Bytes Software Services

Thycotic Secret Server Cloud Privilege Access Management

Thycotic Secret Server Cloud is an online password manager hosted in Azure, a highly secure, available platform. Secret Server has layers of built-in security with easy access management for IT admins, robust segregation of role based duties, AES 256 bit encryption, out of the box reports to demonstrate compliance. bsscloud

Features

  • Discover unknown or unmanaged privileged accounts.
  • Lock down and protect sensitive accounts.
  • Integrate with Active Directory.
  • Report to demonstrate compliance with policies and mandates
  • Automate Privileged account rotation policy
  • Monitor credentials for tampering evidence outside of Secret Server
  • Authorise and control Password usage with 2-Factor Authenication

Benefits

  • Enforce least privilege and reduce your attack surface, avoid ransomware
  • Simple to set-up using existing system credentials and information
  • Simple, effective means to prove compliance and share audit information
  • Save operational and manual processes to improve efficiencies.
  • Ability to report on all password changes and provide forensics
  • Utilise existing multifactor authentication to grant access, simple & secure

Pricing

£0.01 per unit

Service documents

Framework

G-Cloud 11

Service ID

5 9 6 5 5 5 7 1 9 1 7 9 0 6 7

Contact

Bytes Software Services

Chris Swani

+44 (0) 7951 326815

tenders@bytes.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None
System requirements
  • Microsoft Server 2008 R2 or newer
  • Windows 7 or newer
  • .NET Framework: 4.5.1, 4.5.2, or 4.6
  • RAM: 4GB or higher
  • Processor: Dual Core 2GHz or higher
  • Disk Space: 150MB

User support

Email or online ticketing support
Email or online ticketing
Support response times
Any requests for technical support received by email will receive a response within 24 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support is included within the subscription fee. This is email or phone support accessible during UK Office hours. 24x7 call packs can be purchased for an additional fee.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide an extensive E-Learning library for clients' Administrators, E-Learning for end users, a Support Portal with all documentation, Knowledge Base Articles, and Forums. We also offer in-person training as a Professional Service if needed.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Clients would instigate Unlimited Admin Mode (4-Eyed approach) and export as a CSV file
End-of-contract process
Client would export relevant details and web instance will become inactive.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Desktop is preferred and more feature rich.
Service interface
Yes
Description of service interface
The Interface is a WEB Gui
Accessibility standards
None or don’t know
Description of accessibility
The Web Gui is accessed via most common web browsers
Accessibility testing
N/a
API
Yes
What users can and can't do using the API
Thycotic Secret Server Cloud is an online password manager hosted in Azur. Secret Server has multiple layers of built-in security with easy access management for IT admins, robust segregation of role based duties, military-grade AES 256 bit encryption, and out of the box reports to demonstrate compliance with minimal effort. When it comes to Secret Server Cloud, Thycotic manages hardware updates and daily backups, freeing your IT admins to focus on managing privileged accounts. Let us worry about the hardware and give your team the right level of access from any of your office locations. With Thycotic, you’re not just purchasing an online privileged account and password management solution, you’re entering a partnership with a company that’s passionate about your security. We are there every step of the way, from installation to feedback. Icon - reach compliance with cloud password security. Meet Compliance Requirements If your organization must satisfy compliance or regulation requirements for your privileged accounts, Secret Server Cloud helps you accomplish this quickly and within budget. Automate your requirements for password changing, management, and control and easily check the box when it comes time for an audit.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Your logo can be uploaded, and colour scheme can be ammended to match corporate colours. Views, dashboards and position of reports can be annonted as per client preference too.

Scaling

Independence of resources
Secret Server supports high availability (active-active-plus) web server (front-end) clustering. There is no physical limit to the number of active web servers that can run simultaneously.

Analytics

Service usage metrics
Yes
Metrics types
Realtime metrics can be viewed at status.thycotic.com Available stats are DNS Time, Connection Time, First/Last Byte Time
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
Thycotic

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
AES 256 Encryption
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data export function on a following basis - Per Item, Per Vault, Per Selection. Password data must be available for export by specific users. This may also be used to export data for a user leaving the service
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
SSL, SSH
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
AES 256 Encryption

Availability and resilience

Guaranteed availability
Availability means that your data is accessible through Secret Server Cloud to authorized personnel when needed. Secret Server Cloud leverages the Azure platform for its High Availability: All services for Secret Server Cloud within Azure are auto-scaling so that during heavy usage, computing resources are automatically increased to ensure uninterrupted service even during the most heavily used times. Customer databases are continuously backed up with a differential backup every hour and a transaction log every 5 minutes. All data on the Azure platform is geo-redundant in the event of an outage or interruption to facilitate immediate disaster failover and recovery. In addition, Secret Server Cloud is protected by a Web Application Firewall (WAF) as an extra layer of protection against malicious scripts and potential Distributed Denial of Service (DDoS) attacks. Secret Server Cloud also takes advantage of Azure’s built in redundancy which generates three copies of each customer’s database that are maintained across fault tolerant nodes to ensure continuous availability
Approach to resilience
Availability means that your data is accessible through Secret Server Cloud to authorized personnel when needed. Secret Server Cloud leverages the Azure platform for its High Availability: All services for Secret Server Cloud within Azure are auto-scaling so that during heavy usage, computing resources are automatically increased to ensure uninterrupted service even during the most heavily used times. Customer databases are continuously backed up with a differential backup every hour and a transaction log every 5 minutes. All data on the Azure platform is geo-redundant in the event of an outage or interruption to facilitate immediate disaster failover and recovery. In addition, Secret Server Cloud is protected by a Web Application Firewall (WAF) as an extra layer of protection against malicious scripts and potential Distributed Denial of Service (DDoS) attacks. Secret Server Cloud also takes advantage of Azure’s built in redundancy which generates three copies of each customer’s database that are maintained across fault tolerant nodes to ensure continuous availability
Outage reporting
Alert to clients along with public dashboard status.thycotic.com

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Users login in to the service can be authenicated against Active directory or via the local database
Access restrictions in management interfaces and support channels
Secret Server permissions can be configured to prevent administrators access to privileged account information.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ISO
ISO/IEC 27001 accreditation date
Covered by Azure In Germany
What the ISO/IEC 27001 doesn’t cover
Covered by Azure In Germany
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
Azure and Intune awarded CSA STAR Attestation
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
Azure and Intune were awarded Cloud Security Alliance STAR Attestation based on an independent audit.
PCI certification
No
Other security certifications
Yes
Any other security certifications
Any applicable to Azure

Security governance

Named board-level person responsible for service security
No
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
SAS AICPA Controls
Information security policies and processes
SOC 2 audit, intended for CPA firms that audit financial statements, evaluates the effectiveness of a CSP’s internal controls that affect the financial reports of a customer using the provider’s cloud services. The Statement on Standards for Attestation Engagements (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) are the standards under which the audit is performed, and is the basis of the SOC 2 report.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow an AGILE/SCRUM approach to development methodology with some small variations where needed. We use Visual Studio for development, Microsoft VSO (Git) for Source Code Control, and YouTrack for user story/Scrum management.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We are subscribed to threat newsletters and vulnerability lists for Microsoft, Amazon AWS, SANS, and US-CERT. When these feeds are updated we review them and take necessary action if there are any findings. We also subscribe to direct vulnerability feeds for software vendors we use if they provide them.​
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
N/a
Incident management type
Supplier-defined controls
Incident management approach
As per Azure SLA. In line with AICPA

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.01 per unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Password Vault and Limited Discovery/Automation
Link to free trial
https://thycotic.com/solutions/free-it-tools/

Service documents

Return to top ↑