Centralize Passwords Spread Across Teams
Disparate methods of password management within an MSP is a recipe for security disaster. ‘Secrets Sprawl’ - which translates to a spread of passwords across excel sheets, notepads, and legacy password management solutions such as KeePass/LastPass is a common occurrence in a lot of managed IT companies.
If your organization looks like this, streamlining and centralizing the management of credentials within your MSP (and across all your clients) is a top priority. Centralization begins with discovery of all the outspread passwords, and then having a password management system to consolidate them.
Adopt a Common Standard for All MSP Passwords
Once you have secured all the credentials under the same umbrella, it is important to make sure these passwords adhere to security best practices and guidelines. You need to choose an internal policy that aligns with industry compliance standards and guidelines.
Guidelines like NIST highlight the need for at least 6-8 character passwords that are auto-generated and do not contain sequential characters. Other compliance policies like the PCI-DSS and regulatory bodies like CIS (Centre for Internet Security) enforce MFA (Multi-factor authentication), randomization of characters in a password and frequent changing/rotation.
Maintaining compliance using password management software helps keep best practices in check and ensures that reports and detailed logs are available during security and forensic audits.
Can Password Managers Suit Varying MSP and Client Needs?
MSP password managers are built to meet the requirements of both the managed IT service providers and customers who are in play. They offer features that allow managed service providers to:
- Segment and securely maintain, track client credentials
- Securely share client passwords with technicians/client end users
- Frequently change credentials (e.g. every 90 days)
- Control ‘which' users/user groups gets access to 'what' passwords
- Help customers comply with audit and regulatory requirements
- Grant just-in-time (JIT) access to client passwords only upon approval
- Send passwords to third-parties/ vendors securely on a time-limited basis
