Keeper Enterprise
Keeper is a cybersecurity platform for preventing password-related data breaches and cyberthreats.
Keeper Enterprise provides the highest levels of security and at the same time provides a simple user experience - with millions of users worldwide, Keeper is the proven industry leader.
Keeper is SOC 2 Certified, ISO27001 Certified, FedRAMP Authorized and StateRAMP Authorized. Keeper's encryption has been certified by the NIST CMVP and validated to the FIPS 140 standard by accredited third party laboratories.
Keeper Enterprise Demo
Below is a 25-minute demonstration of the Keeper Enterprise platform.
For a personalized demo with a Sales Engineer: Request a Demo Passwords are the single greatest cause of a data breach. 81% of data breaches are due to weak or stolen passwords. Password management solutions provide an affordable and simple way for companies to solve the root cause of most data breaches. By helping businesses generate strong passwords as well as manage and securely share them among teams, they significantly reduce the risk of a data breach.
Zero-Knowledge Security Architecture
Keeper's architecture is the most secure in the industry. Built from the ground up with record-level encryption and client-side key generation, the foundation of Keeper Enterprise is built upon a model that ensures only the user is able to decrypt and access their privileged information.
The Keeper platform is built on an access layer and encryption layer. Access and authentication controls who is able to sync the encrypted ciphertext, and client-side encryption controls who is able to physically encrypt/decrypt the data. This foundation is what gives Keeper the ability to apply the most granular level of protection to user data and enables the core features and capabilities of the product.
Users, Roles, Teams, Records and Shared Folders are all protected and managed through the use of client-side generated keys. This complex distribution of keys is completely managed by the software with a simple and easy-to-use user interface.
Keeper Encryption and Security Model DetailsMulti-Platform Access
Keeper is a cross-platform solution that provides full capabilities from every major platform and device including iOS, Android, Windows, Mac and Linux. Browser plugins are compatible with Chrome, Firefox, Edge, Safari and any other chromium-based browser.
The Keeper Administrator can restrict vault access to specific platforms based on security requirements of the enterprise. End-user vault applications can be used completely independent of one another, or used together. For example, using the Web Vault or Desktop Application does not require the installation of a browser plugin.
The Keeper Vault is available on all devices and computers, with award-winning native applications:
Native Desktop Apps
Windows
Mac
Linux
Browser-Based Apps
Chrome
Edge
Safari
Firefox
Brave
Other Chromium-based Browsers
Native Mobile Apps
iOS
Android
Chrome, Firefox, Edge, IE and Safari Browsers
Key Differentiators
Keeper was named Best Password Manager by PC Mag in 2018, 2019, 2020 and 2021. Some of the reasons that customers select Keeper over the competition are listed below.
Keeper vs. LastPass https://www.keepersecurity.com/vs/lastpass.html
Keeper vs. Dashlane https://www.keepersecurity.com/vs/dashlane.html
Keeper vs. 1Password https://www.keepersecurity.com/vs/1password.html
Keeper vs. Keepass https://www.keepersecurity.com/vs/keepass.html
Keeper vs. Passportal https://www.keepersecurity.com/vs/nable-passportal.html
Keeper vs. Bitwarden https://www.keepersecurity.com/vs/bitwarden.html
Keeper Fills Security Gaps in Single Sign-On
SSO and SAML simplify login to many cloud applications, however, it does have its limitations. Keeper (with Keeper SSO Connect) complements the two major gaps with your SSO deployment:
Offering privileged access to applications that don’t support SAML protocols.
Enabling non-password use cases, such as management and sharing of digital certificates, SSH keys, API keys, secret notes, lists, files and more.
With Keeper SSO Connect, you can easily add Keeper to the apps that your IdP services. Whether you use AD FS, Entra ID/Azure, Okta, Google Workspace, Centrify, Ping, JumpCloud or any other SAML 2.0 Identity Provider, Keeper will easily integrate. Keeper SSO Connect logs the user directly into their encrypted vault while maintaining full zero knowledge. With SSO integration, there is also no master password to remember. Keeper SSO Connect is available as a customer-hosted or cloud-hosted high availability solution that preserves zero knowledge and allows the end-user to authenticate directly into their vault.
