Customer Stories / Software & Internet / Global
Securing Password Management Using AWS Nitro Enclaves with Dashlane
Learn how Dashlane built innovative security features for its password manager using AWS Nitro Enclaves.
Simplified
customer log-ins without compromising security
2.6x increase
in customer adoption of SSO integration
50x reduction
in time needed for integration
Overview
Dashlane, a password manager for organizations and individuals, knows that high security is synonymous with high trust among customers. However, Dashlane must also be simple to deploy and user-friendly to keep customers loyal.
In that vein, Dashlane set out to simplify logging in for organizations. It wanted to streamline the setup process and reduce the time for IT administrators to deploy its single sign-on (SSO) feature.
Dashlane’s legacy SSO capability required customers to install a self-hosted encryption service with their cloud provider and maintain it themselves. That effort prevented some customers from using the feature, so Dashlane wanted to remove the friction.
The company developed a solution called Confidential SSO to manage SSO keys on behalf of its customers while maintaining high security standards. It began hosting the keys on Amazon Web Services (AWS), providing a streamlined and secure solution. Just 2 months later, more than twice as many customers had adopted the feature, and they could do so in half the time compared with before.
Opportunity | Replacing Self-Hosting Keys and Reducing Operational Overhead
A cornerstone of Dashlane’s security is zero-knowledge architecture, which means that the only entity that can access a customer’s data is the customer. Over 15 million individuals and 20,000 organizations worldwide use Dashlane’s browser extension or iOS and Android mobile applications to securely store passwords, payment means, and identity information and to autofill forms and log-ins online. Customers value that Dashlane is simple to onboard and use daily.
Although Dashlane’s original SSO integration checked the secure box, it did not check the convenient box. Organizations could connect their SSO identity provider to Dashlane only if they could host their own SSO keys. However, many of Dashlane’s customers were too small to have their own infrastructure and IT teams. Those that did still needed a lot of support from Dashlane to install the feature.
Since it was founded in 2009, Dashlane has exclusively used AWS as a cloud provider, using services such as Amazon Elastic Compute Cloud (Amazon EC2), which offers secure and resizable compute capacity for virtually any workload. AWS shares Dashlane’s commitment to security and has virtually zero access to customer data. When AWS launched AWS Nitro Enclaves, which organizations can use to create isolated compute environments to further protect and securely process highly sensitive data within Amazon EC2 instances, Dashlane knew it would be a good fit. By hosting the SSO keys in AWS Nitro Enclaves, Dashlane wouldn’t have access to customer data and customers wouldn’t need to self-host.
Many of our customers faced barriers to self-managing infrastructure. Using AWS Nitro Enclaves, we made our feature more accessible to more customers.”
Cyril Leclerc
Chief Information Security Officer, Dashlane
Solution | Using AWS Nitro Enclaves to Develop an SSO Solution
Dashlane wanted the SSO integration to offer IT administrators a secure and more convenient customer experience. The company invested in research and development to identify the best technical solution before its engineers began building the backend. Besides re-architecting Dashlane’s SSO solution, the engineers learned to use AWS Nitro Enclaves and the integration with AWS Key Management Service (AWS KMS), which Dashlane uses to create, manage, and control cryptographic keys across its applications and AWS services.
Dashlane initially rolled out the feature to 10 customers for beta testing and then slowly added more in a public beta test in April 2023. The feature launched in May 2023 after 1 year of research and development.
Today, if customers want to integrate their SSO with Dashlane, they can configure it with just a few clicks. “Customers love the simplicity of our Confidential SSO solution,” says Frederic Rivain, chief technology officer at Dashlane. “SSO with the self-hosted encryption service was part of our offering for 3 years, but a limited number of customers used it because it was difficult to adopt.”
Now, deployment is simpler for customers and Dashlane’s sales engineering team. “Previously, our team helped customers set up their SSO,” says Rivain. “There was always a configuration specific to each organization and its identity provider. That required a lot of internal support. Today, customers need way less configuration support, which makes us more scalable.”
Running on a software-as-a-service basis makes the Confidential SSO feature more scalable. Instead of helping each customer deploy the solution, Dashlane deploys the solution once for all its client applications (iOS, Android, and browser extensions) and can simply scale it on AWS.
Dashlane’s Confidential SSO feature on AWS also saves the development team time because it runs on open standards, such as Security Assertion Markup Language, for exchanging authentication and authorization data between an identity provider and a service provider. “Our competition builds solutions specific to identity providers, but our solution is agnostic,” says Cyril Leclerc, chief information security officer at Dashlane. “It’s simple for our user base and for us because we don’t need to build multiple versions.”
Confidential SSO on AWS Nitro Enclaves doesn’t compromise on data protection for simplicity’s sake. “We have built a service that—if exposed servers such as our APIs are compromised—leaks nothing because AWS Nitro Enclaves offers an isolated, hardened, and highly constrained environment,” says Leclerc. “The exposed surface is much smaller, and the encryption keys are better protected.” Even if the servers are compromised, the enclaves and the cryptographic materials they contain won’t be.
Architecture Diagram
Outcome | Gaining a Simpler, More Secure Solution with 2.6x Greater Adoption with AWS Nitro Enclaves
Just 2 months after releasing the new version on AWS Nitro Enclaves, Dashlane has seen 2.6 times as many customers per month adopt Confidential SSO as before. Dashlane’s customers can complete the integration in 50 percent less time than it took before. “Many of our customers faced barriers to self-managing infrastructure,” says Leclerc. “Using AWS Nitro Enclaves, we made our feature more accessible to more customers.”
Dashlane plans to implement AWS Nitro Enclaves in other use cases. Much of the business logic for the self-hosted SSO solution is now hosted on the client side. Using AWS Nitro Enclaves, Dashlane could shift that logic to the server side, increasing its productivity, decreasing costs, and accelerating time to market. For instance, Dashlane could use AWS Nitro Enclaves to securely store the private key of a passkey in the cloud instead of on a local device.
As the engineers become more accustomed to AWS Nitro Enclaves, they can use it to build new solutions faster. “Now, the team that worked on Confidential SSO is knowledgeable about AWS Nitro,” says Rivain. “It’s working on a project that will probably take a few months instead of 1 year.”
About Dashlane
Dashlane is a web and mobile app that simplifies password management for organizations and individuals across virtually all platforms and devices. It lets users securely store passwords, payment means, and identity information and to autofill forms and log-ins online.
AWS Services Used
AWS Nitro Enclaves
AWS Nitro Enclaves enables customers to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare, financial, and intellectual property data within their Amazon EC2 instances.
AWS KMS
AWS Key Management Service (AWS KMS) lets you create, manage, and control cryptographic keys across your applications and AWS services.
Amazon EC2
Amazon Elastic Compute Cloud (Amazon EC2) offers the broadest and deepest compute platform, with over 700 instances and choice of the latest processor, storage, networking, operating system, and purchase model to help you best match the needs of your workload.
More Software & Internet Customer Stories
Get Started
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.