‘No matter how much we innovate, passwords are here to stay’

16 Apr 2021

Craig Lurey. Image: Keeper Security

As cybercrime continues to rise, Keeper Security’s Craig Lurey talks about the importance of protecting passwords and zero-knowledge encryption.

Craig Lurey is the CTO and co-founder of Keeper Security, a cybersecurity company that offers password management software. It is headquartered in the US but also has a base in Cork.

Lurey developed the first version of Keeper Security on a long business flight to China in 2009, and now leads the company’s software development and technology infrastructure. Prior to this, Lurey and co-founder Darren Guccione started Callpod, a technology company that created power and Bluetooth products.

‘With the continued proliferation of remote working, cybercriminals are more active than ever’

Describe your role and your responsibilities in driving tech strategy.

I lead the development and roadmap of Keeper’s technology and security infrastructure. It is my responsibility to ensure that Keeper’s password management solutions stay a step ahead of the dangers in today’s hyper-dynamic threat environment.

The aim at Keeper has always been to provide maximum protection for client’s data with minimum hassle. We build fast-adapting, innovative technology that ensures Keeper’s current solution stays agile and able to adapt as user demands change and grow.

Are you spearheading any major product or IT initiatives you can tell us about?

We have recently launched our latest technological innovation with Keeper SSO Connect Cloud. Traditional SSO [single sign-on] solutions are designed with convenience in mind, allowing enterprise employees to access a handful of cloud applications with a single login. This has left large security gaps for protecting the thousands of websites and services that employees use, on top of other confidential information that needs to be protected in an encrypted vault.

Keeper SSO Connect Cloud fills the security gaps in SSO solutions by providing users with an encrypted password vault that offers seamless authentication and all of the advanced capabilities of our platform such as multi-device sync, sharing, file encryption and [two-factor authentication] code protection.

Keeper uses zero-knowledge encryption. Unlike other solutions, this integration does not require the user to type in a master password to access their vault, meaning that the enterprise is in complete control of their encryption keys.

How big is your team?

Our engineering team is more than 70 people made up of application developers, security experts and QA. We are all full-time employees of the company. We don’t outsource our development efforts.

What are your thoughts on digital transformation?

The digital transformation is pivotal to the way businesses are continuing to operate. However, with the continued proliferation of remote working, cybercriminals are more active than ever.

Keeper aims to keep businesses and consumers safe and empower them to take cyber safety into their own hands. Password use is exponentially increasing along with the world’s rapid transformation towards software use and cloud-based approaches.

Our customer experience designers have been invaluable, turning mine and Darren’s vision into reality at every stage of the product development. They will be crucial as we continue to build on and expand Keeper’s offering into other global markets, offering maximum protection in the simplest way for the user.

No matter how much we innovate, passwords are here to stay. We want Keeper to be the archetypal digital vault on the market and to be the first thing that comes into people’s minds when they hear the words ‘password manager’.

What big tech trends do you believe are changing the world and cybersecurity specifically?

The combination of a Covid-19 driven remote working environment, unregistered enterprise devices and a lack of organisational monitoring of employee passwords has led to a dramatic rise in cybercrime.

Our recent research revealed a 27pc decline from 71pc to 44pc in respondents who believed their organisations were effective at mitigating risks, vulnerabilities and attacks, compared to before Covid-19 hit.

As we continue the prolonged period of remote working, we can expect to see the continued proliferation of ransomware and DDOS attacks. The pandemic has exposed mass ill-preparedness across numerous industries, and the onslaught of cyberattacks will continue to hit unprepared businesses hard.

Businesses are increasingly looking for ways to keep their online credentials and – more broadly – their sensitive data secure. The notion of more businesses moving online will see a rise in organisations investing in highly secure identity access management solutions that, critically, are using zero-knowledge encryption and, ideally, offer a cloud-powered security vault that protects the most sensitive data in the event of a breach.

In terms of security, what are your thoughts on how we can better protect data?

The biggest challenge protecting data lies in navigating data control, both for companies and for consumers. Users are often nonchalant about agreeing to data sharing, while organisations do not make a big enough effort to educate themselves and their employees on the best data practices.

There is still a long way to go here, but simple measures can be highly effective. Password management software can add a lot of value and businesses must be educated on the importance of secure passwords to their wider security infrastructure.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.