Secret Server (originally from Thycotic, now from Delinea since the 2021 Thycotic merger with Centrify) is an enterprise password management application, which is available with either a cloud-based or on-premise deployment which emphasizes fast deployment, scalability, and simplicity.
N/A
SecureLink Enterprise Access
Score 9.4 out of 10
N/A
SecureLink is a platform for remote support in regulated industries. Enterprise software vendors use SecureLink to deliver remote support and services. Hospitals, banks, casinos and other regulated entities use SecureLink to authenticate, control and audit remote access for their vendors, business associates and other 3rd parties.
I would recommend Delinea to any organization or colleague, as I have used it to support our shared services model, as well as a dedicated model for people support to customers, for privileged access management. Delinea has provided us with effective methods for handling unnecessary login attempts to the customer infrastructure. Additionally, the connection thread is available in the audit trail for review, which is a valuable feature to have.
It does exactly what it needs to. The only times I've had serious issues with rolling out to a vendor is when they have a "contractual agreement" to only use their solution. Almost every vendor that I've worked with and shown this product to has been skeptical for the first 5 minutes and fully converted to liking the ease of use of the product by 10 minutes
Password Management: Its entire purpose, really. Secret Server stores passwords in an incredibly easy to use way. They can be organized in groups, they contain all the information about the site or system the password is used for (including URLs for websites), and even a notes field. You can set up specific policies for expirations and complexity, and Secret Server can even generate strong passwords for you. Using a password is simple, too, since you can just click a button to add it to your clipboard; you don't even have to unmask the password.
Security: The passwords are stored encrypted in a SQL database, and the application requires an authenticated login. This could be local, but we tie it into Active Directory. Each folder of passwords has groups assigned (in our case, again, AD, but you can make them local groups) with different permission levels, so we can compartmentalize passwords. Desktop technicians don't have access to network switch passwords, etc.
Easy Setup: It took me about an hour to get the server running, from spinning up the VM to importing our old password list. It took a little longer to organize the passwords into proper folders, and then assigning groups, but it was easy to do.
Personal Passwords: Each user also gets a personal folder, where they can keep their own, unshared passwords. This is nice for sites or systems with individualized logins (e.g., a firewall, VPN, etc.)
Favorites: Secret Server lets you tag passwords as "favorites" so you can easily find ones you use constantly. The search feature is nice, but this is nicer.
Java based. Always an issue. I know they are working on this and it will be Javaless if we need it. I know that Java can cause issues across the board and I understand the need of it, but it does not make it any better when there are Java issues.
Stronger integration with the Active Directory. Currently its only read-only, which is good and bad.
I would love to see an App. I know they are working on this as well.
My rating is purely based on the configurational activities, as feature-wise delineation has all the features that are very beneficial for customers, though the implementation is a bit more manual work, which can be reduced with a low-code platform. Along with that, we can have a better UI to have intuitiveness and can manage the platform for shared customers in a better way. Overall, it is a very good tool for PAM.
The employees at Securelink have always been responsive and seem to be invested in the success of my company. They truly understand what their product means to us so if there is a problem, they are always willing to help. In the rare event that something is found on their end, they will be proactive and reach out to someone to help and get something on calendar for a fix
There were not very many solutions that provided the entire package of taking an account from creation and deactivating it when no longer needed, as well as providing the discovery of unknown service accounts. Other solutions like RoboForm and LastPass did not offer the ability to manage your service accounts and added layers of complication to ensure security.
Securelink seems to work better than LogMein for a large enterprise group. Our company has over 10,000 different connections and securelink manages them well.
I've found that Securelink allows me to get a vendor access to an application for support purposes much faster than a provisioned VPN account and the red tape around this. I can set up a vendor to access an application suite in a half hour and it will be more secure than regular provisioning.
The ROI is yet to be seen on this, but it certainly makes Compliance, Internal Audit, and Legal very happy, which helps everybody.
Internally, there is much more push back and it has been problematic. For a tech, to have to log in to a server and navigate to a system is considered cumbersome, when before all they had to do was open up Putty or RDP to a server to get in. The only way to combat this is to force them to use Securelink by removing rights. Near impossible for the domain admins.
