Password Boss Makes Privileged Access Management Play With Acquisition
‘Putting privilege management really starts connecting the dots for making the desktop more secure. That‘s probably the most insecure area in small business… user’s desktops,’ says Dave Bellini, CEO of Password Boss.
Password Boss, a Tampa-based password managed service provider for MSPs, finalized its first acquisition with AutoElevate, which will offer automated privileged access management (PAM) and password manager solutions to end users to drastically reduce the risk for cyberattacks.
Miami-based AutoElevate adopts the notion of “least privilege” for end user workstations, limiting the opportunity for an attacker to compromise an entire network by targeting privileged account passwords. Administrative privileges are only elevated when required to run approved and trusted applications.
Terms of the acquisition were not disclosed.
“We’re building a suite of products, in particular, at the desktop level… password management,” said Dave Bellini, CEO of Password Boss. “We think putting privilege management with that really starts connecting the dots for making the desktop more secure. That’s probably the most insecure area in small business… user’s desktops.
“It’s no longer under roof, it’s no longer behind your firewall, it’s kind of gone,” he added. “With COVID, it’s moved out to people’s houses or to remote offices, and it’s a lot harder to maintain and manage that product. These types of tools [PAM and password management] start creating a lot more protection at that individual worker’s desktop.”
[Related: 2021 IT Channel Sales On Tap To Exceed Last Year’s $93B: NPD Group]
Bellini is also a founder and CFO of ConnectOn, a Tampa-based MSP. He also co-founded ConnectWise in 1982.
“The average MSP has about 60 to 100 customers,” Bellini told CRN. “They have one help desk guy managing 2,000 users. This allows us to lock down that desktop very tight, and then elevate those rights within 60 seconds. We’re building a suite of security products for the MSP. These two products are really meant for that desktop.”
With both companies combined, there will be about 1,000 customers, Bellini told CRN. AutoElevate will bring over about a dozen employees and will continue to operate under its own name.
“The goal is we’re trying to make MSPs more efficient, so they can take care of things instead of creating all these tickets to upgrade QuickBooks. It should be all automated, that’s the culture we live in. We want our technology to work right now, I don’t want to wait three days.” Bellini said. “We have to be fixing things immediately automatic.”
Todd Jones, co-founder of AutoElevate, said the workstation is the easiest way to get in by a malicious actor.
With AutoElevate, privileged access management solutions tighten security while improving end user experience. It streamlines use of privilege by automating privileged access for updates, line-of-business applications and system functions while enhancing security and convenience for technicians using elevated privileges.
Jones said all of the larger ransomware attacks are “hitting MSPs in between the eyes” where they’re reevaluating their own security stacks.
“Managing privileges is a fundamental,” he told CRN. “You’d think it’d be something a managed service provider would be managing, but it’s hard.”
“It’s very hard,” Bellini interjected. “And that’s why 50 percent of the desktops are wide open. Five years ago it was probably 75 percent. I think that’s the ever-evolving need of an MSP. To always keep upping your game each and every day, each and every month, each and every year.”
He added that with more and more exploits happening every day, even at the small business level, MSPs should offer security at the Fortune 500 level.
“All they really need is one workstation, one system to gain access to work and operate from,” Jones said. “And if that workstation has admin privileges, they can very easily work laterally within a network and then compromise and gain a greater level of control very easily.”