In your opinion, does open source password protection software like KeePass live up to the demands of an enterprise...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
network as well as vendor products?
I have to start this response with the old adage: You get what you pay for. While in the past, mature, open source IAM-related programs like Kerberos LDAP and others generally were comparable to commercial products when it came to features and functions, the problem with open source products, like KeePass, is they provide no liability. This is stated directly in the KeePass license agreement:
"…because the program is licensed free of charge, there is no warranty for the program, to the extent permitted by applicable law. … The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction."
Since you mentioned the demands of an enterprise network, I'm assuming you're looking at an enterprise deployment, in which case the liabilities the enterprise would assume probably don't justify the license savings. (A general rule of thumb is that license costs are approximately 30% of the overall lifecycle cost of a software product; the remaining costs being hardware, training, support, process reengineering and application/infrastructure integration.) KeePass would function as a software vault for storing multiple enterprise passwords: the keys to the company. So, while KeePass might be a good solution for an SMB, the risk of no support and the reliance on a volunteer development community -- especially if a vulnerability is discovered -- seem to outweigh the cost savings of using this freeware product.
Also, if managing multiple passwords is an issue within your organization, I'd recommend looking at a commercial single sign-on (SSO) product before I'd look at a commercial password vault. A password vault may help users keep track of multiple passwords more easily, but an SSO implementation would likely eliminate the need for multiple passwords for various applications and improve overall organizational security. In other words, it's a win-win.
- Is there a free, enterprise-caliber password management tool? Read more.
- Learn how to encrypt passwords using network security certificates.
Related Q&A from Randall Gamby
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses.continue reading
Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most...continue reading
A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.