Keepabl’s best-practice SaaS Security

With many still working remotely or from home, it’s never been more important to secure your software-as-a-service (SaaS) accounts, Keepabl included. When you use SaaS, the security of your data is both your supplier’s responsibility and your responsibility as the customer. This is known as the Shared Responsibility Model.

Let’s look at the Shared Responsibility Model a bit more and then how Keepabl helps you do your part with ‘the big three’ of your Identity & Access Management (or IAM) practices: least privilege access, Two Factor Authentication (2FA), and Single Sign-On (SSO).

Shared Responsibility

On our part, as your supplier, Keepabl has implemented best-practice Information Security and Data Protection policies and procedures to ensure the compliance, confidentiality, integrity and availability of our SaaS solution and the data we look after. As well as our own continual improvement culture and activities, we are independently certified against Cyber Essentials Plus each year, and independently pen tested each year.

On your part, your Security responsibilities generally fall under your Identity & Access Management (or IAM) practices. We recommend our great Privacy Kitchen video on IAM, with leading MSPs and providers. And the Cloud Security Alliance summarise it well (in relation to IaaS and PaaS, but it’s the same with SaaS):

‘Identity and Access: You are responsible for all facets of your identity and access management (IAM), including authentication and authorization mechanisms, single sign-on (SSO), multi-factor authentication (MFA), access keys, certificates, user creation processes, and password management.’

Keepabl’s got your back here too, ensuring you can enable and easily manage least privilege access, 2FA and SSO.

Least Privilege Access

The UK’s National Cyber Security Centre (NCSC) summarises least privilege access nicely:

‘The principle of ‘least privilege’ (where accounts and users have the minimum amount of access needed to perform their role) should be implemented wherever possible.’

Within Keepabl, Super Admins have full control of their organisation’s account and can tailor each user’s rights on a Hide / View / Edit basis across the whole solution. For example, you Super Admin may want to give:

• one or two Admins the right to edit users,
• a limited number of core Privacy team members the ability to view and edit a chunk of the solution, if not all of it,
• IT and Security colleagues access over the Breach solution,
• Board members the right to view key reports, and
• temporary access to regulators, auditors, prospects as necessary to demonstrate your Privacy Governance to them and show they can trust you with their data.

You do this at any time in your Admin Portal in Keepabl, creating, editing and removing users as you wish – it’s your account, you’re in control.

Two Factor Authentication

Passwords are now a pretty rubbish way to do Security given that, on average, we each have over 100 passwords to remember! This leads to use of weak passwords (yes, people do actually use ‘password’), the re-use of passwords across different solutions, and iterating them in an obvious way (password1, password1!, password2 …) – all of which makes a Security nightmare for IT but a lovely target for hackers.

Enter password managers. They’re usually free tools that remember (and even create) all those passwords for you. It means you only need to remember one password, the master password to the password manager itself.

But you simply shouldn’t rely on passwords alone. This is where 2FA comes in – and great news! – it’s included in Keepabl for free and it’s usually included for free in those password manager apps.

Why 2FA is so brilliant

When you hear 2FA (or MFA for multi-factor authentication) it means logging into systems using more than one way (or factor) of authenticating you are who you say you are. There are 3 types of factor:

1. something you know (like a password, now nicely managed in your password manager),
2. something you have (like a 2FA app on your mobile), and
3. something you are (like your fingerprint).

In practice, 2FA generally means using a password and a separate one-time code generated by your 2FA app. So, even if a hacker gets your password, they won’t have this second factor of authentication. Indeed, it’s so effective a Security measure that Microsoft’s research confirms MFA can reduce your odds of being compromised by 99%.

Single Sign-On (SSO)

Imagine a 50-person organisation with 50 different SaaS solutions used in their workplace. Even if you push use of a password manager and 2FA, that’s 2,500 combinations of email and password! Enter Single Sign-On (or SSO), the next level of IAM. As the name suggests, your organisation’s employees only need to remember one password to sign into a single place (such as your work intranet) to then be given instant access to all the solutions they need without logging in each time.

To use SSO, you need a specialist third party solution called an Identity Provider such as Microsoft Entra ID (formerly Azure AD), Okta or OneLogin, which you link to the SaaS solutions your colleagues rely on, such as Keepabl. SSO has many benefits, which we talk about in our guide What is SSO?, the 2 key ones being:

• it’s much better (and more secure) for organisations to manage users in one place instead of separate systems, and
• it’s much easier (and more secure) for employees as they only have one password, not 100.

We’re delighted to announce that Keepabl supports SSO, with Microsoft Entra ID, Okta and OneLogin as our initial supported Identity Providers. We’ll be adding others soon, so if you use a different IdP, contact us to find out when your IdP will be supported.