For more information about Keeper SSO Connect, visit our web page: https://keepersecurity.com/keeper-sso-connect.html
Implement Zero Trust
Keeper's Zero-Trust Platform seamlessly integrates into any existing identity stack and infrastructure.
Keeper's least-privilege access model, encryption model and role-based access model support the zero trust implementation guidelines of NIST and provide organizations with a substantial leap forward in the journey towards zero trust.
For reference, see the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-207 document which provides the following operative definition of zero trust and ZTA:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
Global Regions
Keeper provides customers with the selection of geographic regions where data resides in-country.
United States
GovCloud US
Ireland
Frankfurt
Australia
Canada
Japan
Role-Based Enforcement Policies
The ability to provide least privileged access to an employee is critical in the deployment of an Enterprise Password Manager. Keeper gives fine-grained control over what users are capable of accessing and managing within the platform through the use of customizable role policies. By providing a flexible role policy engine, you can lock down restrictions and access based on the risk profile of the employee. For example, you may want your IT Admins to be restricted from accessing their vault outside of the office network. Or you may want administrative assistants the ability to onboard new users, manage teams and run reports. The entire process is fully customizable through a user friendly interface. Role Enforcements Include:
Password Complexity Rules and Biometrics
Multi-Factor Authentication, Token Expiration and Device Restriction
Offline Access Restrictions
Allow IP Listing, Sharing and Data Export Restrictions
Account Transfers (employee offboarding and break-glass scenarios)
Administrative Permissions
Delegated Administration
Keeper Administrators can create organizational units (called Nodes). A role can be given Administrative permissions over the node (or sub-nodes) for which a role exists. This delegated administration allows different people in the organization to have management controls over subsets of teams of users, roles and shared folders. Users within different nodes can be provisioned and authenticated with different methods.
Eliminate the Risk of Critical Data Loss
Keeper's Zero Knowledge Account Transfer capabilities provide Enterprise customers with the peace of mind that an employee will never walk away with critical data when they leave the organization.
Increase Productivity Gains
Since 50% of help desk calls are estimated to be password related, there is a significant productivity gain by rolling out a password manager to your organization. When employees don't need to worry about remembering passwords, the cost savings are massive.
Meet Compliance Needs
Compliance is becoming even more complex with requirements mandating internal control policies and standards. Organizations in heavily regulated industries are audited for password enforcement policies and practices. Keeper's password security platform solves many of compliance and regulation enforcement requirements that organizations face. Keeper Security is the most certified solution in the industry:
SOC 2 Certified
ISO 27001 and ISO 27017 Certified
FIPS 140-2 Validated
GDPR Compliant
GSA Certified
SAM Certified
Compliant with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”)
ITAR Compliant
FedRAMP Authorized
StateRAMP Authorized
Keeper Security is listed as Authorized on the FedRAMP Marketplace with an authorization date of 8/23/2022.
See: The Federal Risk And Management Program Dashboard (fedramp.gov)
Supports ITAR Requirements
Keeper supports compliance with United States International Traffic in Arms Regulations (ITAR). Companies that are subject to ITAR export regulations must control unintended exports by restricting access to protected data to U.S. Persons, and by restricting physical location of protected data to the U.S.
Keeper’s FedRAMP Moderate environment supports ITAR requirements through the following:
Fully compliant data storage hosted on AWS GovCloud and restricted to the U.S.
Secure data encryption in transit and at rest.
Zero knowledge and zero trust security, in conjunction with granular permissions, allows organizations to ensure that only approved personnel can access sensitive data.
Robust compliance reporting features provide a traceable, electronic audit trail of all actions performed and data entered.
Sequestered Customer Success team comprised of U.S. Persons specifically trained in safe handling of Export Controlled and ITAR-governed data.
No non-U.S. based support on public sector environments.
The Keeper FedRAMP environment has been audited by an independent third-party assessment organization (3PAO) to validate that proper controls are in place to support customer export compliance programs.
For more information about ITAR, please visit https://www.pmddtc.state.gov/.
Last updated