Re: Password Management

[Austin Bollinger <austinbollinger () GRCC EDU>]

Just curious what reasonable cost is?

25 users with Secret Server we were quoted around $3,000 (sweet)! To
exceed 25 users up to 26, you are looking at $9,000 - price hike. Hmm..
how about 100 users? Expect to be around $40,000 to start using Thycotic
Secret Server. Thankfully that price is not yearly but Secret Server is
a costly investment starting out.

While not unbearable, before such a pricey purchase when realistically
the majority of their "bells and whistles" are likely to be overlooked
in a realistic application.. I see other PAM solutions plenty more
affordable. LastPass and Passwordstate come to mind.

Nothing against Secret Server but when you are quoted for 25 users with
hopes of growing on a platform, that 1 extra user price increase x3
seems very corporate/capitalistic. I know businesses have to make money
but what an absurd uptick(.) When I mentioned sticking closer to the 25
user pricing, things turned to "Well, we know that professional edition
has XYZ features and LastPass had a breach a little while back."

Not my cup o' tea. Buying a PAM should not be like walking into a car
dealership. The desperate upselling should be a red flag to anyone.
Unless you plan to SSH proxy every connection so you can monitor every
command typed through SSH - not much of a reason to purchase the
priciest PAM I can think of.

Regards,
Austin Bollinger
IT Security Analyst
IT at Grand Rapids Community College
austinbollinger () grcc edu |
https://grcc.edu/informationtechnology/informationsecurity


> > > Frank Barton <bartonf () HUSSON EDU> 2/25/2019 12:10 PM >>>
We are using Thycotic's Secret Server. (at the professional level) I do
agree that it will get very expensive as you add the extra features, but
at the Professional level, for on-prem, I found the cost to be very
reasonable.

Some of the features that we like have been that we have it on-prem,
and the ability for it to automatically change passwords. We don't use
Duo with it (yet), but we have started enforcing Google Authenticator
MFA on IT accounts.

Frank

On Mon, Feb 25, 2019 at 12:05 PM William D Sanders
<wdsanders () widener edu> wrote:


Is anyone using KeePass? I’ve used it before in a non-education
environment, and it worked well for us. I’d love to hear about anyone’s
experience with it.

Thanks,
Dan
 
 
 
From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>On Behalf Of Greg Williams
Sent: Monday, February 25, 2019 10:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password Management
 
Looks like this topic hasn’t been discussed in a while (~2 years). We
*have* had around 100 users in LastPass Enterprise for our IT
department for the past 4 years. This is the 4th year in a row that the
price has increased 100% year over year. It was $8/year/user 4 years
ago. So over 4 years $8*2*2*2 = ~62/year/user today. What is everyone
else using these days? Are you using DUO with it as well? Thanks! 
 
Greg Williams, ME
Director of Operations 
Office of Information Technology
Lecturer
Department of Computer Science 

University of Colorado Colorado Springs
1420 Austin Bluffs Parkway, (EPC 136A)
Colorado Springs, CO 80918
Phone: (719) 255-3292
Connect: Skype | WebEx
( https://uccs.webex.com/meet/gregwilliams)  
www.uccs.edu
 


-- 

Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
 
This email has been received from a sender outside of the GRCC network.
Use caution before clicking links/attachments