Re: Password Management Tool

[Adam Carlson <ajcarlson () BERKELEY EDU>]

Chris,
        Here are some of the solutions we have been evaluating.  I believe there has been a previous discussion on this 
list already as I got some of these from other Educause members so it may be worth searching the archives (the notes 
relating to EDUCAUSE members are from the previous discussion):

    * Cyber-Ark http://www.cyber-ark.com/
          o Selected Number One By Network World 
http://www.networkworld.com/reviews/2008/042808-access-control-test.html?page=1 
    * E-DMZ http://www.e-dmzsecurity.com/tpam-ppm.html
    * Quest http://www.quest.com/
    * Symark/BeyondTrust http://www.beyondtrust.com/
    * Thycotic Secret Server http://www.thycotic.com/products_secretserver_overview.html (Russell Fulton EDUCAUSE 
Security)
    * Password Engine Password Manager Pro http://www.manageengine.com/products/passwordmanagerpro/ (Jon Hanny, CISSP 
The George Washington University, EDUCAUSE Security) 

Based on my research, Cyber-Ark looks like a "Gold Standard" type product but has a price tag to match.  I went to a 
vendor demo of this product and had the opportunity to talk to some current customers with large installations.  They 
mostly seemed to like it minus a few quirks and it sounded like the vendor was rolling out some improvements that they 
had been requesting, which is a good sign from a customer support perspective.  

The range in price on these products is huge so getting a better understanding of your specific functionality is 
important.  If you're looking for a web-based or centralized keepassx system, you can pay much less than Cyber-Ark.  
Some things that Cyber-Ark will give you that the cheaper options may not is the ability to detect password changes and 
actually re-sync passwords for you, allow users to RDP to a server through cyber-ark without ever actually knowing the 
password, provision more granular permissions with extensive auditing and federation, etc.  We have not actually 
deployed Cyber-Ark so please don't take this as a full fledged recommendation, but it will probably be the product that 
we go with as soon as I validate that we will actually use all of the additional functionality and have the time to put 
it in place.  

-Adam

Chris Vakhordjian wrote:
> Hello Everyone,
>
> I recall a previous post regarding what universities/corporations are using for managing passwords, passwords to 
> privileged or service accounts. Not necessarily, tools for end-user support, such as password resets.
> Some suggested Password Manager Pro as a good tool.  Just curious what others might be using or would recommend.
>
> Thank you,
> Chris

-- 
Adam Carlson
Chief Security Officer
Information Technology
Residential and Student Service Programs
Tel: 510-643-0631
Email: ajcarlson () berkeley edu

"Most of the things worth doing in the world had been declared impossible before they were done." ~Louis D. Brandeis