Introducing Bravura Safe

Cut Your Cybersecurity Risk with an Industry-Leading Password Safe

While compromised passwords remain the top cause of breaches and attacks, working from home and leveraging new tools has resulted in an explosion of new, decentralized employee passwords outside of the enterprise applications onboarded to your identity and privileged access management program. This shadow IT creates significant cybersecurity risk for your company with hundreds of employee passwords, secrets, and files shared in chats and texts, stored in spreadsheets, and saved on sticky notes. Or worse, passwords are reused across personal and corporate accounts on the internet.

Introducing Bravura Safe. It's an enterprise password safe that centrally, consistently, and securely manages your decentralized passwords, secrets, and files to protect against cyberattacks. In this webinar you will learn more about:

• The real risks that decentralized passwords pose to your organization
• How you can improve basic employee password management hygiene while making password management way simpler for everyone
• How simplifying and centralizing password storage and management can quickly decrease your risk within a matter of days to weeks
• Unique use cases for safely sharing and storing sensitive information, secrets, files, and credentials 

Review the Full Session Transcript

No time to watch the session? No problem. Take a read through the session transcript.

Speakers:

• Kevin Nix, Board Member and Advisor
• Bruce Macdonald, Senior Sales Engineer
• Carolyn Evans, Director of Marketing

Carolyn Evans (00:12):

Good morning everyone. We are just going to take one moment to get started on today's webinar.

Carolyn Evans (00:54):

Welcome to today's webinar with Kevin Nix and Bruce MacDonald. My name is Carolyn Evans. I am the director of marketing here at Hitachi ID and today's moderator. Kevin and Bruce: they are two experienced identity and privileged access management experts from Hitachi ID. Kevin Nix is a strategic advisor for us and Bruce MacDonald is one of our senior sales engineers. So as we get started on this, cut your cybersecurity risk with a new industry leading password safe. We just wanted to reiterate how this is so timely because there have been so many attacks recently that have been increasing over the past couple of years and as IT and InfoSec professionals are acutely aware, cybersecurity success is only as good as the technologies, the policies and the practices that you've actually put in place. Cybersecurity has never been more important starting with the fundamentals passwords. So Kevin and Bruce are going to explore how you can cut your cybersecurity risk with a new industry leading password safe throughout this session. Please feel free to send questions through in the chat and at the end we will also have some time set aside for questions and answers. Over to you Kevin.

Kevin Nix (02:12):

Great, thank you Carolyn. So good morning everyone. I just want to welcome you to this webinar. Maybe to set the tone a little bit. So today we're going to be talking about Bravura Safe, but just to put this in context, Bravura Safe is part of an overall set of solutions that we call the Bravura Security fabric. And so one of the things that's unique about Hitachi ID is we're one of the, perhaps the only company that has a common infrastructure around identity and access management privilege, access management, password management, and single sign-on, and then discovery tools that really help you assess risk. But today's focus is going to be on Bravura Safe, and if you're interested in any of the other offerings that we have at Hitachi ID please visit our website and download information on that. Okay, so let's talk a little bit about why we're here today.

(03:16):

And I think the first focus of this is this concept that we all thought if we'd implemented a single sign-on password management solution or a privileged access management solution that we had secured our landscape. What we found through some market research is that there is a whole series of decentralized passwords that are not under any management at all. In fact, in many cases some of these unfortunately are in notebooks, they're in spreadsheets, they're on stickies, and obviously these lead to vulnerabilities because many times we're all humans, we can't remember an infinite number of passwords. We use the same corporate password to access these decentralized systems. In fact, you can see some of the examples in the logos below. In some cases it might be social networks and other cases it might be various different infrastructure or DevOps. So the net of it is we saw this gap in the market where it was clearly uncovered and that's really what we wanted to focus on with Bravura Safe.

(04:29):

So Bravura Safe is an interesting product. We're very excited about it because as we surveyed the market, what we found is that a lot of companies because of this gap were actually implementing what I would call consumer password management tools. And the challenge with that is those products were really designed for consumers or designed for families of consumers and then try to stretch their infrastructure to kind of get into the small medium sized business and then ultimately the enterprise. And we really found the space was lacking for a true enterprise grade password manager. So Bravura Safe centrally controls and manages these decentralized passwords. This is a SaaS offering. What's unique in the market, and we'll talk more about this, is it's a single tenant model. In essence saying that there's no other company that will share secrets in your instance that's very different from the consumer marketplace because you use multi-tenancy to get scale and margin.

