Caretower Ltd.

Thycotic Secret Server Cloud Privilege Access Management

Thycotic Secret Server Cloud is an online password manager hosted in Azure, a highly secure and available platform. Secret Server has layers of built-in security with easy access management for IT admins, robust segregation of role based duties, AES 256 bit encryption, out of the box reports to demonstrate compliance.

Features

  • Discover unknown or unmanaged privileged accounts.
  • Lock down and protect sensitive accounts.
  • Integrate with Active Directory.
  • Report to demonstrate compliance with policies and mandates
  • Automate Privileged account rotation policy
  • Monitor credentials for tampering evidence outside of Secret Server
  • Authorise and control Password usage with 2-Factor Authenication

Benefits

  • Understand the unknown unknowns. What you don't know CAN hurt
  • Enforce least privilege and reduce your attack surface, avoid ransomware
  • Simple to set-up using existing system credentials and information.
  • Simple, effective means to prove compliance and share audit information
  • Save operational and manual processes to improve efficiencies.
  • Ability to report on all password changes and provide forensics
  • Utilise existing multifactor authentication to grant access, simple & secure

Pricing

£4416 per server

Service documents

G-Cloud 10

534087933115391

Caretower Ltd.

Davide Poli

02083729246

pro5@caretower.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements
  • Microsoft Server 2008 R2 or newer
  • Windows 7 or newer
  • .NET Framework: 4.5.1, 4.5.2, or 4.6
  • RAM: 4GB or higher
  • Processor: Dual Core 2GHz or higher
  • Disk Space: 150MB

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Any requests for technical support received by email will receive a response within 24 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is included within the subscription fee. This is email or phone support accessible during UK Office hours. 24x7 call packs can be purchased for an additional fee.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide an extensive E-Learning library for clients' Administrators, E-Learning for end users, a Support Portal with all documentation, Knowledge Base Articles, and Forums. We also offer in-person training as a Professional Service if needed.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Clients would instigate Unlimited Admin Mode (4-Eyed approach) and export as a CSV file
End-of-contract process Client would export relevant details and web instance will become inactive.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Desktop is preferred and more feature rich.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing N/A
API Yes
What users can and can't do using the API Thycotic Secret Server Cloud is an online password manager hosted in Azur. Secret Server has multiple layers of built-in security with easy access management for IT admins, robust segregation of role based duties, military-grade AES 256 bit encryption, and out of the box reports to demonstrate compliance with minimal effort.

When it comes to Secret Server Cloud, Thycotic manages hardware updates and daily backups, freeing your IT admins to focus on managing privileged accounts. Let us worry about the hardware and give your team the right level of access from any of your office locations.

With Thycotic, you’re not just purchasing an online privileged account and password management solution, you’re entering a partnership with a company that’s passionate about your security. We are there every step of the way, from installation to feedback.
Icon - reach compliance with cloud password security. Meet Compliance Requirements
If your organization must satisfy compliance or regulation requirements for your privileged accounts, Secret Server Cloud helps you accomplish this quickly and within budget. Automate your requirements for password changing, management, and control and easily check the box when it comes time for an audit.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Your logo can be uploaded, and colour scheme can be ammended to match corporate colours. Views, dashboards and position of reports can be annonted as per client preference too.

Scaling

Scaling
Independence of resources Secret Server supports high availability (active-active-plus) web server (front-end) clustering. There is no physical limit to the number of active web servers that can run simultaneously.

Analytics

Analytics
Service usage metrics Yes
Metrics types Realtime metrics can be viewed at status.thycotic.com
Available stats are DNS Time, Connection Time, First/Last Byte Time
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Reseller (no extras)
Organisation whose services are being resold Thycotic

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach All secrets within Secret Server are stored within as AES 256 bit encrypted database.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data export function on a following basis - Per Item, Per Vault, Per Selection. Password data must be available for export by specific users. This may also be used to export data for a user leaving the service
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks N/A
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network AES 256 Encryption

Availability and resilience

Availability and resilience
Guaranteed availability Availability means that your data is accessible through Secret Server Cloud to authorized personnel when needed. Secret Server Cloud leverages the Azure platform for its High Availability: All services for Secret Server Cloud within Azure are auto-scaling so that during heavy usage, computing resources are automatically increased to ensure uninterrupted service even during the most heavily used times. Customer databases are continuously backed up with a differential backup every hour and a transaction log every 5 minutes. All data on the Azure platform is geo-redundant in the event of an outage or interruption to facilitate immediate disaster failover and recovery. In addition, Secret Server Cloud is protected by a Web Application Firewall (WAF) as an extra layer of protection against malicious scripts and potential Distributed Denial of Service (DDoS) attacks. Secret Server Cloud also takes advantage of Azure’s built in redundancy which generates three copies of each customer’s database that are maintained across fault tolerant nodes to ensure continuous availability
Approach to resilience Availability means that your data is accessible through Secret Server Cloud to authorized personnel when needed. Secret Server Cloud leverages the Azure platform for its High Availability: All services for Secret Server Cloud within Azure are auto-scaling so that during heavy usage, computing resources are automatically increased to ensure uninterrupted service even during the most heavily used times. Customer databases are continuously backed up with a differential backup every hour and a transaction log every 5 minutes. All data on the Azure platform is geo-redundant in the event of an outage or interruption to facilitate immediate disaster failover and recovery. In addition, Secret Server Cloud is protected by a Web Application Firewall (WAF) as an extra layer of protection against malicious scripts and potential Distributed Denial of Service (DDoS) attacks. Secret Server Cloud also takes advantage of Azure’s built in redundancy which generates three copies of each customer’s database that are maintained across fault tolerant nodes to ensure continuous availability
Outage reporting "Alert to clienrs along with public dashboard status.thycotic.com "

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Secret Server permissions can be configured to prevent administrators access to privileged account information.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISO
ISO/IEC 27001 accreditation date Covered by Azure In Germany
What the ISO/IEC 27001 doesn’t cover Covered by Azure in Germany
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date Azure and Intune awarded CSA STAR Attestation
CSA STAR certification level Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover Azure and Intune were awarded Cloud Security Alliance STAR Attestation based on an independent audit.
PCI certification No
Other security certifications Yes
Any other security certifications Any applicable to Azure

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards Other
Other security governance standards SAS AICPA Controls
Information security policies and processes SOC 1 audit, intended for CPA firms that audit financial statements, evaluates the effectiveness of a CSP’s internal controls that affect the financial reports of a customer using the provider’s cloud services. The Statement on Standards for Attestation Engagements (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) are the standards under which the audit is performed, and is the basis of the SOC 1 report.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We follow an AGILE/SCRUM approach to development methodology with some small variations where needed. We use Visual Studio for development, Microsoft VSO (Git) for Source Code Control, and YouTrack for user story/Scrum management.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We are subscribed to threat newsletters and vulnerability lists for Microsoft, Amazon AWS, SANS, and US-CERT. When these feeds are updated we review them and take necessary action if there are any findings. We also subscribe to direct vulnerability feeds for software vendors we use if they provide them.​
Protective monitoring type Supplier-defined controls
Protective monitoring approach N/A
Incident management type Supplier-defined controls
Incident management approach As per Azure SLA. In line with AICPA

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £4416 per server
Discount for educational organisations No
Free trial available Yes
Description of free trial Password Vault and Limited Discovery/Automation
Link to free trial https://thycotic.com/solutions/free-it-tools/

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