Password Management System Addresses Security Compliance Regulations

Thycotic Software Ltd. today announces the release of Secret Server 3.1, a password management system for information technology professionals. The latest version features Active Directory synchronization and remote password changing capability, assisting companies that need to comply with password policies and security compliance requirements such as the Sarbanes-Oxley Act of 2002.

“Secret Server is no longer just a solid secure repository,” says Jonathan Cogley, CEO, Thycotic Software. “It reaches out to Active Directory, Windows workstations and beyond to enforce regular password changes to meet security compliance requirements.”

Secret Server allows information technology administrators to store, view and retrieve passwords and pin codes such as access to routers and root passwords for Windows servers. Administrators can distribute and when necessary, share team passwords. All information is stored using the government standard for encryption and each secret is subject to a full audit report.

The Active Directory synchronization functionality and remote password changing add-on are designed with larger infrastructures in mind. Secret Server will give IT Managers and team leaders the ability to synchronize users and groups with their Active Directory. According to the SANS Institute, all system-level passwords (e.g., root, NT admin, application administration accounts) should be changed every three months. The remote password changing add-on for Secret Server 3.1 will automatically change remote passwords based on a time set by an administrator.

“This feature is critical because it will automatically change your Microsoft SQL Server, Windows account and Active Directory passwords,” says Kevin Jones, Senior .Net Developer, Thycotic Software Ltd. “These changes will also appear within your Secret Server, making it easier to meet company and Government security guidelines.”

The NIST (National Institution of Standards and Technology) states the primary reasons for poor password management in a working environment are a reactive approach to security and not realizing the financial impact of information security attacks.

“Our goal is to make it easy for IT teams to have a standard method of protecting and using system based passwords,” says Cogley. “Secret Server is a full-service password management system and will continue to improve based on our customers’ needs.”