Michael Leone on 10 Jan 2017 06:46:59 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Lastpass - friend of foe

On Tue, Jan 10, 2017 at 8:40 AM, Rich Kulawiec <rsk@gsp.org> wrote:
> And I'm even more skeptical of outsourcing them to the cloud.  Which you
> did, because -- well, look at the A, NS, and MX records for their domain.
> Do you really think you should trust your passwords -- encrypted or not --
> to people who lack the sysadmin 101 skills required to run their own
> mail server?  Clearly, they aren't even a little bit serious about their
> own operational security, so why would you trust them with *anything*?

You presuppose that they lack the skill to run their own mail server.
More likely, it makes more economic sense for them to outsource that
function, so that their employees can concentrate on other core tasks
of the enterprise.

I used to work at a small insurance firm, about 60 people, and I was
the only "PC" guy on staff (there were a few database
admins/programmers). That meant that I did helpdesk, networking,
backup, virtualization, mail admin, had to keep track of warranties,
make budgets, etc. Everything, a real one man band operation. The firm
thought about outsourcing the email (Exchange), even though I knew how
to run an Exchange server. (that was 10 years ago, and Exchange 2003.
I couldn't just drop into a more current version, but I know I could
get up to speed quick enough, if I had to). When I was doing it, I
used Postfix and SpamAsssassin in front it, so I used to know how to
do those, too.

I left there before that happened, so I have no idea if they did
outsource or not.
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug