Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Privileged Account Management Moves to the Cloud

Written by Jordan True

February 22nd, 2017

How a cloud-first strategy works to secure student data and meet compliance mandates. Guest Column by Mike Summerville, University of San Diego and featured in EdTech Magazine.

Automating Privileged Account Password Security

As Manager of Systems Support and Chief Cloud Evangelist, I lead the IT systems team at the University of San Diego. We’re responsible for four data centers, the network, virtualization, servers, and more—everything that needs a password for access. To manage and secure our IT infrastructure, we recognized years ago, that we needed to automate the process, especially in terms of how our IT staff handles passwords for privileged accounts. With the average cost of a single stolen record in the education field running as high as $300, it’s imperative that we protect our data with the most effective tools available.

Because of the extensive access granted to IT users of privileged accounts—the proverbial keys to the kingdom—we wanted software tools that would help us to secure passwords and at the same time help us be more productive.

In 2009 we went through an extensive evaluation of password protection solutions and settled on Thycotic’s on-premises Secret Server.  One of Thycotic’s key advantages from a business perspective was allowing everyone to log in to the same single point of access for their passwords. With the introduction of Secret Server Cloud, the university is able to take our privileged account password management to the next level.

Migrating to the Cloud Step by Step

Secret Server on premises was easy to use with excellent support, and we implemented an additional instance at another data center for extra security and redundancy. But, we were also concerned about the possibility of a catastrophic event on campus affecting our IT network.  So, we installed a Secret Server instance in a Virtual Private Cloud.  When Thycotic introduced Secret Server Cloud this year it offered an option we immediately appreciated.  Now that our passwords are vaulted and secured in Secret Server Cloud, we no longer need to manage or maintain multiple instances on premise.

While the University of San Diego follows a cloud first strategy for its IT systems, we still vet our cloud providers extensively. We need to be sure that our student’s data is going to be safe in their cloud. Thycotic proved to us without reservation that we could trust the safeguards they’ve put in place and that our passwords would always be available.

The free one month trial of Secret Server Cloud gave us an easy way to test out the solution with our IT systems and with our developers. Both groups were comfortable with how the solution worked and there was no retraining necessary.

Putting privileged account password management in the Cloud helps the university eliminate upfront capital costs while avoiding getting locked into any single solution.  It reduces IT staff time devoted to software maintenance and ensures we always have the latest updates for our solution. In short, it simplifies our professional duties, and makes it easier to securely manage thousands of passwords.

Demonstrating Compliance and Satisfying Auditors

Demonstrating compliance with FERPA certification is a must for the university to protect student’s information and gain the trust of their parents.  Like many universities, USD has internal as well as an external auditor. Every year our IT operations are subject to audits that make sure all our data and processes are secure. Once the auditors know that we’re using Thycotic Secret Server as a password security solution, they demand less proof and detail in satisfying their audit requirements. That saves us considerable time and effort in meeting FERPA, HIPAA and other mandates.

Facilitating the education experience

At the University of San Diego our IT team constantly reminds itself that we are not in the data center business; or even the IT business. We’re in the higher education experience business. And as far as our students, faculty, administrators or staff are concerned, IT should be invisible to the users it serves.  IT should simply be always available and secure.

Thycotic Secret Server Cloud delivers a single point of success for our passwords. Whether our servers are online, onsite, or not. We can always go to one website, hosted by Thycotic, for the Secret Server solution.


Like this post?

Get our top blog posts delivered to your inbox once a month.