![]() ![]() ![]() Was a report made to our team about this? If you opened a support ticket, can you share the ticket number so I can follow up? just food for thought.Hey Brian, I certainly respect your position but I don't follow here - to the best of my knowledge, we don't send anything to China. ![]() I don't feel very good about passwords from the CONUS going to China, let alone my directory services. I know because I monitored it and as soon as that country was geoblocked - I heard all about it and sure enough, traffic capture revealed the same results. If you really, really must use them - I HIGHLY suggest a 2FA or MFA approach (I think they only support 2FA but you can purchase PIV's from Yubikey that are very cost effective and not annoying for your end users).ĭo be aware however, that ALL of their data is only accessible by network traffic to China. I'm not just talking about SLA here but BAA, MOU and ISA's are not something they seem to be interested in - making them, your weakest link and this could be a really serious issue. Not to detract you here, but I wouldn't use LassPass at this point due to the fact that for one, they have been breached twice since their recent introduction into the market making them a massive treasure trove of data, second to my knowledge - if you are following the outsourced vendor security lifecycle with - selection/onboarding/monitoring/offboarding you will find that LassPass doesn't do very well with proper business agreements when it comes to risk assessment. Thanks for your time.I do see your point here, however that defeats theirs as well. By adding LP we wanted to eliminate passwords, not add another one. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |