Keeper Security Is Zero Trust

Keeper’s cybersecurity platform enables organizations to achieve full visibility, security and control across your data environment. By unifying Enterprise Password Management (EPM), Secrets Management (SM) and Privileged Connection Management (PCM), Keeper provides organizations with a single, pervasive pane of glass to track, log, monitor and secure every user, on every device, from every location, as they transact with all permitted sites, systems and applications.

With a zero-trust framework and zero-knowledge security architecture, Keeper uses best-in-class security to safeguard customer data at the vault, shared folder and record levels with multiple layers of encryption keys.

What is Zero Trust?


Zero trust is a framework that assumes that all users and devices could potentially be compromised, which is why everyone, human and machine, must be verified before accessing the network. The zero-trust security model was created for cybersecurity solutions architects, systems integrators and DevOps teams. It integrates cybersecurity capabilities into a pervasive IT environment, empowering cybersecurity planning and decision-making.

Even before remote work surged due to COVID-19, zero trust was becoming essential to data and network security in contemporary digital workplaces, which rely on cloud-based, distributed data environments. In the post-pandemic workplace, IT infrastructure isn’t the only thing that’s distributed; workforces are too, making zero-trust that much more important to preventing data breaches and ransomware attacks.

Historically, all users located inside an organization’s network perimeter were trusted; only those outside it were not. The COVID-19 pandemic turned this traditional perimeter-based network model on its head. Organizations of all sizes migrated en masse to cloud-based solutions, including multi-cloud and hybrid environments. The race to the cloud, which coincided with a mad rush to remote work environments, resulted in an exponential increase in the number of endpoints, websites, systems, databases and applications that require authentication and end-to-end encryption. 

In this new environment, traditional security models were exposed as being grossly insufficient. Traditional, disparate solutions across heterogeneous IT environments made the task of providing comprehensive visibility, security and control of an organization’s networks and endpoints impossible.

Enter Zero-Trust Network Access (ZTNA). In contrast to traditional security models, zero trust does not trust any human users or devices, regardless of where they are located. In a zero-trust environment, all users and devices must be authenticated before they can access organizational resources, because it is assumed that any human or machine could be compromised.

Zero-trust network access isn’t about deploying specific tools, and it’s not a model that can be adopted piecemeal. It involves fundamentally changing how the organization approaches security, which requires an “all or nothing” mindset with firm commitment by all levels of leadership and teams. Instead of relying on where users are, zero-trust makes them prove who they are. Further, once users are authenticated into the network, least-privilege access ensures that they can access only the network resources they need to perform their jobs, and no more.

Implemented properly, zero-trust network access provides IT administrators with full visibility into all users, systems, and devices. People, apps, and services can communicate securely, even across network environments. It doesn’t matter if users are connecting from their homes, hotels, coffee shops or airports, or even if they’re using their own devices. Administrators can see exactly who’s connecting to the network, from where, and what they’re accessing – and users can’t get in at all until they’ve explicitly proven they are who they claim to be.

How Zero Trust Strengthens Password Security

User and device verification are at the core of zero trust. A zero-trust solution must include a number of functions to ensure its effectiveness. Some of those functions include:

  • Multi-factor authentication (MFA)
  • Principle of least privilege (PoLP)
  • Monitoring and validation

For this reason, organizations that want to successfully deploy zero trust must be able to enforce comprehensive password security among their users, including the use of strong, unique passwords for every account, multi-factor authentication (2FA) on all accounts that support it, role-based access controls and least-privilege access.

Without an enterprise password management platform, organizations have no visibility or control over what their users are doing with their passwords, and they will be unable to successfully adopt the zero-trust network access model.

How Does Keeper Help Organizations Achieve Zero Trust?

Keeper’s cybersecurity platform enables zero-trust security and compliance by unifying Enterprise Password Management (EPM), Secrets Management (SM) and Privileged Connection Management (PCM), all built on our proprietary zero-knowledge encryption model.

Zero-knowledge is a security model that utilizes a unique encryption and data segregation framework that prevents IT service providers from having any knowledge as to what is stored on their servers. In Keeper’s case, this means that: 

  • Customer data is encrypted and decrypted at the device level (not on the server).
  • The Keeper application never stores plain text (human readable) data.
  • Keeper’s servers never receive data in plain text.
  • The keys to decrypt and encrypt data are derived from the user’s master password.
  • Multi-layer encryption provides access control at the user, group and admin level.
  • Sharing of data uses public key cryptography for secure key distribution.
  • Data is encrypted on the user’s devi
    ce before it is transmitted and stored in Keeper’s digital vault. When data is synchronized to another device, the data remains encrypted until it is decrypted on the other device.

No one but the end user can view the plain-text data in their Keeper vault — not even Keeper’s own employees.

Keeper offers a suite of complementary products to support your company’s zero-trust deployment:

  • Keeper’s enterprise password management platform provides organizations the total visibility and control over employee password practices that they need to successfully implement a zero trust security model. IT administrators can monitor and control password use across the entire organization and enforce security policies and controls, such as MFA, RBAC and least-privilege access.
  • Keeper Secrets Manager provides DevOps, IT security, and software development teams with a cloud-based platform for managing all of your infrastructure secrets, from SSH and API keys to database passwords and RDP credentials. All servers, CI/CD pipelines, developer environments, and source code pull secrets from a secure API endpoint. Each secret is encrypted with a 256-bit AES key, and then encrypted again by another AES-256 application key. The client device retrieves encrypted ciphertext from the Keeper cloud, and secrets are decrypted locally on the device — not on the server.
  • Keeper Connection Manager is an agentless remote desktop gateway that provides DevOps and IT teams with effortless, zero-trust network access (ZTNA) to RDP, SSH, databases and Kubernetes endpoints through a web browser. All users and devices are strongly authenticated before they are permitted to access organizational resources. 

Keeper’s zero-trust cybersecurity suite enables organizations to adopt zero-trust remote access for their distributed workforces, with strong authentication and granular visibility and control. Secure your business’s credentials, IT infrastructure secrets, and remote desktop connections with zero-trust and zero-knowledge security.