(05:32):

We have the luxury of being able to implement on a single tenant model. You're also going to see a demo from Bruce around this concept of safe share. And this is a very interesting feature that we found where people are moving content back and forth. It could be maybe sensitive spreadsheets around budgets, it could be password, believe it or not, in some cases. And these are just in the clear. So what you're going to see with SafeShare is the ability to send encrypted secrets, whether it's files or text, and have a very, very secure method of sharing that information, whether it's email or various collaboration tools like Slack, et cetera. This is a product that has a multiple series of clients from all the oss that you care about as a native app to a web browser interface that you're going to see to mobile platforms across iOS and Android.

(06:27):

Last but not least, the system is designed so that it will work in an offline mode. So as I mentioned earlier, this is a SaaS offering, but we think it's important that if you're disconnected, you still can access your secrets and Bravura Safe and that's absolutely the way the system is designed. The final thing I'll say, and hopefully this will be a takeaway from the demo, is we've combined what I would call a consumer grade user experience with enterprise grade protection and controls. And so the net effect of this is we believe Bravura Safe will be one of the easiest products security products to implement in terms of being able to really not have a centralized heavy IT deployment model, but a much easier lighter consumer grade way to deploy within the system. And so with that, I'm going to go ahead and turn it over to Bruce and he's going to dive into more detail around Bravura Safe, Bruce.

Bruce MacDonald (07:26):

Sure. Thanks Kevin. Good morning, good afternoon, good evening to everybody. This slide, we're starting to talk about the features that are present within Bravura Safe. Obviously the primary or one of the primary reasons for this is to be able to store sensitive secret secrets more the generalization because of passwords, credit cards, blobs of texts, anything that needs to be protected. One of the primary things that you'll need to do is generate good passwords when you're protecting these things. And there is the ability, there's a password generator, we'll see a slide of that, I can show it to you in the demo later on. Certainly filling in your logins, automating your logins is a big part of it. You click on launch, you can launch all of your applications directly from it and it'll auto fill the credentials for it. The storage is encrypted. AS256 is the standard encryption algorithm that's used and that really does give virtually impenetrable protection for those secrets. The point, sorry, sorry

Kevin Nix (08:40):

About that. I don't know what

Bruce MacDonald (08:41):

Happened there.

Kevin Nix (08:43):

Yep,

Bruce MacDonald (08:44):

Sorry, just back up

Kevin Nix (08:46):

One. Oh, sorry about that. I don't know what happened.

Bruce MacDonald (08:50):

That's alright. That's Kevin's already spoken to the consumer grade interface and we'll talk about the sharing, both sharing to people that are within your organization as well as sharing to users outside of your organization. You might have to send some spreadsheets to your auditor, that kind of thing. Bravura Safe can assist in both of those. The next one there Kevin. So really if you look at this from a simplistic view, we have people on the left which are organized into divisions, departments, teams, any logical connections can form a team. Users can create their own teams and they can be people that share some common interests of game departments and so on. Over on the right hand side, the passwords and files, the secrets, the objects that you want to protect and safe is in the middle there. It's providing the protection and the linking of people it organized into groups and teams with the secrets on the other side and being able to securely share those.

(09:57):

Next one. So someone, when we talk about teams, people think, well, what is a team? I don't really need a team. Well sure you do. You think about it, it could be your entire company could be a team, you could have all the people within your department or division. You could continue to break it down. It could be projects, it could be a manager and an admin assistant. Those two people might represent a team that could be then managed and share documents back and forth between each other. Customers as well. You could have for example, the creds to a customer portal specific to that customer that needs to be shared with other members within the organization. So team is the general concept that you need to be aware of that we're keeping people, people with a common interest and allow them to share.

(10:55):

Next slide. So what can we store? We can store logins, we can store credit card information identities, any kind of a secure note might be a password. It could be any kind of text that needs to be stored, but that's not where it ends. We look on the right hand side, database credits, wifi passwords, digital certificates, licenses for applications and so on. All of these can be stored within the product and then those various objects can have different attributes associated with them. The example might be if I'm storing a wifi password, where is the wifi hotspot? What is it operating on in terms of a five gigahertz? And so you can have different attributes associated with various objects and we're expanding those. If you have ideas we're happy to hear them.

