Re: Password Management

["Hagan, Sean" <sean.hagan () YC EDU>]

We’re paying about $10k per year in support/maintenance costs for an on-prem install of Thycotic.  That’s for ~30 users.

I think it’s a total rip-off (but admittedly, we’re using it as more of a password manager than a true PAM).




~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sean Hagan
Chief Information Security Officer
Yavapai College
(928) 717-7651 – direct
https://www.yc.edu<https://www.yc.edu/>





From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Frank Barton
Sent: Monday, February 25, 2019 10:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Management

Austin, those numbers do not match up at all with what I'm paying for Secret Server. While my policy is never to give 
our numbers to anybody. I will give some rough numbers.

annual support is less than $15 per user, the initial (perpetual) license is around $100 per user.

I wonder if the quotes you got were for one of the higher levels, or for their hosted solution.

On Mon, Feb 25, 2019 at 12:38 PM Windham, Gary D - (windhamg) <windhamg () email arizona edu<mailto:windhamg () email 
arizona edu>> wrote:
We use 
Stache<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.saltycloud.com%2fstache%2f&c=E,1,TuVrIWyNFnci8o_Jn9d_BcvsmEAzBcT36imo3i5L70n6UzL0w5XY4QgXokL_V2ETE5OGJO9ZMAlbi9Ycph7iPUGgiwU6OHSoysIlvtDXhRWdyqee&typo=1>,
 which is developed by UT Austin's ISO (who also developed DorkBot, ISORA, and other security tools) and provisioned in 
a SaaS model through SaltyCloud (a "public benefit corporation"). We use it for both end-user credentials as well as 
securing/sharing other secrets (e.g., API keys, license keys, S/MIME certificates, etc). It integrates with our campus 
SSO and has a very robust "M-of-N" security model for administrator access to end-user secrets (requires a quorum, so 
that a single administrator can't retrieve end-user secrets unilaterally).

Thanks,
--Gary

--

Gary Windham

Principal Enterprise Systems Architect

University Information Technology Services

The University of Arizona



Email: windhamg () email arizona edu<mailto:windhamg () email arizona edu>

Office: +1 520 626 5981


On Mon, Feb 25, 2019 at 8:54 AM Greg Williams <gwillia5 () uccs edu<mailto:gwillia5 () uccs edu>> wrote:
Looks like this topic hasn’t been discussed in a while (~2 years).  We *have* had around 100 users in LastPass 
Enterprise for our IT department for the past 4 years.  This is the 4th year in a row that the price has increased 100% 
year over year.  It was $8/year/user 4 years ago.  So over 4 years $8*2*2*2 = ~62/year/user today.  What is everyone 
else using these days?  Are you using DUO with it as well?  Thanks!

Greg Williams, ME
Director of Operations
Office of Information Technology
Lecturer
Department of Computer Science

University of Colorado Colorado Springs
1420 Austin Bluffs Parkway, (EPC 136A)
Colorado Springs, CO 80918
Phone: (719) 255-3292
Connect: Skype | WebEx<https://uccs.webex.com/meet/gregwilliams>
www.uccs.edu<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.uccs.edu%2f&c=E,1,YcnI6z8EsHKbaxaRfO9cv-3sAWyd_AhMh2t24xLhI8CUTISuplrQQ071lqM-JQEZRrACHp3_5mJ2BBvXsR2gxjhyrPhjnItLL0W-eNUZTvxdDSX8STNGKTK9iQ,,&typo=1>



--
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University