Your company probably has a password management solution of some kind in place. However, it may not be keeping pace with new and emerging threats. For example, consumer password managers have become quite popular. We’ve even seen basic password management features built into popular web browsers. However, these solutions are not good enough to keep up with enterprise demands.
Why Your User Demand For Password Management Leads You Astray
In technology, there’s a problem with the traditional wisdom: listen to your users. If your end-users are only familiar with popular password managers, that experience is going to shape their experience. However, consumer password tools have significant gaps. According to a TechRadar report, “the master password for the app was kept in the system memory in a plaintext readable format.” That’s a problem because it increases your security risk exposure. At a corporate level, accepting user demands for password management may lead you astray.
Instead, you need to demonstrate leadership and vision – find a password management solution that will keep your company safe. To find out whether your current approach to passwords needs an update, you need to assess your situation.
Assess Your Password Management Situation
To put your password management solution under the microscope, analyze these questions.
- When was your password management solution implemented?
- What reporting capabilities does your solution offer?
- How does your password management solution impact end-users?
- How does your password management process fulfill IT audit requirements?
- Does your solution support multi-factor authentication?
- Does your solution cover all apps and systems?
In our experience, most password management solutions miss several of the capabilities outlined above. In other cases, there are shortcomings regarding processes and oversight for passwords. For example, you might have a growing number of examples of password reuse. Or your employees might be writing down passwords on slips of paper if they struggle with your password process. Over time, these kinds of password gaps will make your IT security weaker.
What Are The Gaps In Your IT Security Practices?
So far, we have looked at password systems and practices specifically. That initial analysis is helpful but not sufficient to understand if you need an upgrade. There are some other areas to consider to determine if your password management solution needs an update. First, examine your overall technology situation – how many new apps and services has your company added in the past two years? Second, review your recent history of IT security incidents, near misses and problems. Initially, you may not see these issues as password problems. However, if you continue your analysis, you will probably find weak password systems and practices increased the impact of security events.
As you explore those two questions, you will find you need additional improvements in IT security. We will return to those issues later on.
Develop Your Buying Criteria For A Password Management Solution
At this point, you know your password management system needs some help. To help guide you through the buying process, we recommend exploring the following factors.
Start with the most essential considerations first. Inventory your most important systems. Your password management system needs to support all of your critical processes. For example, if your developers are using container technology, you will need to consider those systems. Leave out one essential system from your password management system and you make it easy for hackers to break in.
Impact on The Employee Experience
In IT security, we need to take a balanced approach between maximizing IT security protection and giving flexibility to your users. If you tighten controls too much, you will harm productivity and encourage people to find ways around your security. Therefore, we recommend giving some weight to convenience and accessibility concerns when you select a password management solution.
Reporting and Monitoring Requirements
Imagine trying to check if your front door at home was locked at night with your eyes closed. It would be frustrating, slow and foolish. If you lack robust reporting features in your password solution, you are stumbling around in the dark. Larger companies will need more controls and reporting than smaller ones, so scale your expectations accordingly. To help you further understand the importance of reporting, check out our post: How to Use Password Management Reports to Control Risk.
Upgrading your password management solution should not disrupt your workflow. The best solutions will have a productivity benefit. For instance, look at Apollo, an IT security chatbot. It is designed to interact with employees on password reset requests and other similar requests. By automating this routine and crucial task, Apollo delivers automation to IT security.
In a few cases, you may need to push for industry experience. For example, banks and other financial companies are under tremendous pressure from governments and customers to deliver robust IT security. In that case, it makes sense to ask vendors if they have worked with companies in your industry. If the vendor does not have experience in your industry, that should not eliminate them from consideration. However, it will increase your need to carry out due diligence.
After you develop your list of criteria, there is one more step to consider. Assign weights to the various factors. If you have had a serious of disruptive IT projects recently, you may decide to give more emphasis to the employee experience, for example. Once you have that point clarified, you can start looking at different password management solution providers.
Your IT Security Next Move After You Upgrade Password Management
Upgrading your password management solution is an excellent way to increase your IT security. Solving that problem means it is time to look into other areas. For example, consider standardizing user account access across roles (e.g., all customer service reps start with the same set of access privileges). That standardization will go a long way toward reducing risk. To simplify this process, it is best to purchase a software tool to help you manage the process.