SAAB Defense and Security USA, LLC – Systems Manager Darin Wimbrough explains why SAAB chose Thycotic’s Secret Server for high-level global password management for thousands of users in different regions of the world.
Darin’s top reasons for choosing Secret Server:
1. Excellent customer support—it’s not outsourced. Sometimes you even get to speak with a coder who worked on the product.
2. Secret Server is the ideal password management system for a global, multi-regional entity with thousands of ESX hosts and local admins.
3. Instant password changing when an employee with root access leaves the company.
4. One portal for managing thousands of passwords.
5. Usability—if you can use a web page you can use Secret Server.
My name's Darin Wimbrough and I'm with SAAB Defense and Security USA LLC, a subsidiary of SAAB. My title is Systems Manager. I'm in control of all back-end systems, storage, virtualization, VDI, almost architect level, designing mostly for North America.
Prior to [implementing] Thycotic Secret Server we had challenges keeping up passwords, globally, in spreadsheets. We're a global organization, we have the mother company, and you’d have to go find the Excel spreadsheet, see who changed it. You would hope that it didn't get changed, and you're trying to deal with thousands of ESX hosts, windows server, and local admins. And you'd find out that it would be in Swedish and you’d have to try and translate it.
Now, we have global Secret Server—each region has its own Secret Server—which makes it very much easier, with fewer phone calls, fewer headaches, just go to the website, log in and find the system that you need access to. The one I find very useful in the ESX world is when we have an employee leave, who had root access, we can change all the passwords instantly. Most of us don't even know the password, we just copy and paste it in. Every 30 days we do a local change to our systems accounts on the server, so we keep our security up to date. No one knows [the passwords]. We like those features a lot.
One of the best things about Secret Server is that it’s just one portal for managing your passwords. You don't need to remember any passwords—you just know that the password’s there and that it's being tracked. We know who's getting access to it. Like Per, our boss, he immediately knows if someone's asked for root access to one of the major systems. We have a perimeter folder, which we keep very tight, so only like two or three people in the whole world have access to this, which has a firewall. We manage it. It's not unknown anymore. New people can come in and we say "Here's your access" and they can work.
We love Thycotic. The staff and the support—it’s always hands on. When you call in you're getting, sometimes, the person who coded the software, to help you with some of the changes. We started to explore the Group admin tool and we were running into road blocks, like, "Well, we really wanted to do this [and Thycotic says] Okay, we'll add that, we'll put that down as the next thing." They listen to you. And at conferences you start to know people when you run into them…or at meet and greets, I would say it's a large company with a small company feel on support.
The usability of Thycotic, if you can use a webpage [you can use the product]. If you remember your user name and password to get into the system or if you have active directory synced up, you just log right in and you can create new passwords. You can even use it for your own personal passwords for your systems. It's pigeon holed into its own area. That's just navigating the web page. It explains everything, all the buttons, you don't have to think too much.
Nowadays you can buy software, but it's support that’s the key. You can call in and get someone, you get a real person and they understand the product. It's not outsourced, that's a big deal to us, and to me.
See how Thycotic fixed AD service account security issues for Duquesne University. Systems Administrator Michael Muto tells how Thycotic’s Secret Server resolved the university’s security compliance audit challenges.
Michael’s top reasons for choosing Secret Server:
1. Demonstrate compliance in audits.
2. Secret Server compared best to competitors for pricing, licensing structure, impact on overhead costs.
3. Easy process of account discovery—we located all accounts that were sharing user names and passwords.
4. Simple active directory integration.
5. Frequent changing of privileged service account credentials throughout the environment.
6. Ongoing introduction of new features.
7. User friendly.
8. Best vendor experience in 16 years.
My name is Michael Muto. I work at Duquesne University as a systems architect specializing in Microsoft Windows products. I do some security, active directory, Office 365, so anything infrastructure-related on the back end. Some of the reasons my company selected Secret Server is because we get audited quite heavily throughout the year and we needed something to show for our high-privileged accounts and how we manage them.
We did our due diligence. We met with several other vendors. We looked at their products, did the research on pricing, licensing, how much overhead it would cost to put into our environment, and by far Secret Server was the best option for us. Prior to Secret Server, one of the challenges was that we had these accounts on servers and they had the same user name and password among all the servers.
