Homepage emt Distribution newsroom

Thycotic Automates and Extends Privileged Access Security in DevOps Environments

Announcement posted by emt Distribution 16 Sep 2020

Also Releases Privileged Access Management Capabilities for Mobile Business Users

ADELAIDE, Australia, September 16, 2020 - Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organisations, including 25 of the Fortune 100, has revealed improvements to its PAM solution for DevOps, DevOps Secrets Vault, and announced enhanced mobile capabilities for its award-winning PAM solution, Secret Server.

The cloud-based solution adds new out-of-the-box Secret Server integration, SIEM integration, automated authentication through SSH keys and certificate generation, new wizards to streamline command-line use, and a Home Vault, a personal user space for secrets. These enhancements make it easier to integrate DevOps security into a broader PAM ecosystem while improving usability and accelerating time to value.

Extend PAM security

DevOps Secrets Vault’s Secret Server integration allows Secret Server to create secrets in the Vault and sync updates to those secrets. It also allows customers to use DevOps Secrets Vault for fast API access and CI/CD pipeline integration while also benefiting from the additional PAM capabilities of Secret Server, such as credential rotation.

“Ideally, your machines and applications have unique accounts that are separate from the admin accounts that Secret Server governs. However, when you have credentials that require the best of both the PAM and DevOps worlds, the integration of Secret Server and DevOps Secrets Vault provides that seamlessly,” said Jai Dargan, VP of Product Management at Thycotic. 

DevOps Secrets Vault logs can be pushed in near-real time to a SIEM application. These log events can be correlated by the SIEM system so administrators gain deep insight into privileged account usage and get alerts when specific events occur in DevOps Secrets Vault.

With the new Home Vault feature, every DevOps Secrets Vault user gets their own space for secrets that even admins do not have access to by default.

Automate authentication

DevOps Secrets Vault can now issue X.509 and SSH certificates, which enables the automation of certificate signing and distribution. This feature also enables short-lived certificates, making certificate issuance and signing both highly efficient and secure. 

Streamline use of the command-line

To simplify human navigation of the command-line, DevOps Secrets Vault now supports a variety of wizards that guide the user through the process of creating and updating public key infrastructure (PKI), policy, and authentication provider, among others.

DevOps Secrets Vault is a platform-agnostic, cost-effective, rapid set-up vault that is capable of high-speed secrets creation, archival, and retrieval. DevOps Secrets Vault enables AWS roles, Azure Service Principals, or GCP service accounts for bootstrapping and ongoing secure authentication. Dynamic secrets for cloud platforms can be generated to allow tools or applications to do extremely fine-grained tasks and then expire, eliminating the damage any leaked credentials can do. Thycotic is constantly adding to the list of SDKs and DevOps tool plug-ins, such as Jenkins, Kubernetes, Terraform, Chef and Puppet.

Organisations can try DevOps Secrets Vault for free.

Enhanced mobile capabilities

Secret Server customers can now extend comprehensive privileged access management to mobile devices to keep remote teams productive and secure.

More than half of business users use their personal mobile device to access work-related items, according to research from the Ponemon institute. As much of the workforce continues to work from home due to COVID-19, mobile access is essential to maintaining business continuity. Thycotic’s newly released native apps for iPhone and Android allow business users to access privileged credentials and use those credentials to log in to services and applications from their mobile device. Sensitive systems and data stay secure and productivity is never interrupted by bottlenecks.

“Business users aren’t sitting at their desk and don’t always have their laptop in front of them. But they need seamless access to tools and information,” said Dargan. “Now, they can have on-the-go access from their mobile devices without compromising the industrial-grade security of enterprise PAM.”

Users authenticate to a Secret Server instance (on-prem or cloud) via their mobile device using the built-in password management features. When users are logged in with their own account, they can navigate Secret Server’s folder structure to access their secrets. Secret Server mobile apps can be installed and configured in minutes. An intuitive UX, appealing UI, and a simple onboarding process ensures quick adoption, so companies can bolster their security posture and improve their ROI.

Secret Server customers can access mobile applications from the Apple Store and Google Marketplace.

About Thycotic

Thycotic is the leading provider of cloud-ready privilege management solutions. Thycotic's security tools empower over 10,000 organisations, from small businesses to the Fortune 100, to limit privileged account risk, implement least privilege policies, control applications, and demonstrate compliance. Thycotic makes enterprise-level privilege management accessible for everyone by eliminating dependency on overly complex security tools and prioritising productivity, flexibility and control. Headquartered in Washington, DC, Thycotic operates worldwide with offices in the UK and Australia. For more information, please visit www.thycotic.com.