Bruce MacDonald (11:58):

Most of the business users are already going to have some secret stored, whether they are in a competing product, LastPass, 1password, Dashlane, there's lots of them out there, or they might be stored within a browser or they might be in a spreadsheet. There are mechanisms within Bravura Safe to do that import so that users can get all of their credentials brought back into one central location. Next, there we're, so this is the slide I was talking about, password generators. This is really important. Remember when you're going to create a secret in store and be able to auto-fill into a login prompt, why not make it a very secure password? The users can adjust whatever policy length they want. You want 14 characters, you want 35 characters, mixed case, special characters and so on. All of that can be controlled so that the user is getting and generating a really good solid password that is very, very difficult to crack. Below it, you'll see the pass phrase generator as well. So some systems require a pass phrase as opposed to a password does all that as well. So want to get that hygiene up, make sure people are taking good control of their passwords and creating good work, creating good passwords.

Bruce MacDonald (13:32):

Now this is implemented as a zero knowledge solution and it's important to understand this. Zero knowledge implies that only the user with that master password can actually access the secrets. Even if I was a full admin of our system, I had all the admin rights in the world, I cannot see your passwords. It's impossible. The key is built on the master password itself. So without it you can't do anything. It supports 2FA. So we highly recommend that you put 2FA in place so that users have a token to access the system as well. And the data is cached locally. So whether it's on your mobile app, on your workstation, on a browser, or if you have one of the thick clients for Linux, Mac, windows, the passwords are stored there locally. And that's important because let's say you're in an airplane, you're offline completely, you still have access to your secrets, they're there with you.

(14:45):

This idea of a safe share, what's happening here is there's often cases where you need to share data, you need to share a file to be some text value, but you need to share it with somebody outside of your organization. So save share allows you to do that. And the key here is that when you create a share and then send it off by email or Slack or what have you, you are only sending an ephemeral link to that. The data point itself, the file, whatever it is that you're sharing stays encrypted on the database and that allows for very secure sharing to external sources. And then you can put option, you can see on that some examples there of deletion date or an expiration date. Maybe you won't only want to allow someone to download it once and then that's it. All of these are possible within the safe send.

(15:40):

You can even put in a secondary password you see at the bottom there where the user is going to get a link, but when they click on the link, it'll still prompt them for a password that you've maybe delivered through voicemail or some other conveyance mechanism. Okay, next please Kevin. The emergency access. So this is getting into an area that is can be rather tricky when you start thinking about users that have all of their secrets stored and sometimes they're the only one that has that secret. You have to ensure business continuity. Life happens, right? People get sick, people die. There's all kinds of reasons where unexpectedly the user's going to be unable to access their secrets. So there's a concept of an emergency access, a delegate, a person who is going to be able to take over your environment after a certain period of time. So the emergency access is all crafted out as that. In this example here you can see Fred Johnson is the delegated contact for this particular user that this screen cap was taken from. So important to remember, and this is one of those things that Kevin alluded to, and enterprise requires this kind of a thing. If you're just storing your Instagram password or something on a consumer grade, this isn't really a big concern, but absolutely for business continuity, it's needed.

(17:14):

Next Health Reports, again, this is all about getting users to promote better password hygiene. There are reports built into the system allowing users to check, have their passwords been exposed on the dark web? Do I have lots of applications that have the same password associated? Ultimately they should all be different unique passwords. If the user has access to a website that supports 2FA but they're not using 2FA, we can surface that as well. All of this in an effort to get better hygiene, get people taking better control of their secrets.

Bruce MacDonald (17:59):

Kevin, you're going to talk a little bit about the differentiators.