What Secret Server was able to do was to discover all these unique user names and passwords, and enable us to change them on a frequent basis to meet auditing requirements and to harden our security posture.
As far as features go, they're quite beneficial for us. It's active directory integrated. We're a big active directory shop, so just having the active directory integration was useful for us. Being able to change our service accounts, which were highly privileged, across the domain and on our servers was crucial. We really needed something to provide to our auditors to assure them we're doing our due diligence across the network. We're securing our environment. Secret Server provided all this. And they keep developing new features for us like Remote Desktop Password Launcher, so you don't even need your password, you just RDP in the machines, and Session Recording and PowerShell Integration. We're continually putting those into our environment as well.
Recently we formed a security department. We never had that at the university. We put together a strategy to get all our Windows and Linux passwords into the vault and be able to change remote passwords throughout the environment. Coming up with a strategy and a project plan and then taking it upstream and showing it to our directors and then basically implementing was the biggest benefit we've endured at the university. I don't know what we would have done without Secret Server because we were doing manual stuff like spreadsheets, which isn't safe, and trying to automate it through scripting, but this user-friendly tool met all of our needs.
I recommend Thycotic to my peers because of the security ... security is such a big platform to support right now and some places don't have security personnel intact, Password security is becoming the biggest [security risk]. With all the breaches out there today, I think Thycotic provides that base foundation and then you can just develop from there. Having a password management solution is key. I've been in the field for 16 years and Thycotic has been the best vendor we've worked with in these 16 years.
Anne Gorman, Access and Identity Management VP at BankUnited describes why she trusts Thycotic Software for privileged access and identity management of BankUnited's service accounts. Before implementing Thycotic's PAM solution, Anne described the company's privileged service accounts as a 'hot mess'. She now anticipates a "long, long relationship" with Thycotic.
Anne's top reasons for choosing Thycotic:
1. Service account discovery - we can now see what is being used and what is not being used in our service accounts.
2. Easy to install
3. Easy to run
4. Very user-friendly software
5. Not much effort for the IT department
6. Good user compliance
7. Excellent customer support - the people at Thycotic are very accommodating.
8. With Thycotic, everything is fast and easy.
Anne Gorman: My name is Anne Gorman. I work for Bank United. I'm the vice president of access and identity management. We didn't know how many service accounts we had, we didn't know where the service accounts were. Nobody even knew the passwords to think about what the service accounts ran. It was a hot mess. I have actually used other solutions at other places. Most of them I didn't like for various reasons. I went looking for something that wasn't them and that's how I got Thycotic. Because it was easily installed, easily run. It was very user friendly.
It doesn't take a lot of effort on the part of the people who do the work. The system administrators. If you make them think real hard about checking stuff out and doing this and doing that. They are not going to do it. The results that we've seen with Thycotic secret server is that we've been able to get our hands around what actually is being used and what is not being used when it comes to service accounts. We've been able to force the people to put the information in Thycotic.
The single biggest reason I would recommend Thycotic to a peer would be the people. They answer your questions and they don't have a problem if you want to take five steps back and start all over again. They are okay with that. That's really good, because really all software has problems, all vendors do things, every software can do pretty much all of it. It's a matter of the people who are going to support you and how fast and easy it is to work with those people. With Thycotic they are just fast and easy. It just works. I think we are going to be having a long relationship.
From Excel spreadsheets to a world-class enterprise-level password management solution.
Per Hammarin, VP and CIO of SAAB Defense and Security USA explains why SAAB chose Thycotic's Secret Server for enterprise password management and how he feels about using the product.
Per Hammarin: We thought [Secret Server] was a simple yet effective solution for our needs...we went from Post-it notes and Excel spreadsheets to a sophisticated solution across the entire organization. Our people are using the product...the audit functionality...the direct email (which shows us when someone is looking at a particular secret - so important when someone looking at stuff he shouldn't be looking at even if he has access to it).
The operating process is very simple...we haven't had any major issues. I feel it's a good choice that we made in 2010...it still proves to be viable and we are very content with the system and how it operates. We're a happy customer!