Rob de Negro, MD
Implementing efficient privileged access management (PAM) can be challenging for enterprises small and large due to complex networks that are a standard nowadays in the wake of rapid digital transformation and new ways of working. This is where Topicus KeyHub, a security-minded company comes into the picture. It offers KeyHub, a Privileged Access Management platform that can be easily implemented in the complex, heterogeneous network environment to secure credentials and protect privileged resources from hackers effectively. A typical technical implementation takes no more than a week. The adoption is team by team and grows - thanks to the platform’s decentral authorisation capability - organically.
KeyHub’s decentral authorisation is what gets the control of PAM into the hands of team managers instead of system administrators. This shift makes all the difference. For instance, when a new employee starts at a company that uses KeyHub, he or she has access before finishing the first cup of coffee because the team manager is empowered to manage access control with two mouse clicks. KeyHub is web-based, so it is easily accessed by the managers on any device and acts as a one-stop-shop solution providing them all the requirements for efficient PAM, including a single sign-on portal and a password vault. The platform’s team-based approach where every team has full control of their access management, leads to more security awareness, higher productivity, and less overhead for IT-admins. “KeyHub is a lightweight solution that focuses on easy implementation and wide adoption through human-friendliness, thereby fulfilling the market need for PAM that can be done by non-IT people,” states Rob de Negro, MD, Topicus KeyHub.
Traditional PAM systems are function or feature-centric, not human-centric or process-centric. This poses problems in day-to-day work, making processes sluggish and painful to execute. “We often hear that KeyHub looks easy and simple, we’re proud whenever we hear this. It’s really hard to create a complex solution that feels lightweight,” remarks de Negro. An example is KeyHub’s reviewing process where team managers are asked to check (and when needed, adjust) access rights every month. It’s vital for them to know who has or had access and that access is updated regularly. With KeyHub, it only takes a few seconds and two clicks for the managers to complete the process. Additionally, auditors have a clear dashboard to keep track of review progress that further strengthens the security. Furthermore, all these changes and security events are logged in an audit log. All this combined helps the clients in their ISO 27001 certification.
Topicus KeyHub is strict when it comes to new features: they must provide a clear improvement in security and they must never stand in the way of ease of use. For example, while traditional systems offer features like session recording, KeyHub doesn’t have it. “Is session recording a benefit? We don’t think so.
KeyHub is a lightweight solution that focuses on easy implementation and wide adoption through human-friendliness thereby fulfilling the market need for PAM that can be usedby non-IT people
Nobody ever watches these recordings, they take up huge space and have a negative impact on performance. Hackers bypass them and smart employees do the same for performance reasons,” explains de Negro.
On the other hand, the platform has a feature to enable teams to manage access control to specific servers by activating groups. It is just in time access, and it will stay active for the time the team member needs access. While other systems change the password to prevent access after the team members complete the work or stop working, KeyHub closes the server account after the time needed. “As no account exists, even if the hackers get the credentials, they can’t use the account any longer,” he adds.
A handy feature of the password vault is that the platform generates the second-factor authentication code for websites without the need for an authenticator app on a user’s mobile. As a result, the people can share team-credentials to websites including the time-based passwords, without the need to share a smartphone.
Furthermore, KeyHub comes with a RESTful API, a CLI and provides Webhooks. This makes it easy for DevOps teams to integrate KeyHub in their CI/CD tooling. Also, in agile teams gaining access to containers and services is a common and daily use case. Whether someone needs access in person or through a script, gaining access safely should present no hurdles apart from authentication.
The company is continually looking for ways to gain and share access in a secure and easy way. One of the features Topicus KeyHub plans to adopt is based on how social networks let the users discover new people. Users probably need access to the same service that other groups are using. The platform will suggest to them that they might need access to these groups because they are working with these people. “We call our new feature social discovery—based on these people you’re working with, you probably need access to,” says de Negro. “Human-friendly access is a constant on our roadmap, the other constant on the company’s roadmap is security, obviously.”
Topicus KeyHub serves public and financial institutions and DevOps firms. Since KeyHub is built in line with European regulations, it’s a huge plus point especially for European finance, fintech and public institutions. The platform has seen a lot of traction across industries due to the COVID pandemic. The crisis has made working remote a necessity. And after the crisis, people will do their work and business in a flexible and dynamic way. The mindset will be changed permanently. This will increase the demand for processes and systems that support a dynamic environment. To this end, KeyHub is an ideal solution for dynamic organisations, helping them manage access in a secure, user-friendlyand transparent way.