Spec me a corporate password storage system

[NeoVo]

My organisation is under-going a system overhaul.
Our current method (intranet with user permissions) will soon be made redundant, as such we are looking for an alternative solution. Requirements as follows:

1. Must be secure (access within domain environment only?)
2. Must be standalone from the intranet
3. Must be able to backup the database
4. Must be a known product (support availability would be a bonus)

I've heard of and experimented with keepass as a home user, but never at corporate level, can anybody suggest products?

Any responses greatly appreciated.

 

[covenantuk]

We're using Imprivata, though it might be a little pricey depending on your infrastructure.

 

[anything I don't mind]

I use keepass at work. I put the keyfile on a protected network store and the password file as well.

This has the benefit of being restricted by use of domain auth on the network store as well when you open it, it requires the key file and a password.

But i replaced a spreadsheet full with passwords. So in that sense it was an improvement.

It is only a 100 user site and i think its adequate.

 

[nickcardwell]

https://lastpass.com/enterprise_overview.php

enterprise version of lastpass

$24 per user.

I use the personal one, and also configured access with a yubikey.

No yubikey no access to lastpass

 

[Ev0]

Cybe-Ark is used by a few big companies I know of http://www.cyber-ark.com/

 

[n30_mkii]

I'm going to keep my eye on this thread as it's something I want to implement where I work now as password management is dire.

A solution that can control the automatic change and validation of passwords would be very beneficial.

I guess I would want the following;

• 2 factor authentication to access the repository
• Auditing of activity
• Provisioning of new passwords and resetting of existing passwords
• Password complexity and length enforcement
• Ability to seperate out passwords by individual customers
• Potentially something that could be offered up as a service for customers. SaaS

to name a few

cyber-ark looks pretty interesting, I think I might have to do some evaluation of the various offerings. If anyone else has any experience with these products genuine feedback would be grateful.

My last place used http://www.manageengine.com/products/passwordmanagerpro/

but it was a little clunky and didn't feel like an enterprise level product by any means. However it did work and offered a pretty good feature set

 

[DRZ]

Thycotic Secret Server addresses a lot of those points, although I'm not sure of the SaaS aspect of it.

 

[NeoVo]

Thanks for the suggestions everyone. Last Pass appears to fit the bill perfectly, will update the thread with my findings.

 

[n30_mkii]

Apologies for the thread revival. I'm just wondering if anyone had any further experience to add here at all of what products they are using or outcomes of implementation since the thread was created?

 

[NeoVo]

We opted for Password Vault Manager ourselves in the end, stored the database on a secure internal server and pointed the client install to it.

We trialed it for the 30 day duration and it appeared to tick all the boxes that we expected.

Downsides are that a client side installation is required unless you install it centrally on a server), and I suppose also the fact that its not web based like a lot of alternative solutions however the security of these solutions are debatable.