Educause Security Discussion mailing list archives
Re: Password Management
From: Nick Lewis <nlewis () INTERNET2 EDU>
Date: Wed, 27 Feb 2019 18:48:47 +0000
Hi everyone, I’m the NET+ Program Manager working on the NET+ LastPass service. Very similar response as to the Duo thread with a little more information on the NET+ LastPass program. The pricing within the NET+ LastPass program has not changed since the program was introduced. The NET+ LastPass program has a term that limits potential price increases within the program to 5%. Happy to discuss off list (or on the list if anyone wants) if there are additional questions. Thanks, Nick Nick Lewis, MS, MA, CISSP Program Manager, Internet2 Cloud Services - Security and Identity Internet2 nlewis () internet2 edu<mailto:nlewis () internet2 edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Emily Harris <emharris () VASSAR EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wednesday, February 27, 2019 at 1:05 PM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Password Management $13K/year. We are still in our first year so hopefully we don't get any surprises in June! ---- Emily Harris, CISSP Information Security Officer, CIS Vassar College 845-437-7221 On Mon, Feb 25, 2019 at 2:08 PM Jackson Muhirwe <jmuhirwe () ucdavis edu<mailto:jmuhirwe () ucdavis edu>> wrote: Emily, How much did a full site LastPass Premium Internet2 license cost you if you don’t mind? I am considering a consolidation project. Jackson Muhirwe Deputy Chief Information Security Officer Information Security Office UC Davis Phone: (530)752-2726 Information Security Symposium @ UC Davis Save the Date: June 18 – 19, 2019 For more info: https://infosecsymposium.ucdavis.edu/ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Emily Harris Sent: Monday, February 25, 2019 10:51 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Password Management FWIW we did the full site license for LastPass Premium for everyone with a vassar.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvassar.edu&data=02%7C01%7C%7C144cdff4cc674c4e36aa08d69b523c14%7Ca8046f6466c04f009046c8daf92ff62b%7C0%7C0%7C636867174834411359&sdata=jv76uw196suk4kEk57nqqmX6I9uM9Og1yu5SS4DsN14%3D&reserved=0> email address and Enterprise for all of our employees through the Internet2 pricing. We found this very affordable - we will see how the renewal goes later this year. ---- Emily Harris, CISSP Information Security Officer, CIS Vassar College 845-437-7221 On Mon, Feb 25, 2019 at 1:28 PM Linc Nesheim <nesheijl () whitman edu<mailto:nesheijl () whitman edu>> wrote: We had an Enterprise version of Thycotic Secret Server when I arrived at my current role -- pricing was not palatable for the feature set we were actually using. We switched to the Vault version which has the functionality we are using and the licensing/maintenance costs that won't break the bank. We're happy with the product. Linc On Mon, Feb 25, 2019 at 10:02 AM Blake Ketcham <blake.ketcham () aims edu<mailto:blake.ketcham () aims edu>> wrote: We also have Secret Server and are happy with it. Thycotic recently began offering discounted "business user" licenses that are meant for anyone not needing advanced PAM capabilities. From what I understand, they using this pricing model to better compete with password manager vendors like LastPass. Thanks, Blake Ketcham Information Security Analyst Aims Community College 970-339-6395 On Mon, Feb 25, 2019 at 10:38 AM Windham, Gary D - (windhamg) <windhamg () email arizona edu<mailto:windhamg () email arizona edu>> wrote: We use