Secrets management and PAM

[Sam Horowitz <samh () UCSB EDU>]

We currently have multiple instances of Thycotic Secret Server in use
across our campus. We're looking at possibly consolidating some of those
and extending service to disparate departments that have no shared password
management solution in place. I'm looking for examples of operating
processes and service level objectives for any secrets management or PAM
solutions. Specifically, I'm interested in procedures that include
"break-glass" access in the event of a disaster where the owners of secrets
are not available and methods for access in the event of a network outage.
How do you determine who administers the service? Are the secrets managed
from a central place, or do you distribute access to different groups? If
you have a generic schema for how passwords and other secrets are organized
and access is distributed, that will also be helpful. Feel free to respond
off-list if you consider anything sensitive.
Thanks!
Sam
-------------------------------------------
Sam Horowitz, CISSP, CISM
Chief Information Security Officer
Office: (805) 893-5005
Email: samh () ucsb edu
[image: UC Santa Barbara]

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community