Keeper Security Zero-Trust and Zero-Knowledge

Additional Info

CompanyKeeper Security
Company size (employees)100 to 499
Headquarters RegionNorth America
Type of solutionCloud/SaaS


While many companies are taking advantage of zero-trust as a wave they want to ride, Keeper Security adopted Zero-Trust and Zero-Knowledge as foundational design and architecture principles from day one.

Every aspect of Keeper’s products and company follows zero-trust and zero-knowledge. This includes Keeper Security’s zero-trust Enterprise Password Manager (EPM), Keeper Secrets Manager (KSM) and Keeper Connection Manager (KCM), as well as its vault and website.

All products in Keeper’s security suite help organizations take a step toward adopting zero trust security. For example, KCM allows a company to implement the least-privilege principle by allowing remote connections only to the specific systems that users need access to. Keeper’s vault can hide credentials and secrets from users, store them securely and provision them dynamically. Capabilities like timed password sharing and RBAC ensure that all users, including interns and contractors, only have access to the systems they need for the time they need.

Keeper’s zero-trust and zero-knowledge EPM provides organizations with total visibility and control over employee password practices, enabling them to successfully defend against the most common attacks. IT administrators can secure, monitor and control passwords and infrastructure secrets across the organization, both remote and on-prem, and set up and enforce role-based access control (RBAC) multi-factor authentication (MFA) and least-privilege access. All activity is logged, can be reported on, and can be fed to leading SIEM systems. Keeper offers full auditability and compliance reporting.

Keeper’s zero-trust and zero-knowledge security architecture is unmatched in safeguarding information and mitigating the risk of a data breach. Keeper is the only FedRAMP Authorized password management solution. Keeper combines device-level, elliptical curve cryptography with multiple layers of encryption (at the vault, folder and record level), multi-factor and biometric authentication, and FIPS-140-2 validated AES 256-bit encryption, plus PBKDF2 to protect organizations of all sizes.

How we are different

- Keeper Connection Manager (KCM) significantly enhances security by enabling organizations to adopt zero-trust remote access to IT infrastructure. This approach is unique because it enables zero-trust security with no need for client or agent software, with features such as least-privilege access, role-based access control (RBAC) and multi-factor authentication (MFA).

- KCM is integrated with Keeper Security Manager (KSM) and the Keeper Vault, so access to remote infrastructure happens in one click and one second, without exposing credentials. KSM provides these credentials dynamically (i.e. SSH keys), so the user does not need to ever see them. Access can be locked by a user or group, and locked to a specific IP address. Additionally, an expiration time frame can be set. All access is logged, and interactions can be recorded. Connections are extremely fast, and the system supports multiple users sharing a session, as well as users managing multiple sessions concurrently.

- KCM provides DevOps and IT teams with effortless access to RDP, SSH, databases and Kubernetes endpoints through a web browser. KCM is an agentless remote desktop gateway that can be installed in any on-premise or cloud environment. The mass migration to distributed work presented IT and DevOps teams with new challenges as they were forced to perform infrastructure monitoring and management remotely. IT and DevOps personnel needed a secure, reliable, and scalable way to remotely connect to their machines that is easy to manage.