The Doyle Report: Security Spotlight: Password Protection Management for MSPs and Beyond
Password management as-a-service. Better support for self-serving customers. A single pane of glass simplicity.
These are just some of the latest innovations that providers of passport management solutions for MSPs are bringing to fore of late. Take Passportal.
One of the leaders in this space, Passportal announced a rebranding and expansion of its product portfolio in early March 2017. Going forward, the Calgary, Alberta, company’s flagship platform will now be marketed under the “Ocular” brand. Instead of going to market as “MSP Password Management” the company will promote a new message, “Seriously Simple Security.”
After building its reputation as a go-to provider of an internal product for IT service providers to use to help customers store, access and secure client data and credentials, it now is trying to realize its broader ambition of helping MSPs and other IT integrators deliver password protection and management as-a-service. Passportal made progress on this goal last year when it released two self-service password reset tools for customers. Now it is building on that momentum with its latest release, which features “a new, mobile-friendly user interface, a real-time user activity feed, and a new module for documentation management called Ocular +docs,” according to the company. +docs effectively helps service providers build their customers’ products, server-room details, policy procedures and more into a workflow that is easily managed.
More than a simple, privileged access manager, Ocular also boasts extensions and integrations into RMM platforms including ConnectWise. This provides MSPs with a centralized password control panel that plays across all of the Microsoft networks they have under management. In the future, the company plans on helping partners leverage an API that is already built into the platform though is not widely known. This could lead to new integrations and apps that will enhance the Ocular platform even more.
All of these enhancements will help address some real-world problems that have pestered customers and partners for years. Take “co-managed IT” environments. In many workplace settings, service providers share password management responsibility with an internal IT departmental. Often, problems arise when one or more parties makes a change to a password or credential without alerting the others. But Passportal’s technology helps resolve this problem.
“In the IT channel, everyone is struggling for that ‘single pane of glass’ or one consolidated place to look at,” says Passportal founder and CEO Colin Knox. “With Ocular, we are trying to build out a suite of security solutions that provides just that for service providers—one place where they won’t have to jump between screens.”
Colin Knox, CEO, Passportal
Today, Passportal does business in 32 countries and boasts more than 1,000 partners. Up next: new data centers in the UK and in the Australia/New Zealand market. In addition, the company hopes to roll out some ideas that will help partners with one of their toughest problems: branding. With Passportal’s technology today, every user, every day accesses his or her favorite applications and services through a partner’s branded Passportal interface. Passportal hopes to build on this capability going forward.
When asked for his perspective on the market as a whole, Passportal President Dan Wensley offered some insights. Partners, he said, are operating most parts of their businesses very efficiently. This includes how they manage networks, remote support customers and more. But they are still using haphazard means for managing passwords in many instances. This, he adds, is nuts.
“There are MSSPs out there who are still allowing passwords to be tacked on sticky notes or who are allowing unencrypted passwords internally. Though they are providing phenomenal services to their customers elsewhere, there is a significant opportunity for them to improve internally,” Wensley says.
Other Market Players
This sentiment is shared by others that offer password management help to partners. Take ManageEngine, the developer of Password Pro Manager for MSPs.
MSPs “are swamped by the ever-increasing number of privileged passwords,” ManageEngine says. “Without appropriate management tools, this can lead to a haphazard style of password management where the administrative passwords—which grant unlimited access privileges on the IT assets—are stored in plain text in volatile sources like post-its, spreadsheets, printouts and text documents.”
When insecurely shared among technicians, even good passwords are vulnerable to security hacks, the company says. ManageEngine, which supports more than 200 partners including Enterprise Integration and Dimension Data, boast more than 120,000 customers worldwide. This includes three of every five Fortune 500 companies. Its products are used in more than 190 countries and have been translated into 29 languages. At RSA 2017, the company unveiled enhancements to its web-based SSH key and SSL certificate management solution, Key Manager Plus.
“The solution now fully automates acquisition, issue, deployment, reissue, renewal and revoking of SSL certificates through integration with Let’s Encrypt, the renowned open certificate authority,” the Pleasanton, Calif., company says.
FastPassCorp. is another company with a password solution for MSPs. It’s FastPass Managed Service Provider Version is multi-tenant by design. This means substantial savings for MSPs that only have one system to maintain and operate, the company says.
Thanks to rapid growth of the platform in 2016, FastPassCorp.’s board of directors announced in February 2017 that FastPassCorp, “will make significant investments in product development and customer support to achieve a growth to 3-4 times the present revenue for the next 4-5 years.”
If you’re still using Post-It notes and worse, it’s time to overhaul your approach to password management.