the customer. This is known as the Shared Responsibility Model.
Let’s look at the Shared Responsibility Model a bit more and then how Keepabl helps you do your part with ‘the big three’ of your Identity & Access Management (or IAM) practices: least privilege access, Two Factor Authentication (2FA), and Single Sign-On (SSO).
On our part, as your supplier, Keepabl has implemented best-practice Information Security and Data Protection policies and procedures to ensure the compliance, confidentiality, integrity and availability of our SaaS solution and the data we look after. We’ve been named to the UK Government G-Cloud procurement framework for the last 2 years, are independently certified against Cyber Essentials Plus each year, and regularly pen test our solution.
On your part, your Security responsibilities generally fall under your Identity & Access Management (or IAM) practices. We recommend our great Privacy Kitchen video on IAM, with leading MSPs and providers. And the Cloud Security Alliance summarise it well (in relation to IaaS and PaaS, but it’s the same with SaaS):
‘Identity and Access: You are responsible for all facets of your identity and access management (IAM), including authentication and authorization mechanisms, single sign-on (SSO), multi-factor authentication (MFA), access keys, certificates, user creation processes, and password management.’
Keepabl’s got your back here too, ensuring you can enable and easily manage least privilege access, 2FA and SSO.
The UK’s National Cyber Security Centre (NCSC) summarises least privilege access nicely:
‘The principle of ‘least privilege’ (where accounts and users have the minimum amount of access needed to perform their role) should be implemented wherever possible.’
Within Keepabl, Super Admins have full control of their organisation’s account and can tailor each user’s rights on a Hide / View / Edit basis across the whole solution. For example, you Super Admin may want to give:
You do this at any time in your Admin Portal in Keepabl, creating, editing and removing users as you wish – it’s your account, you’re in control.
Passwords are now a pretty rubbish way to do Security given that, on average, we each have over 100 passwords to remember! This leads to use of weak passwords (yes, people do actually use ‘password’), the re-use of passwords across different solutions, and iterating them in an obvious way (password1, password1!, password2 …) – all of which makes a Security nightmare for IT but a lovely target for hackers.
Enter password managers. They’re usually free tools that remember (and even create) all those passwords for you. It means you only need to remember one password, the master password to the password manager itself.
But you simply shouldn’t rely on passwords alone. This is where 2FA comes in – and great news! – it’s included in Keepabl for free and it’s usually included for free in those password manager apps.
When you hear 2FA (or MFA for multi-factor authentication) it means logging into systems using more than one way (or factor) of authenticating you are who you say you are. There are 3 types of factor:
In practice, 2FA generally means using a password and a separate one-time code generated by your 2FA app. So, even if a hacker gets your password, they won’t have this second factor of authentication. Indeed, it’s so effective a Security measure that Microsoft’s research confirms MFA can reduce your odds of being compromised by 99%.
Imagine a 50-person organisation with 50 different SaaS solutions used in their workplace. Even if you push use of a password manager and 2FA, that’s 2,500 combinations of email and password! Enter Single Sign-On (or SSO), the next level of IAM. As the name suggests, your organisation’s employees only need to remember one password to sign into a single place (such as your work intranet) to then be given instant access to all the solutions they need without logging in each time.
To use SSO, you need a specialist third party solution called an Identity Provider (such as Okta or OneLogin) which you link to the SaaS solutions your colleagues rely on, such as Keepabl. SSO has many benefits, which we talk about in our guide What is SSO?, the 2 key ones being:
We’re delighted to announce that Keepabl supports SSO, with Okta and OneLogin as our initial supported Identity Providers. We’ll be adding others soon, so if you use a different IdP, contact us to find out when your IdP will be supported.