Re: Password Management

[Jackson Muhirwe <jmuhirwe () UCDAVIS EDU>]

Emily,
How much did a full site LastPass Premium Internet2 license cost you if you don’t mind? I am considering a 
consolidation project.

Jackson Muhirwe
Deputy Chief Information Security Officer
Information Security Office
UC Davis
Phone: (530)752-2726
Information Security Symposium @ UC Davis
Save the Date: June 18 – 19, 2019
For more info: https://infosecsymposium.ucdavis.edu/


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Emily Harris
Sent: Monday, February 25, 2019 10:51 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Management

FWIW we did the full site license for LastPass Premium for everyone with a 
vassar.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvassar.edu&data=02%7C01%7C%7C144cdff4cc674c4e36aa08d69b523c14%7Ca8046f6466c04f009046c8daf92ff62b%7C0%7C0%7C636867174834411359&sdata=jv76uw196suk4kEk57nqqmX6I9uM9Og1yu5SS4DsN14%3D&reserved=0>
 email address and Enterprise for all of our employees through the Internet2 pricing.  We found this very affordable - 
we will see how the renewal goes later this year.

----
Emily Harris, CISSP
Information Security Officer, CIS
Vassar College
845-437-7221


On Mon, Feb 25, 2019 at 1:28 PM Linc Nesheim <nesheijl () whitman edu<mailto:nesheijl () whitman edu>> wrote:
We had an Enterprise version of Thycotic Secret Server when I arrived at my current role -- pricing was not palatable 
for the feature set we were actually using.
We switched to the Vault version which has the functionality we are using and the licensing/maintenance costs that 
won't break the bank.  We're happy with the product.

Linc

On Mon, Feb 25, 2019 at 10:02 AM Blake Ketcham <blake.ketcham () aims edu<mailto:blake.ketcham () aims edu>> wrote:
We also have Secret Server and are happy with it. Thycotic recently began offering discounted "business user" licenses 
that are meant for anyone not needing advanced PAM capabilities. From what I understand, they using this pricing model 
to better compete with password manager vendors like LastPass.

Thanks,

Blake Ketcham
Information Security Analyst
Aims Community College
970-339-6395


On Mon, Feb 25, 2019 at 10:38 AM Windham, Gary D - (windhamg) <windhamg () email arizona edu<mailto:windhamg () email 
arizona edu>> wrote:
We use 
Stache<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.saltycloud.com_stache_%26d%3DDwMGaQ%26c%3DspdyCQlbcMzVK9-MvWb-WQ%26r%3D-kYucs-vtuoNxJe853RClse3h_pVj0vDpCe5zu7ybmg%26m%3DzBtdEOdF_qbv74CnHyZHBr-K9UNL0Sf2TVJEA789jyE%26s%3DdbAZv6byUf9-o2s5HEs1J0Mywd5dmX4GWEaksS8Kjmg%26e%3D&data=02%7C01%7C%7C144cdff4cc674c4e36aa08d69b523c14%7Ca8046f6466c04f009046c8daf92ff62b%7C0%7C0%7C636867174834421369&sdata=6sjmPioyD6J%2Bt%2BvH4oonsdgUScV3XYG4iBXhkcqP%2B14%3D&reserved=0>,
 which is developed by UT Austin's ISO (who also developed DorkBot, ISORA, and other security tools) and provisioned in 
a SaaS model through SaltyCloud (a "public benefit corporation"). We use it for both end-user credentials as well as 
securing/sharing other secrets (e.g., API keys, license keys, S/MIME certificates, etc). It integrates with our campus 
SSO and has a very robust "M-of-N" security model for administrator access to end-user secrets (requires a quorum, so 
that a single administrator can't retrieve end-user secrets unilaterally).

Thanks,
--Gary

--

Gary Windham

Principal Enterprise Systems Architect

University Information Technology Services

The University of Arizona



Email: windhamg () email arizona edu<mailto:windhamg () email arizona edu>

Office: +1 520 626 5981


On Mon, Feb 25, 2019 at 8:54 AM Greg Williams <gwillia5 () uccs edu<mailto:gwillia5 () uccs edu>> wrote:
Looks like this topic hasn’t been discussed in a while (~2 years).  We *have* had around 100 users in LastPass 
Enterprise for our IT department for the past 4 years.  This is the 4th year in a row that the price has increased 100% 
year over year.  It was $8/year/user 4 years ago.  So over 4 years $8*2*2*2 = ~62/year/user today.  What is everyone 
else using these days?  Are you using DUO with it as well?  Thanks!

Greg Williams, ME
Director of Operations
Office of Information Technology
Lecturer
Department of Computer Science

University of Colorado Colorado Springs
1420 Austin Bluffs Parkway, (EPC 136A)
Colorado Springs, CO 80918
Phone: (719) 255-3292
Connect: Skype | 
WebEx<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__uccs.webex.com_meet_gregwilliams%26d%3DDwMGaQ%26c%3DspdyCQlbcMzVK9-MvWb-WQ%26r%3D-kYucs-vtuoNxJe853RClse3h_pVj0vDpCe5zu7ybmg%26m%3DzBtdEOdF_qbv74CnHyZHBr-K9UNL0Sf2TVJEA789jyE%26s%3DX6w0mX1QUdb2bjTcJhgYp9pPZG2ieWkOSOL_NLmsvRU%26e%3D&data=02%7C01%7C%7C144cdff4cc674c4e36aa08d69b523c14%7Ca8046f6466c04f009046c8daf92ff62b%7C0%7C0%7C636867174834421369&sdata=EB3Xfv8RdOy6%2BklQMMJcE9d7ETbPxxP%2BW8FmJ0WjT7c%3D&reserved=0>
www.uccs.edu<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.uccs.edu_%26d%3DDwMGaQ%26c%3DspdyCQlbcMzVK9-MvWb-WQ%26r%3D-kYucs-vtuoNxJe853RClse3h_pVj0vDpCe5zu7ybmg%26m%3DzBtdEOdF_qbv74CnHyZHBr-K9UNL0Sf2TVJEA789jyE%26s%3DK6KMcZWhZQFHHQQI3vx9-CsjtRDGQ61rsK_1xmv90G4%26e%3D&data=02%7C01%7C%7C144cdff4cc674c4e36aa08d69b523c14%7Ca8046f6466c04f009046c8daf92ff62b%7C0%7C0%7C636867174834431373&sdata=djDWVahF4%2FvcqKffQ8QdbM1KxiKAHrSQsFt1HZ0CNZ0%3D&reserved=0>



--


Linc Nesheim, CISSP
Information Security Officer
Whitman College
509-527-5852