LastPass Enterprise Review

This product helps keep us secure. There is no way to rotate passwords without human intervention.


What is our primary use case?

We use it internally as a password vault for all of our core enterprise admin passwords. It is a storage vault.

How has it helped my organization?

It provides us the ability to create different levels of access for different teams. We can create a profile for a service desk person versus an application administrator versus an IT manager, so we can have access to different applications provisioned. Therefore, the password changing process isn't as onerous.

What needs improvement?

The biggest thing is there is no good way to have LastPass rotate passwords without human intervention. Right now, we have to go into each folder, then rotate and manually update each password. It can be done it by loading a bunch of passwords into a spreadsheet, but this makes the whole process insecure because then the passwords have been noted into a spreadsheet which have to be upload. We have to go into 40 to 50 applications and manually update passwords, because we don't view their solution of writing a bunch of passwords on a spreadsheet, then uploading them as a secure solution. This should be done internally within LastPass. This would be a huge win, as this is the one place where I don't feel like they are enterprise ready, and we are using a work around for something that they should have.

It is not super feature laden. It does not stand out versus the competition.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability has been rock solid. A couple of years ago, they were breached. However, if you had two-factor authentication enabled, it didn't affect you. We did, so it has been good.

What do I think about the scalability of the solution?

Scalability needs work from LastPass. However, there is no plan to scale up or down from our company. It is just on an as needed basis.

How is customer service and technical support?

LastPass has been bounced around a bit. They are now owned by LogMeIn, so we have had a little bit of a challenge keeping track of who our account manager has been. We have found this to be confusing sometimes. You pick up the phone not knowing if you are looking for LogMeIn or LastPass. At one point, we had LogMeIn services here, so I was contacting the wrong account rep, and it took about a week to figure out who the right account rep was. So, that's a little wonky. It would be nice if they could consolidate their systems, so their customers have one view of the overarching company.

Tech support has been good. We haven't needed it much, because it is not a complex application. There is not that much you have to do with it. 

What was our ROI?

We have not seen any ROI. Security is funny though. You don't see ROI unless you are breached. This product helps keep us secure.

What's my experience with pricing, setup cost, and licensing?

It would be nice to do a quarterly true-up process with them versus having to buy 50 licenses at a time when we realize we're out, then we have to buy more. So far, they have been nice about letting us exceed our allotment and just letting us true-up on our own, but a more robust quarterly true-up process would be good.

The pricing and licensing are okay. Basically, at the last contract negotiation, they attempted to jack the rate up and we just said, "No." We still did negotiations with them, but they bumped everything up quite a bit. 

I understand that we are old clients and were paying an older rate, but it was something that we would never do to one of our customers. We would work with a customer to move them up to the new standard rate, but not all in one year. Therefore, we were miffed at how much they wanted to bump up the price right away.

They came back and were reasonable in the end. However, it was all sort of shocking.

Which other solutions did I evaluate?

We evaluated 1Password and LastPass. 

I don't know the major differences between the two companies. I don't use 1Password, although it looks pretty cool. I know people that swear by 1Password. I know others that say LastPass is better because LastPass has never been breached if you have two-factor authentication. I think that the reason that we use LastPass instead of 1Password is because whoever started the initial setup was familiar with LastPass.

We keep checking back with LastPass to see if they have the password resets enabled, and they don't. If 1Password, ever does this, go use them.

What other advice do I have?

Make sure you have two-factor authentication enabled.

Not everyone in the company uses LastPass because a license is required. We have half to two-thirds of the company on it. The people on the company primarily using it are either in IT or production operations.

We are SOC 2 compliant. Thus, we have to be able to demonstrate that we are pretty well locked down.

We don't need staff to maintain it. The two biggest things with it are ordering more licenses and rotating passwords when someone leaves the organization.

Most important criteria when selecting a vendor: 

  • SOC 2 compliance 
  • Uptime 
  • SLAs
  • Terms of service 
  • Indemnity
  • Functionality.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
See it in Action

Start a Free 14 Day Trial

Add a Comment
Guest
Sign Up with Email