Currently, we live in a world where the use of secure credentials, what we commonly call accounts and passwords, is essential to prevent inappropriate or malicious access to our systems. These systems store a lot of information, both our individual information, as well as clients’ or company projects, with everything this implies internally and externally.
To begin with, it is necessary to clarify that not all accounts are equal. We can, broadly speaking, classify them into several groups:
| Type | Definition | Example emails | Example applications |
| External | These are private accounts, which one creates on their own for personal use and enjoyment or belonging to another organization in which that person participates. They should never be used for projects or activities within the company or professional activities, nor for communications with clients | saturnina@gmail.com
arcadio@university.gal |
Spotify
Gmail Steam |
| Professional | These are company accounts for personal use, which are used for most activities and communications within it. These are accounts that are not shared with anyone and must be used responsibly. | aquilino@mycompany.gal
teodorica@mycompany.gal… |
Teams
Sharepoint Github… |
| Corporate | These are company accounts but, unlike professional ones, are for common use or shared for different reasons (avoiding buying 20 licenses, shared projects, company representation…). They should be used with special responsibility only by the people entrusted with them. Within these accounts we could differentiate between departmental and general ones. | information@mycompany.gal
sales@mycompany.gal… |
Amazon Prime
ChatGPT Supplier portals Company LinkedIn |
| Client accounts | These are accounts, personal or collective, that some clients, in some cases, provide us to be able to enter their systems when collaborating with them. Some may be shared by nature, others for internal operational reasons and others must be kept private. There is no need to explain the importance of safeguarding them appropriately. | urraca@client1.gal
honorato@client2.gal mycompany@client1.gal… |
VPNs
Client Sharepoints Client corporate applications |
On many occasions, within an organization, this distinction can be vague. Sometimes personal accounts are used for applications where professional activities are developed, professional and corporate accounts are used indistinctly to register for services, and duplications can occur. This causes that, sometimes, resources that should be shared cannot be accessed (for example, if someone goes on vacation and their account needs to be used to enter some service or use credentials that only that person who is not there knows), it becomes more difficult to handle incidents or, even, confidentiality of data may be compromised.
On the other hand, we all know how difficult it is to maintain secure keys and even more so when these are shared among several or even all members of an organization. In companies, it is not unusual to see short and generic passwords, which are passed through chats or papers, which are repeated in dozens of sites or which have not been updated for years. To maintain security, our keys must be solid, renewed with certain frequency, stored in secure places, shared through secure channels, keep control over who has access to different resources, and try not to repeat them between different sites.
To try to address much of these challenges, there are the so-called centralized credential managers. These managers allow secure and encrypted storage of credentials, share passwords only among people who should have access, and renew them without causing turbulence in the normal operation of the company.
In this way, centralized credential managers constitute a key piece in an organization’s security strategy, also contributing to the improvement of operational efficiency, simplifying permission administration, and ensuring compliance with regulations in terms of data protection.
If you need support from an expert person, remember that you can request free advice from the Economic Office of Galicia.
