If you look at Thycotic, it is a great product that has pretty much all the same features as CyberArk — which will be replacing it. There is not much difference between the two. We will be switching away from using Thycotic, however, before the end of the year.  

The catalyst for the change was a formal comparison of the two products that we did using each to evaluate how we would use it in solving actual use case issues. In the presentation of the scoring over specific categories, CyberArk had slightly better professional service marks and the same price. Besides that, the two products were neck-and-neck and almost identical in the scoring. CyberArk just came out just a little bit better than Thycotic in the details, and not by much at all. Be that as it may, the formal comparison is the reason for the change.  

In terms of what could be improved, the whole thing with distributed engines, et cetera, is a little bit tricky. Additionally, many clients wanted a more cloud version. I know there is a cloud version of Thycotic Secret Server, but a whole unified platform would be good, not like where you have to set up a connector with the distributed engine and then have the Thycotic Secret Server connect with all these. Making a simpler version of connecting different sites and synchronization of the groups that you already have. Then the secrets and folder templates would follow the current infrastructure pattern that the client has so you don't have to recreate new folders and secrets from scratch. In other words, more interoperability with other systems, for example if a user already has a Microsoft Azure subscription. So, the integration with Microsoft as well would be good.

One thing that I wish they would do is to have a Kubernetes or container-based deployment supported, but they're not quite there yet. Containerization or support for containerization would be fantastic.

The main part of the product that could be improved is the API (Application Programming Interface). The Thycotic API is not very good.  

The setup for this solution is complex. I'm not going to lie, you need a specialized system security engineer to deploy it.

Although the password policy was interesting, the default setting was inadequate. As a result, we had to change it to be 20 characters with symbols. It was an odd process, but it was relatively simple to adjust.

I formerly used only one service: the remote server. For example, I connected to the Active Directory user and the computer's console. But now, I need to do a remote connection to the domain controller. Maybe it only connects to that tool, the Active Directory users, and the computer management console, but not to the domain controller. Another thing Delinea could add is multi-factor authentication.

When working with larger enterprises Thycotic Secret Server becomes a little cumbersome to work with because they do not allow as much flexibility as some of the other competitors, such as CyberArk. Thycotic Secret Server could improve by being more flexible when it comes to customization, and increase the number of API integrations.

In an upcoming release, there should be more AI and machine learning features. Some of the competitors are leaning in this direction.

We always ask for partner enablement, which is more like a soft requirement rather than a product requirement. It would be great if they can provide us deeper knowledge of their products for integration.

I would like to see scheduled reports in a future release.

I think that the main interface should integrate better with non-standard applications and clients, to connect with other systems. This would help to create a safe connection with non-standard systems.

I would like the capability to assign rights directly to the target system. This is a different topic because, at this point, it only handles credentials. However, the goal is to be able to create the account and assign the correct access rights on an application or a system.

The initial setup and deployment can be cumbersome. It's not an easy process. 

Support could be better. I have heard about a lot of problems in the Bangladesh market. People are saying that there are support issues. So, Delinea should focus on support and services.

Some of the features need improvement.

Improvements are needed in session management, behavioral analytics, and the reporting segment.

They could improve the container platform and SPO. The cloud database technologies should be improved. The web browser isolation recording could be improved. When you do anything from the web portal, it cannot record properly. You can only record via remote desktop or secure share. But when the admin performs by web access we cannot record the session.

The UI needs improvement because the interface is a little clumsy.

The discovery of accounts could be improved. It is also very expensive, and its price should be lower.

I'd prefer a better commercial model that includes partners and options for consulting around it. Where I've worked with my customers, we've only been able to use their professional services, and that has been a risk and constraint.