Stache<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.saltycloud.com_stache_%26d%3DDwMGaQ%26c%3DspdyCQlbcMzVK9-MvWb-WQ%26r%3D-kYucs-vtuoNxJe853RClse3h_pVj0vDpCe5zu7ybmg%26m%3DzBtdEOdF_qbv74CnHyZHBr-K9UNL0Sf2TVJEA789jyE%26s%3DdbAZv6byUf9-o2s5HEs1J0Mywd5dmX4GWEaksS8Kjmg%26e%3D&data=02%7C01%7C%7C144cdff4cc674c4e36aa08d69b523c14%7Ca8046f6466c04f009046c8daf92ff62b%7C0%7C0%7C636867174834421369&sdata=6sjmPioyD6J%2Bt%2BvH4oonsdgUScV3XYG4iBXhkcqP%2B14%3D&reserved=0>, which is developed by UT Austin's ISO (who also developed DorkBot, ISORA, and other security tools) and provisioned in a SaaS model through SaltyCloud (a "public benefit corporation"). We use it for both end-user credentials as well as securing/sharing other secrets (e.g., API keys, license keys, S/MIME certificates, etc). It integrates with our campus SSO and has a very robust "M-of-N" security model for administrator access to end-user secrets (requires a quorum, so that a single administrator can't retrieve end-user secrets unilaterally). Thanks, --Gary -- Gary Windham Principal Enterprise Systems Architect University Information Technology Services The University of Arizona Email: windhamg () email arizona edu<mailto:windhamg () email arizona edu> Office: +1 520 626 5981 On Mon, Feb 25, 2019 at 8:54 AM Greg Williams <gwillia5 () uccs edu<mailto:gwillia5 () uccs edu>> wrote: Looks like this topic hasn’t been discussed in a while (~2 years). We *have* had around 100 users in LastPass Enterprise for our IT department for the past 4 years. This is the 4th year in a row that the price has increased 100% year over year. It was $8/year/user 4 years ago. So over 4 years $8*2*2*2 = ~62/year/user today. What is everyone else using these days? Are you using DUO with it as well? Thanks! Greg Williams, ME Director of Operations Office of Information Technology Lecturer Department of Computer Science University of Colorado Colorado Springs 1420 Austin Bluffs Parkway, (EPC 136A) Colorado Springs, CO 80918 Phone: (719) 255-3292 Connect: Skype | WebEx<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__uccs.webex.com_meet_gregwilliams%26d%3DDwMGaQ%26c%3DspdyCQlbcMzVK9-MvWb-WQ%26r%3D-kYucs-vtuoNxJe853RClse3h_pVj0vDpCe5zu7ybmg%26m%3DzBtdEOdF_qbv74CnHyZHBr-K9UNL0Sf2TVJEA789jyE%26s%3DX6w0mX1QUdb2bjTcJhgYp9pPZG2ieWkOSOL_NLmsvRU%26e%3D&data=02%7C01%7C%7C144cdff4cc674c4e36aa08d69b523c14%7Ca8046f6466c04f009046c8daf92ff62b%7C0%7C0%7C636867174834421369&sdata=EB3Xfv8RdOy6%2BklQMMJcE9d7ETbPxxP%2BW8FmJ0WjT7c%3D&reserved=0> www.uccs.edu<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.uccs.edu_%26d%3DDwMGaQ%26c%3DspdyCQlbcMzVK9-MvWb-WQ%26r%3D-kYucs-vtuoNxJe853RClse3h_pVj0vDpCe5zu7ybmg%26m%3DzBtdEOdF_qbv74CnHyZHBr-K9UNL0Sf2TVJEA789jyE%26s%3DK6KMcZWhZQFHHQQI3vx9-CsjtRDGQ61rsK_1xmv90G4%26e%3D&data=02%7C01%7C%7C144cdff4cc674c4e36aa08d69b523c14%7Ca8046f6466c04f009046c8daf92ff62b%7C0%7C0%7C636867174834431373&sdata=djDWVahF4%2FvcqKffQ8QdbM1KxiKAHrSQsFt1HZ0CNZ0%3D&reserved=0> -- Linc Nesheim, CISSP Information Security Officer Whitman College 509-527-5852
Current thread:
- Re: Password Management, (continued)
- Re: Password Management Jason Borinski (Mar 01)
- Re: Password Management Windham, Gary D - (windhamg) (Feb 25)
- Re: Password Management Frank Barton (Feb 25)
- Re: Password Management Hagan, Sean (Feb 25)
- Re: Password Management Blake Ketcham (Feb 25)
- Re: Password Management Linc Nesheim (Feb 25)
- Re: Password Management Emily Harris (Feb 25)
- Re: Password Management Walter Moore (Feb 25)
- Re: Password Management Jackson Muhirwe (Feb 25)
- Re: Password Management Emily Harris (Feb 27)
- Re: Password Management Nick Lewis (Feb 27)
- Re: Password Management Frank Barton (Feb 25)