Kevin Nix (18:03):

Yeah, so let me summarize kind of what we've talked about today. And then Bruce is going to take us through a demonstration of Bravura Safe. As I mentioned before, Bravura Safe is what we believe is the only enterprise grade password manager for decentralized passwords. We were unique in offering this in a single tenant SaaS offering. None of your secrets will ever be commingled with another tenant federation authentication, TOTP generators, multi-region disaster recovery. Critically important in terms of enterprise grade password management. This isn't again a consumer grade product that's just hosted on their own infrastructure. And again, you're shared with many others. The technology is based on the bit warden open source, which many, many reviews have shown is one of the most secure technologies in the marketplace today. And we've taken that bit warden open source and we've added enterprise grade extensions and capabilities on top of that. And then last but not least, we're one of the unique enterprise password managers that include not just password management of secrets, but also the ability to securely send confidential information across to colleagues or even people outside of your domain. Oh, so we're not to questions yet. Let me go ahead and stop sharing and then I'll turn it over to Bruce. And Bruce is going to give us a tour of Bravura Safe.

Bruce MacDonald (19:51):

Alright, so let's look a little bit at the interface. I have a couple of users that are logged in here and we'll show some scenarios that you might see. First of all, the ui, when a user comes into the environment, they are presented with everything. They can see big long list of secrets that are their own as well as those that have been shared to them by somebody else. Anything that has this little cube icon on the end is a secret that has been shared to this. User users can organize 'em as they want. They can put favorites. So things you use all the time, you may want to have as a favorite. You can create folders in your environment. So if this is what Gary, so I'm logged in as Gary and he's got a folder for his travel related things. So his frequent flyer clubs and hotels and company credit card, so on, all of these are secrets that are organized within a folder.

(20:52):

You can click on any one of them. This is his company Visa card for example, has some information and you can see all the attributes that are specifically aimed at credit cards. Is it a Visa or a MasterCard or so on? What's the number? What's the CVV expiration date, et cetera. So you can add all of these which are prebuilt and then you can add additional custom fields as you desire. Those fields could be texts, they could be hidden, they can be Boolean fields, it can even be a link. So you could create a new link in here and call it whatever you want with some value associated to it and save it all remains within that secured record. All remains completely encrypted. So the user has the access to their environment. Let's look at sharing first of all. So I'm logged in here as Gary and if I look at the teams that Gary is associated with, I'm going to look at this one, this finance fiscal year 22 budget review, that's the name he came up with. He created this team, he's the owner and he wants to invite a few people to it. So because he has that ownership, right, he has the ability to manage it. We've already invited a few people into the team. So those users have some level of access, but potentially not all the access. Let's just look at Billy for example. I can see what right she has, she's a user as opposed to a manager or an admin. You can even do custom access controls if you want something more specific or fine grained controls.

(22:31):

So designate what right, she has, I can say what rights, what collections within this team does the user have access to? Right now, the only thing Gary's giving her access to is the budget forecast. All of these others she does not see yet. So if we looked at Billy's screen over here, she's locked out here, lemme just unlock her. So when a user goes, she goes in and looks at her budget review her copy of that budget review, there it is there. She's seeing if I look in the collections budget, that's the only thing that she currently has access to. Billy says to Gary, Hey, I'd like to participate in some of your other collections so he can go in and add additional ones. Let's go into the let's go CapEx. Look at the users there. Currently Billy doesn't have that simple checkbox save it.

(23:31):

And now if we go back over to Billy's view here, just needs a browser refresh goes into here, oops, where there we am I hitting the wrong one. Teams budget review, there we're and now she sees this additional item, this CapEx expense. So you can share elements back and forth between users of say, in other words, other users within your organization. There's another way of looking at sharing though. Let's go back over to Gary's interface. And that is through the concept of a safe share. This is where we're going to create an ephemeral link to an object or to a blog of text. And then we're going to send that link over to somebody else. So the first thing you would do is go in and create a new share. So let's call this one the we're on the budget theme budget 22 spreadsheet and we'll go and find a file that is suitable to use for that.

(24:39):

There's one there, we'll open it and then I can look at additional options on here. I could say after seven days it's going to be deleted. This one's never going to expire, but I could put an expiration time. Let's say I'll put a maximum access count too. It can only be downloaded twice. I'm also going to put a separate password on, let's put 2022 as the additional password. So even though when the person gets this email, they click on the link, they're not going to be able to access it until they know this password and any additional notes that you might want to put in. So I'll just copy that link is part of my exit here. Hit save. So what that's done now is it's uploaded a copy of that spreadsheet, it's encrypted it in the database and now I have a link to it on my clipboard.

