LastPass Enterprise Review

Enables us to secure our passwords and to share them internally with contractors


What is our primary use case?

Our primary use case is to share passwords internally to contractors. It's for the security of our passwords.

How has it helped my organization?

Previously, we used to use an Excel spreadsheet internally. It didn't have a password on it. If we did get compromised by a cyber attack, people could actually gain access to all our passwords. Whereas, what LastPass does is, it locks it down. If you go to the spreadsheet, you see every password but if you go into LastPass, you don't actually see the passwords right in front of your eyes, it's quite good from that aspect. It also allows you to share passwords. You set groups up and only give people access to certain stuff, whereas on our Excel sheet, everyone who had access to that sheet, all the IT staff, could see passwords that they really didn't deal with, or didn't need access to. Now, we can split between our database people: to our network engineers, to our application support; they've all got different requirements for different passwords, so we can segregate it quite nicely.

What is most valuable?

There are some alerting features in it that are quite good, like multifactor authentication. In general, it's a good product. It's rich in features and it does the job. You can invite contractors in and share it both internally and externally with set groups.

What needs improvement?

Anyone that has access to LastPass can change a password and we want the admins to be notified that the password has been changed. The reason we want that functionality is if for some reason someone digs up their credentials and gets into LastPass and they go and change some of our passwords, we want to know straight away that someone's changed these passwords. 

There are a couple of other things that didn't go very well. When we wanted to do a restore of one folder on one computer, we went to the company and asked for restore and they couldn't do it. The only person who can do the restore is the one that creates the account. If you add an admin later, they couldn't do the restore. We didn't like that. The first time we had to restore and we couldn't do it we obviously weren't that impressed. There are ways around that. We do our manual backup, put it on an encrypted USB drive and put it in a safe once a month. We've got our own backup solution to that and that works quite well. 

I also don't like the add-in for Internet Explorer and Google Chrome, because when you do the add-in, you can actually save that to your credentials in your IE, and the problem is, if I left my screen open, or any of the IT people leave their screen open someone could come up and access all their credentials in LastPass without having to put a password in within your own network. I don't like that functionality. We've banned that from any of our staff adding that as an add-in because we see that as a security risk.

What do I think about the stability of the solution?

We haven't had any problems with it. We did have one little glitch that happened when you had a look at the security, it showed the security multiple times, the same security twice. That might have been an issue with the screen or compatibility in what we're looking at it in, but apart from that, it was fine. It might have just been a compatibility issue with Internet Explorer or whatever we were accessing at the time. 

How are customer service and technical support?

Their technical support was very good. They generally respond via email, or they log into their service desk, and they generally post stuff up there that comes in the email to say there's been an update to a certain request. You log in and you see what the update is and you respond. I think they're overseas, so it generally does take a couple of hours to respond, and that's generally in the early hours of the morning. It would be better if they were in Australia and we got a response in the middle of the day. We deal with all different service providers and their response is more than adequate for what our requirements are.

How was the initial setup?

The initial setup was quite simple. It meets requirements and it was quite easy to put in. The structure is quite easy to understand and the way the security works. You could do it in a couple of hours if you really wanted to. The majority of our time was really working out how we wanted to do the security and coming to an agreement on that, which made it take longer.

It doesn't require much maintenance. Once you've got it set up it just pretty much self manages itself.

What about the implementation team?

We deployed it ourselves. 

What was our ROI?

It's always hard to put a value on return on investment. You avoid one breach and it's paid for a million times over. We got a penetration test company internally, just to see how secure our network is, and there happened to be one bit of software that had been overlooked by an external company that managed it. It hadn't been upgraded so that managed to get them into the network. They would've been able to access through the test thing a file that we had previously. If that was a real-life scenario they would have been able to get into our network and get full access to our organization's passwords. If they did get in, they would have gotten access to the cloud. The ROI we see is that we are completely secured compared to what we had previously where there was a vulnerability.

What's my experience with pricing, setup cost, and licensing?

LastPass was cheap as chips. It was very cheap, hence one of the reasons we went with it.  If you're a small organization and you're after something that'll do 90% of your requirements, it's very good.

Licensing and all that was really cheap and simple to understand.

Which other solutions did I evaluate?

I also use KeePass.

What other advice do I have?

I would advise someone considering this or a similar solution to look at all of the key functionalities and see what you really need. If you're a small organization looking for a solution that will work but may not have the bells and whistles, LastPass is definitely for you. If you're a bigger organization and you want a lot more functionality and the bells and whistles, if you are willing to pay for it you can get it. It's really what suits you as an organization. You just need to determine what your functionality is and you go with that solution, because if I was a smaller organization we definitely would stick with LastPass. It does the job.

I would rate LastPass an eight out of ten. It's a good product. There are a few little functionality improvements that could raise it to that next level.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See it in Action

Start a Free 14 Day Trial

Add a Comment
Guest
Sign Up with Email