Educause Security Discussion mailing list archives
Secrets management and PAM
From: Sam Horowitz <samh () UCSB EDU>
Date: Tue, 10 Sep 2019 09:33:23 -0700
We currently have multiple instances of Thycotic Secret Server in use across our campus. We're looking at possibly consolidating some of those and extending service to disparate departments that have no shared password management solution in place. I'm looking for examples of operating processes and service level objectives for any secrets management or PAM solutions. Specifically, I'm interested in procedures that include "break-glass" access in the event of a disaster where the owners of secrets are not available and methods for access in the event of a network outage. How do you determine who administers the service? Are the secrets managed from a central place, or do you distribute access to different groups? If you have a generic schema for how passwords and other secrets are organized and access is distributed, that will also be helpful. Feel free to respond off-list if you consider anything sensitive. Thanks! Sam ------------------------------------------- Sam Horowitz, CISSP, CISM Chief Information Security Officer Office: (805) 893-5005 Email: samh () ucsb edu [image: UC Santa Barbara] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Secrets management and PAM Sam Horowitz (Sep 10)