(25:29):

So I'm going to go over to email, I'm going to create a new email and we're going to send it to to same person and subject stuff. I promised you whatever it is, here's the spreadsheet and we'll put in the link. And here is that text I told you about. So the user can, we're going to create another link in this case we'll just jump back over to Karen, create a new one. This one we'll do as a text. So I'm going to call it secret text and I'm going to say it's text component and we're going to put in a very secret password. 1, 2, 3, 4. This is the text element that's going to be displayed. I can also hide it initially so that when the recipient gets this and they click on it immediately, it doesn't pop up. If they weren't, maybe there was somebody sitting beside them or behind them. You don't want them to be able to see that level. And again, all those other options are available here as well. We won't bother.

(26:43):

I'll copy that clipboard to the link, save it, and now pop back over to my email that I was composing and sign off and hit send. So I've created an email, I've created two sends, one of two shares, one a file, one a blob of text and I sent a link off by email. So let's pop over to Billy's point here and just get her email. She'll be here in just a second. There it is. So here's the stuff that Gary promised her. Here's the spreadsheet, click on it again, it's going to prompt for a password because we put that 2022 password in. So this presumably through a voicemail or told her over the phone what it was, whatever it might be. Now Billy types in that password and is able to see the spreadsheet. You can go ahead and download it. So I've downloaded it once.

(27:44):

Let's download it again. Now we're at two downloads. Now if I tried a third time a lot because we put on there that you can only download or access that file twice. The other thing that was in that email was the text. So again, we can click on the link. This blah of text is going to display in a gray box, but it's going to be grayed out initially because we chose that option. So it's been hidden by default and just toggle the visibility and see it. I can copy it to my clipboard. So we're doing shares to users that are potentially outside the organization and allow you to do so very safely without actually trusting the object itself being transmitted through email. The last thing I wanted to show is just the ability to look at various reports. And these aren't administrator reports, these are reports the end user can run.

(28:44):

Let's check my, do I have any passwords that have been exposed on the, have I been phone website? That's what this one is using. So it can see there's something here. He's been file upload portal. What's the password there? Oh, password of password. If I change that to password 1, 2, 3 let's say and hit save. You watch that number go down. Now it's only been exposed 45,000 times as opposed to 400,000 times. So it's a dynamic query against the database to ensure to see if it's been used. I can also look at the reused passwords. This guy doesn't have any reused. I think Billy does though. I do. Quick check over here. Yeah, she's got a whole bunch of passwords because all of our actors in our demo scenario, I chose to use the same password. Well it picked it up and said it's been reused 10 times.

(29:36):

So that's the idea of reused passwords. I can even at weak password reports, do I have any passwords that are very weak, weak, strong, very strong. So it'll allow me to capture any passwords that are of lower grade. Allow me to upgrade 'em. Unsecured websites doesn't have any 2FA. This is where these 1, 2, 3, these six things all support 2FA. But Gary hasn't enabled it on there so it allows him instructions right there. How to get the 2FA and put a TOTP token on it. And speaking of that, it's one thing I didn't mention earlier is that the system does allow you to store TOTP tokens. So if I look at this user, there's the two TOTP token, there's the authenticator key and those are dynamically being generated. You see the countdowns going down to 13 seconds every 30 seconds refreshes. So if I was to log in and I needed a 2FA, I can grab it right from safe. I don't need to have a phone with Okta Duo and so on it.

(30:50):

Okay, so that is the high flyby of using Bravura Safe and you can share within your organization, you can share outside of your organization, you can also store all of your own credentials in the system. But look, I dunno if we did the launch of go over here and look at favorites, yeah, I can launch websites from it of course too. Click on that. It launches this website into a new tab. It's going to fill in the blanks for me. I do. Well there it is there, it fills in the blanks and I just click, this one has a capture and I sign in. So automated filling of credentials into websites. If I was to go to a website that I had not already captured, it would pop up the browser extension saying Hey, would you like to capture this? Do you want me to save it? So there's an auto addition of your credentials into the database if you want to save them into Bravura Safe.

(32:05):

That's kind of a high flyby of the product. What it does, very straightforward consumer grade interface. And again, as Kevin said to reiterate a lot of enterprise policy being added into it. So things like the password strength rules, you'll be able to govern those at enterprise policy. You'll be able to do a lot of things with admin control but still allowing the users to maintain access to their own stuff like their own teams that they're the manager for. Carol, I'll turn that back to you. We want to see, I dunno if there has been any questions, how are we on time? Okay. Or Kevin, is there anything else you'd like me to show?

