Educause Security Discussion mailing list archives
Re: Question for IT departments using LastPass
From: Greg Williams <gwillia5 () UCCS EDU>
Date: Tue, 6 Aug 2019 14:25:28 +0000
We have used LastPass for the past 5 years for those in OIT who need access to many >100 passwords. We have around 100 folders and around 15 groups. We don’t use AD sync or federated access, but use MFA along with some other security policies. Even though there is not a hierarchical access infrastructure, groups work well. For example, the podium computers folders are accessed by our academic support group and the administrator, and that’s it. The one advantage that you have with groups/folders vs. hierarchical access is speed. The more passwords you have in your vault, the longer it takes to load or search (still only a couple of seconds however). Another advantage is that you are only giving password access to those that need access to those passwords and not a hierarchy. Greg Williams, ME Director of Operations Office of Information Technology University of Colorado Colorado Springs 1420 Austin Bluffs Parkway, (EPC 136A) Colorado Springs, CO 80918 Phone: (719) 255-3292 www.uccs.edu<http://www.uccs.edu/> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of David Curry Sent: Tuesday, August 6, 2019 5:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Question for IT departments using LastPass We're just beginning our move off of Thycotic Secret Server and onto LastPass Enterprise for our IT department, to manage all the server, database, application, etc. passwords. In our Thycotic environment, we took a very hierarchical approach to storing things, with permissions set generally along the org charge structure. The different "silos" of the department had access to different areas of the vault, and there wasn't much cross-silo access. That worked for a while, but as the organization started changing, it started getting in the way of getting things done. Now we're thinking, partly because our organization has changed and there's much more cooperation and working together than there used to be, but also because LastPass doesn't support the same hierarchical storage model, that we should be organizing things more simply. But while we have some high-level ideas on how we might want to do this, we're not quite sure of the details. So we're hoping to learn from others who've already done it. If your IT department is using LastPass internally to manage the department's passwords and share them with staff, how have you chosen to organize things storage-wise in LastPass (i.e., how have you named the folders and what have you put into them)? And how have you set up your user groups for sharing purposes? Thanks, --Dave -- DAVID A. CURRY, CISSP DIRECTOR • INFORMATION SECURITY & PRIVACY THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • david.curry () newschool edu<mailto:david.curry () newschool edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cgwillia5%40UCCS.EDU%7C7a0a0b8a1ed94d648b0308d71a64fb8a%7C529343fae8c8419fab2ea70c10038810%7C1%7C0%7C637006893337029018&sdata=SRGGM8UPVZzWXHtr8gWybk%2FPjHun4V1VksBz5S0vLIc%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Question for IT departments using LastPass David Curry (Aug 06)
- Re: Question for IT departments using LastPass Kimmitt, Jonathan (Aug 06)
- Re: Question for IT departments using LastPass Greg Williams (Aug 06)