Educause Security Discussion mailing list archives
Re: Password Management
From: Austin Bollinger <austinbollinger () GRCC EDU>
Date: Mon, 25 Feb 2019 12:28:16 -0500
Just curious what reasonable cost is? 25 users with Secret Server we were quoted around $3,000 (sweet)! To exceed 25 users up to 26, you are looking at $9,000 - price hike. Hmm.. how about 100 users? Expect to be around $40,000 to start using Thycotic Secret Server. Thankfully that price is not yearly but Secret Server is a costly investment starting out. While not unbearable, before such a pricey purchase when realistically the majority of their "bells and whistles" are likely to be overlooked in a realistic application.. I see other PAM solutions plenty more affordable. LastPass and Passwordstate come to mind. Nothing against Secret Server but when you are quoted for 25 users with hopes of growing on a platform, that 1 extra user price increase x3 seems very corporate/capitalistic. I know businesses have to make money but what an absurd uptick(.) When I mentioned sticking closer to the 25 user pricing, things turned to "Well, we know that professional edition has XYZ features and LastPass had a breach a little while back." Not my cup o' tea. Buying a PAM should not be like walking into a car dealership. The desperate upselling should be a red flag to anyone. Unless you plan to SSH proxy every connection so you can monitor every command typed through SSH - not much of a reason to purchase the priciest PAM I can think of. Regards, Austin Bollinger IT Security Analyst IT at Grand Rapids Community College austinbollinger () grcc edu | https://grcc.edu/informationtechnology/informationsecurity
Frank Barton <bartonf () HUSSON EDU> 2/25/2019 12:10 PM >>>
We are using Thycotic's Secret Server. (at the professional level) I do agree that it will get very expensive as you add the extra features, but at the Professional level, for on-prem, I found the cost to be very reasonable. Some of the features that we like have been that we have it on-prem, and the ability for it to automatically change passwords. We don't use Duo with it (yet), but we have started enforcing Google Authenticator MFA on IT accounts. Frank On Mon, Feb 25, 2019 at 12:05 PM William D Sanders <wdsanders () widener edu> wrote: Is anyone using KeePass? I’ve used it before in a non-education environment, and it worked well for us. I’d love to hear about anyone’s experience with it. Thanks, Dan From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>On Behalf Of Greg Williams Sent: Monday, February 25, 2019 10:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password Management Looks like this topic hasn’t been discussed in a while (~2 years). We *have* had around 100 users in LastPass Enterprise for our IT department for the past 4 years. This is the 4th year in a row that the price has increased 100% year over year. It was $8/year/user 4 years ago. So over 4 years $8*2*2*2 = ~62/year/user today. What is everyone else using these days? Are you using DUO with it as well? Thanks! Greg Williams, ME Director of Operations Office of Information Technology Lecturer Department of Computer Science University of Colorado Colorado Springs 1420 Austin Bluffs Parkway, (EPC 136A) Colorado Springs, CO 80918 Phone: (719) 255-3292 Connect: Skype | WebEx ( https://uccs.webex.com/meet/gregwilliams) www.uccs.edu -- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University This email has been received from a sender outside of the GRCC network. Use caution before clicking links/attachments
Current thread:
- Password Management Greg Williams (Feb 25)
- Re: Password Management Austin Bollinger (Feb 25)
- Re: Password Management Chad Tracy (Feb 25)
- Re: Password Management Douglas R. Lomsdalen (Feb 25)
- Re: Password Management Ken Connelly (Feb 25)
- Re: [External] Re: [SECURITY] Password Management Gregg, Christopher S. (Feb 25)
- Re: Password Management William D Sanders (Feb 25)
- Re: Password Management Frank Barton (Feb 25)
- Re: Password Management Austin Bollinger (Feb 25)
- Re: Password Management Kevin Crider (Feb 27)
- Re: Password Management Barton, Robert W. (Feb 27)
- Re: Password Management Maud, Phil (Feb 27)
- Re: Password Management Kevin Crider (Feb 27)
- Re: Password Management Maud, Phil (Feb 27)
- Re: Password Management Barton, Robert W. (Feb 27)
- Re: Password Management Gunnells, David H (Feb 27)
- Re: Password Management Kevin Crider (Feb 27)
- Re: Password Management Frank Barton (Feb 25)
- Re: Password Management Austin Bollinger (Feb 25)