TMCnews Featured Article

May 12, 2011

Security is Crucial for Enterprise Password Management

By David Sims, TMCnet Contributing Editor

Your company’s passwords are surely among your most valuable possessions. That’s what makes Enterprise Password Management such an important part of your company’s overall IT approach.

As TMC’s Jamie Epstein wrote recently, “problems with maintaining enterprise password management clearly exist in multiple organizations worldwide. Some of these problems are the ability to change service account passwords, being aware of who has access to view what passwords and what to do when employees abruptly quit and take passwords with them.”

A company named Thycotic offers password management software named Secret Server that allows users to “control access to all critical passwords in one central web-based repository.”

As company officials explain, “our password management software offers each member of your team the ability to securely store, distribute, and audit secrets such as router passwords and service accounts.”

A major benefit of this particular enterprise password management offering includes the fact that the software has the ability to support multiple users, thus allowing customers to manage multiple users in different groups. This works great for large scale enterprise password management and each user needs to only remember one username and password.

The ability to change passwords remotely lets you automatically add AD accounts into Secret Server. According to Thycotic’s website, “Active Directory integration provides synchronization and authentication for Active Directory users.” Remote password changing is fully supported on Windows, Active Directory, Microsoft (News - Alert) SQL Server and Unix accounts.

Role-based security gives you the flexibility to add third parties -- such as consultants --to your system, and to set what company officials say are “strict, granular permission levels for each user.” And for security, your confidential information is stored using AES 256 encryption, the strongest encryption available for password protection, and the government standard.

In addition, the Secret Server product lets you monitor the views of all your secrets. The user audit reports allow you to easily assess vulnerability when someone has left the company, among other functionality.

David Sims is a contributing editor for TMCnet. To read more of David’s articles, please visit his columnist page. He also blogs for TMCnet here.

Edited by Jamie Epstein