Home Register ( It's FREE ) Membership Benefits Member Network Zone User Content Digest Browse Members Invite Colleagues CIOs Online Now

bemutefrogtownSecurity

Nov 18, 2013 (3 years and 8 months ago)

79 views

Home
Register ( It's FREE )
Membership Benefits
Member Network Zone
User Content Digest
Browse Members
Invite Colleagues
CIOs Online Now
FAQs
Sitemap
Mobile Edition
Partnerships
Press Releases
About Us
Career Opportunities
Blogs
All Blogs
Biz Tech
Business Intelligence
Enterprise IT
Management
Project Management
Archive
Forums
All Forums
CIO Conversations
CIOZone Bits & Bytes
Password Management in the Enterprisehttp://www.ciozone.com/index.php/Security/Password-Management-in-the-Enterprise.html
1 of 83/20/2012 3:46 P
M
Effective Collaboratio
n
Employment
Hire & Retention
The IT Frontline
IT Infrastructure Exchange
IT Management
Member Introductions
Mentor Zone Tips
Tech Threads
Groups
All Groups
Business Intelligence
CIOZone Experts
Data Driven
eWaste
Global CIOs
SaaS
SMB Technology Leaders
Women in Technology
White Papers
Box
Riverbed
Tech Zones
BizTech Review
Business Intelligence
Careers
Cloud Computing
Enterprise Software
Government IT
Green IT
IT Services
MidMarket
Mobile & Wireless
Open Source
Outsourcing
Security
Server Technology
SOA
Password Management in the Enterprisehttp://www.ciozone.com/index.php/Security/Password-Management-in-the-Enterprise.html
2 of 83/20/2012 3:46 P
M
Social Networkin
g
Unified Communications
Virtualization
Vendor Zones
Innotas
Slideshows
Video
Password Management in the Enterprisehttp://www.ciozone.com/index.php/Security/Password-Management-in-the-Enterprise.html
3 of 83/20/2012 3:46 P
M
Share This -
UsernamePassword
Remember me
Lost Password?
Register
Member Benefits
Whitepapers
The Business Case for
PPM: How Progressive IT
Organizations Are Using
Hosted Solutions To
Deliver On Time, On
Budget, On Quote and On
Target with Key Business
Initiatives
IT at the Speed of
Business: Why
Spreadsheets No Longer
Cut it for Strategic
Effective Executives
eBook
IT Management in the
Cloud: 4 Key Ways
Password Management in the Enterprise
By Robb Beck