Kevin Nix (32:54):

No, I think you did a good job there Bruce. Just to sort of summarize what you saw in the demo, what we've done is really take this enterprise grade password management, but through the concept of teams, you have the ability for people to be the ability to manage shared passwords at a team-based level. And so to take nothing wrong away from centralized it, but the concept of being able to deploy this type of system quickly empowers users who already have the shared secret or password to be able to go ahead and do some level of self-management and self-organization. And so we think this is one of the most interesting aspects of managing and centralizing decentralized passwords because you have this sort of collaborative model to be able to organize and manage and secure things that quite candidly are not secure in your environment. That might be a good one to take a look at, Bruce.

Bruce MacDonald (34:06):

Yeah, this was the emergency access. So this allows the user to be able to designate already designated one person you can designate others with whatever, just the right to view your data or the right to take over your data in the case of something befalls you and you're unable to actually do it, you can allow business continuity and somebody else has that, right? That can be dictated to a manager or a peer as desired. And I showed there while Kevin was speaking and just mentioned about the password generator and you set this to whatever policies you want. I wanted a 55 character password, but there it is. Minimum numbers, minimum letters, you can adjust them as you want, choosing whichever character sets to put into the system. So allows you to really get solid, solid passwords against your various applications. You'll never need to remember them. It's always coffee and paste or insert it directly. Carolyn, do we have any questions that came up?

Carolyn Evans (35:21):

We do the first question, how is the 2FA availability check working API call to who?

Bruce MacDonald (35:36):

To under the reports in here, the inactive twoA report. So this is just where it's finding the websites that you have already configured on. You already have a targeted in your environment and it's just querying it to, does it support 2FA? So it's found this WordPress, Oracle financials that do support it but just have not been implemented yet. So it done, it's probing those sites to see if they do support 2FA.

Carolyn Evans (36:12):

Okay,

Bruce MacDonald (36:13):

Instructions are listed out for you.

Carolyn Evans (36:17):

Alright. All right. This one is for Kevin. Do you have any recommendations on where to start and how to prioritize?

Kevin Nix (36:28):

Yeah, that's a great question. So I think as we've been talking to customers and prospects, this is one of the most common questions we get asked. And a first way to think about it is look at the domain of, think about all the passwords that are decentralized. So anytime any person is typing into a rectangular box, chances are that is an insecure password, not secured password. And so that's really a good place to start. And another way of thinking about it is sort of this gap between those secrets that are covered under single sign-on those secrets that are covered under privilege access management. And then I think you'll be surprised to find there's a pretty big gap in between those two control systems. Another thing to think about is just anytime a password is written down anywhere or typed into a spreadsheet or some digital storage anywhere, those are clearly passwords that are candidates for Bravura Safe.

(37:32):

There are a couple of places to look at. I mean social networks. I know when we implemented Bravura Safe internally, marketing was absolutely one of the places we started immediately because that's a really common place where you're sharing secrets. That's sort of the other dimension to this, which is, okay, is the password typed in or on a sticky note, et cetera, and that's my password. But then what if this is a password that needs to be shared across two or three or five or more people? As you saw in the demonstration that Bruce gave, that's one of the strengths of Bravura Safe is the ability to share secrets across a group safely. The second question tied into that is a little bit around password strength policy. This is another one where we get common questions. I know one particular prospect said, Hey, we are beefing up our password strength policy to a considerable long text, maybe 18 or 19 characters with many, many special characters.

(38:36):

And their concern was like, well is this going to be a torches and pitchfork moment where we implement this policy and people then won't remember them? And what you saw with the form filling, the auto form filling that Bruce showed you is, and I of course use Bravura Safe, I don't need to know any of my passwords, I just simply utilize the browser extension that Bruce showed you. I go ahead and launch it form fills, I click okay and I'm off to the races. So this really allows you to think about, hey, I'd like a stronger password strength policy, but I'm concerned about user adoption and hopefully what you saw in the Bravura Safe demo is we see ourselves as a very good enabler to help you strengthen your password policies.

Carolyn Evans (39:29):

Okay, that makes sense. Bruce, can an admin or anyone else see my passwords?

