Vault is officially in wide release!
This highly anticipated feature gives your organization added assurance that highly sensitive passwords won’t get into the wrong hands. At your discretion, select individuals will be granted access to Vault by an internal Administrator for IT Glue. Each IT Glue user creates a unique user-specific passphrase to access the Vault, ensuring that if anyone leaves the organization, access to the Vault won’t be compromised.
Vault, or host-proof hosting, means that the IT Glue system never sees passwords in their unencrypted form. All passwords within Vault are encrypted and decrypted locally on the end-user device, and can only be decrypted with the user-specific passphrase.
“I am really excited about the Vault feature. I had the pleasure of using this feature during the limited release, and so far, I really like it. As a security-conscious consultant, Vault adds an additional security layer to my most sensitive passwords stored in IT Glue. IT Glue is the only documentation platform that I have seen which has implemented a proper host-proof hosting feature by properly handling encryption keys and utilizing individual user passphrases as opposed to a shared organizational passphrase which is sent to the server (thereby eliminating any possibility of “trust but verify”). I am really excited that IT Glue is continuously listening to feedback and evaluating how they can make our data even more secure than it already is.”
-Brian Semrau, SMB Information Security Specialist and Digital Forensic Investigator, Infosec Chicago
Numerous security and software experts were consulted and the industry-leading security practices were incorporated in the development of this new feature. What makes Vault distinct is the fact that we’ve enforced user-specific passphrases. If a single passphrase were to be used by all individuals, then this passphrase would have to be updated each time there’s a departure from the organization, and all remaining individuals would have to be informed of the new passphrase.
How it works:
A unique AES key is generated when Vault is enabled by your employee with the Administrator role in IT Glue (“Administrator”), and this AES key is used to decrypt the encrypted passwords stored inside Vault. This unique AES key is only generated on the Administrator’s end-point browser and is never sent to IT Glue systems. Access to this unique AES key is also protected by the user-set passphrase which only the Administrator knows.
An Administrator may choose to grant Vault access to additional IT Glue users, and can do so by giving them a copy of the Vault AES key. Each user granted access gets their own copy of the Vault AES key, and each copy of the AES key is protected by each individual user’s own user-based passphrase.
Vault is a host-proof hosting feature, and it is not intended to protect passwords from other IT Glue users therefore, it’s not designed for you to store your private passwords. It is designed to add an additional security layer to your most sensitive passwords. Vault will be available for the IT Glue mobile app and the IT Glue Chrome Extension as well.
For more information on the security principles of Vault and the decryption/encryption method, we invite you to review the IT Glue Security Whitepaper.
To learn how to set up Vault in IT Glue, please visit the IT Glue Knowledge Base.
IT Glue Security
Over 8,500 MSPs entrust IT Glue as the industry standard for documentation. We truly understand that your client information is the most valuable asset you have. That’s why IT Glue places a focus on making sure the data you store in IT Glue is the most secure with SOC 2 (Type II) Certification, SSO, audit logs, user permissions, MFA, and other security features.
With the addition of Vault, you can benefit from an added level to the ironclad security we already provide to our partners.
To learn more about IT Glue, why not take a look at our demo.
IT Glue is an award-winning documentation platform that allows for efficient storage and retrieval of all the documentation you need to help your MSP run better. By integrating PSA and RMM data, we can help increase your efficiency, and reduce onboarding times by even more. By eliminating wasted time from your business, IT Glue gives you more time to focus on what matters – growing your business.