Preface: I am not on the payroll for any vendor. This is not a paid
endorsement/advertisement. I am simply sharing what I have found in my research in
the Enterprise password management space.
Password management is an essential part of every organization’s security program.
Even if you have a well implemented single sign on (SSO) solution, your employees will
still need to remember and use passwords for new external websites.
The demands we put on our employees to remember more and more passwords, and to
make those passwords more and more complex, have become unmanageable.
Consider all the rules we ask our employees to follow:
Passwords must be at least [X number] characters long
Must include special characters, capitals, numbers, etc
Change your passwords every [X number] of days
Use a different password for every system
Do not use a predictable pattern in your passwords
Don’t write your passwords down anywhere
These demands usually lead to one of two results. Either the users will write passwords
down (often in a text or Word document on their computer’s desktop) or they ignore the
rules and reuse passwords between systems.
Some of our more technical and security savvy users will go find a tool like Password
Safe
(or one of the many others like it) which does a wonderful job of giving the users a
safe place to put passwords, but is very clunky in an Enterprise environment.
These types of tools do not accommodate passwords that need to be shared between
Password Management in the Enterprisehttp://www.ciozone.com/index.php/Security/Password-Management-in-the-Enterprise.html
4 of 83/20/2012 3:46 P
M
Web-Based Project
Portfolio Management
Solutions Make IT More
Strategic
On-Demand Webcast
Certainty in an Uncertain
World - How PPM can
help
Featured Blogger From the Trenches: Q&A with Ken
Feyder, Director, Information
Services PMO for Coach
Dave Blumhorst
FEATURED MEMBERS
users, and do not allow integration with Active Directory, or role based permissioning.
And when an employee leaves the organization, those passwords are lost, potentially
leaving the employer in the lurch.
There are several products that attempt to work in this space, but most of them offer
SSO type functionality. While there is certainly a place for that in some organizations, it
requires a very significant amount of back-end configuration by the IT department. And
whenever a new application gets added there needs to be configuration changes to
support it.
What I want is a tool that works like Password Safe, allowing users to create and
manage all their own passwords with little to no interaction from IT, but still allows
centralized management and ease of deployment. After looking through dozens of tools,
I have found that Thycotic software’s Secret Server
meets all of my needs.
The technology really is pretty simple. The system can tie into Active Directory for
authentication and group memberships.
By default, users have their own secure area where they can create as many system
passwords (which this system calls “secrets”) as they want. They can either create
secrets just for their own use or they can assign permissions to other users or groups in
the system.
Secret Server allows users to create auto-launcher links within the secrets. These
launchers will open a web browser, SSH or Remote Desktop connection to a system
with the username and password pre-populated.
More, the system can be configured so that the password is not even visible if there is a
launcher available. I can give you access to sign in with my account without you ever
actually knowing my password.
Secret Server can also be used to automatically change passwords on a predetermined
schedule. So if you don’t want to have to log into that server every 90 days to change
your password, you can tell Secret Server to do it. Then when you need the password
you just log in and get it.
Secret Server is not perfect. It’s got a sizable price tag. The UI leaves something to be
Password Management in the Enterprisehttp://www.ciozone.com/index.php/Security/Password-Management-in-the-Enterprise.html
5 of 83/20/2012 3:46 P
M
Share This -
Member Network Zone
Expert Blog Entries
From the Trenches: Q&A with Ken
Feyder, Director, Information Services
PMO for Coach
by Dave Blumhorst
Five Ways to Empower the Team to
Perform at their Best
by Ty Kiisel
Say Good-bye to Lin-Sanity and
Teamwork?
by Ty Kiisel
Are You a Great Leader?
by Ty Kiisel
Learning From March Madness and the
Final Four
by Ty Kiisel
Expert Blog Comments
desired, and some of the administration configuration can use a little work.
But overall it’s a powerful tool that provides users with a real option for saving their
passwords in a secure location, eliminating the need to memorize dozens of 8+
character complex passwords.
In a world where security is continually becoming more onerous for our users, this tool
can help stem that tide just a little bit.
Cross-posted from Enterprise InfoSec Blog from Robb Reck

Published by InfosecIsland.com
Comment on this article
Only registered users can write comments.
Please login or register.

< Previous

Next >
[ Back ]
Password Management in the Enterprisehttp://www.ciozone.com/index.php/Security/Password-Management-in-the-Enterprise.html
6 of 83/20/2012 3:46 P
M
What Makes a Great Team Member?
This is so true! Our project management team,
and some other people I know fit this
description pe...
The Problem with Nitpicking
Try to think about 2 things before you
comment on someone else's work: 1. Is it my
place to say some...
Does Social Meida Work for Project
Communication?
Luke, Thanks for your comments. I'm talking
about some of the same things in my post for
today. ᾮ..
Do You Have the Right Perspective?
Thanks for this. We often get so bogged down
in details that we forget to look at the bigger
picture...
Does Social Meida Work for Project
Communication?
http://www.ciozone.com
/index.php?option=com_myblog&blogger=Ty
Kiisel&Itemid=626&show=Does-Social-Mei...
News & Noteworthy Archive Past News Items From Reuters
More CIOZone Links Sitemap
CIOZone Update Newsletter Archive
CIOZone Daily Newsletter Archive
CIOZone Partners
FAQs
Polls
Survey Result
Expert Bloggers
White Paper LibraryCIOZone IT News
IT Companies Business News
Internet Finance News
Internet - Web Developer News
Linux Today
CIOZone Survey Results
The Ethical CIO: Avoiding Vendor
Benders
Virtualization and Server Survey
FCoE and SAN switches
SAN switches and FCoE
Netapp Data Domain Acquisition
Password Management in the Enterprisehttp://www.ciozone.com/index.php/Security/Password-Management-in-the-Enterprise.html
7 of 83/20/2012 3:46 P
M
The SaaS Survey
Pulse Check Survey
Privacy Policy
| Terms of Use
| Contact Us
| CIOZone Media Kit
| White Papers
| Invite Colleagues
Copyright © 2007-2012 CIOZones. All Rights Reserved. CIOZone is a property of PSN, Inc.
Password Management in the Enterprisehttp://www.ciozone.com/index.php/Security/Password-Management-in-the-Enterprise.html
8 of 83/20/2012 3:46 P
M