Bruce MacDonald (39:37):

No. Yeah, good point. Actually that's the whole basis of this zero knowledge solution. Some people get the idea that there's always Big Brother, there's always somebody able to see down into my stuff and that doesn't exist. We refer to it internally as kind of the honeypot syndrome. If you have buckets of secrets that ultimately roll up to a point where somebody or some small number of people do have such broad access, you're able to see the honeypot and it's not a good thing. You want to make sure that those secret buckets are isolated from each other and isolated from any administrative action. Administrators can go in, they can see the organization, they can see or the teams, they can see the collections that exist within those teams, but they have absolutely no ability to access the secret. In fact, if you are implementing a federation perspective, which is a really good idea where you've got an IDP Azure, ours, we also make an identity provider, but when the user comes in via sale assertion into the system, they're authenticated, but they do not yet have access to their secrets. They still need to provide the master password in order to unlock the secrets because again, that is the root of the key that opens that credentials. So long answer to no, an administrator cannot see your credentials, only people within the organization or within the team have the ability to do that, be able to.

Carolyn Evans (41:35):

Okay, and it looks like we have one more question. If anybody has any others, please feel free to send them through in the chat. Kevin, can Bravura Safe manage my personal accounts for Facebook banking, et cetera?

Kevin Nix (41:54):

That's another very good question. Technically the answer is yes. Technically, however, we strongly, strongly urge a password management policy that has cleared distinction between your personal and consumer passwords and your business and enterprise passwords. And where we've seen this to be kind of a challenge is companies in the thought process of trying to do the right thing, they said, well, we want something is better than nothing. So a lot of these consumer password managers, I won't name names, they're all very good consumer password managers, sort of subtly and virally get deployed into the enterprise landscape. And the challenge with that is people are typically bringing along their consumer passwords with their business passwords, so now they're commingled. So we strongly urge kind of separation of church and state there and we believe that. And so here's a super easy answer, which is as companies are moving to safe, you saw Bruce's export import slide, which covers all the major consumer grade passwords that are out there.

(43:10):

You can have your teams export and then import their enterprise passwords into Bravura Safe, remove those business passwords from their consumer password manager. And then here's the kicker, you actually can control access to your consumer password manager from Bravura Safe. As you saw Bruce launch, it was a website with auto form filling. You can take your consumer password manager and actually launch it quickly and easily from Bravura Safe. So in this way you're not asking your users to have to change from a consumer password manager that might be shared across their family. And so why change if it's very, very comfortable for yourself and for your family to be able to manage consumer passwords, but at the same point in time you have separation, you have separate instances and then you make it very, very easy via safe to actually launch into your consumer mode if in fact you need to access those secrets

Bruce MacDonald (44:20):

And remember this point, emergency access when that's enabled and somebody, you have an accident, you get sick or whatever, somebody takes over your account. If you've got your banking password, your Facebook, your Instagram, whatever in there, they've got access to it. So you really need to be careful that you're, as Kevin said, keep that separation between church and state so that you're not co-mingling them even though technically, sure I could put my Facebook account password in here, but it's just really a best practice to not do that.

Kevin Nix (44:57):

Actually, to add to this, Bruce, as we've been talking about Bravura Safe with CISOs and IT security managers, they've said, Bruce, Kevin, help us. We don't want this. Unfortunately, it's crept into our landscape and we need a solution that allows us to, because think of the liability if someone has a honeypot access to consumer passwords and abuse that you can only imagine the level of litigation that your enterprise might be facing. So it's very, very common where companies have backwards stepped into this problem and we think we have a very elegant solution to help get these companies out of that situation.

Carolyn Evans (45:44):

Thank you. Okay, on that note, we are going to wrap up. Thank you for attending today. We are going to send out a copy of this recording to everybody who attended and you can share that with your team. If you would like to dive deeper, just let us know and we are happy to arrange a follow-up call. Thank you very much Kevin and Bruce and thank you everybody for attending.

Kevin Nix (46:09):

Thanks everyone. Thanks everybody. Take care. Bye.

GET INSPIRED

Hear from experts and get inspired. Learn how Bravura Security is innovating in the data protection world.

GET INFORMED

Learn from industry experts and expand your knowledge with a deep dive into what our solution can do for you.

GET READY

Learn how our customers are having success with Bravura Security and ask questions about your own security.