Sherweb launched a partnership with LogMeIn to offer LastPass, a password management and sharing solution that offers single sign-on (SSO) and multifactor authentication (MFA) that gives users visibility and control over their business security. We spoke with Harvey Grasty, VP Business Development and Strategic Partnerships at LogMeIn to talk about how LastPass can enrich MSP offerings and provide value for clients.
Note: This been edited for clarity and readability.
What is LastPass?
LastPass is a best-in-class, business password management solution that empowers both managed service providers (MSPs) and their clients to secure credentials from any location. This reduces the risk of successful data breaches and also improves employee productivity.
It’s a convenient way for businesses to improve their password hygiene and security without compromising ease of use and employee productivity. It allows users to quickly and easily generate and store passwords, autofill passwords when logging into websites, and share credentials seamlessly with other employees. On the administrator side, they’re able to gain valuable insight as to how employees are using passwords within the organization and set policies accordingly. This helps them drive better security practices and password hygiene as well.
As part of LastPass, we also offer a single sign on (SSO) and multifactor authentication (MFA) to ensure MSPs can secure their clients with additional access and authentication protection. We’re really set up nicely for both MSPs and their clients to grow with us.
Password management is often the tip of the spear for smaller businesses, but then they can add SSO and multifactor authentication later as they grow and their security needs mature.
How did LastPass get started?
LastPass was founded in 2008 by a group of security-minded friends with a mission to provide a simple way to manage passwords and improve security for both individuals and businesses. LogMeIn, whose mission is to provide critical applications to power the modern workforce, saw LastPass as a company with tremendous opportunity not just in the short term, but over the long term as well. We acquired LastPass back in 2015, and we’ve grown that business to over 25 million consumer users and tens of thousands of businesses.
What are some of LastPass’s major benefits for end-users?
It might be an obvious benefit, to reduce risk of breach, but it’s the biggest. Obviously, data breaches are a big problem, and many of these are a result of using weak, duplicate passwords. You just absolutely shouldn’t be using the same password on multiple applications or websites—whether in your personal life or business—because when one gets hacked, if you use the same password somewhere else, you are at greater risk for being hacked in those other places as well.
LastPass is also really easy to use. It’s easy to generate strong, unique passwords and automatically fill them when logging into a website or app, which makes you more secure. Another benefit is that you can use it from any device. We’ve all been in a remote workforce or a mobile workforce, potentially even before the pandemic. Since businesses started to open their offices, many remain fully remote or are a hybrid of in-office and remote. The reality is people are using multiple devices to get their work done, either in your home, an office, or on the go. Regardless of where you are, you need to be able to access your passwords whenever and wherever you need them.
Another benefit for end users is that it increases productivity. With LastPass, end users can seamlessly generate, secure and share credentials without being slowed down by forgotten password or resets. Personally, I appreciate how quick and easy using LastPass makes my daily life when I’m trying to get in and out of applications, whether for work or in my personal life.
Why is password management important?
Password fatigue can happen to end users and businesses. As remote work accelerates businesses transition to the cloud, there are more and more credentials that employees are expected to manage. The average employee has 191 passwords to keep track of. That’s a lot, right? With that many passwords to manage, it’s impossible for an employee to utilize strong, randomly generated passwords across their accounts without help. In addition, managing that quantity of passwords can put a drain on employee productivity as frequent password resets and lockouts slow down work. As soon as an employee slips up because of password fatigue, they can potentially be putting the entire business at risk. Partners should be able to address the password fatigue that their clients (and themselves) are experiencing.
Why is single sign on (SSO) and multifactor authentication (MFA) important for businesses?
I spoke earlier about how password management is often the tip of the spear for a business—it’s a good first start. But as you’re growing as a business and want to evolve your identity and access management strategy, SSO is a great way to protect all the applications in your environment in a more seamless fashion. SSO securely connects an employee to the work applications in which they are assigned by IT, without the need to type a password. When SSO is paired with a password manager, an organization can achieve complete control over not only passwords, but of user access in general.
MFA uses both biometric and adaptive factors to add another layer of security. Not only are you using a face scan, for example, to get into an application, but contextual events or contextual information is also considered for whether to let someone into an application. Maybe the system sees this person is logging in from a different country than they typically would. It’s a good warning—this doesn’t fit, even though somehow, they’ve been able to get through with the password.
Additionally, some businesses with regulatory bodies that overlook their business are starting to require multifactor authentication, or at least heavily suggesting that they use it. Business is evolving that way, and security is evolving that way. So, MFA is an important part of the set of options that LastPass has available.
I mentioned that we have a business model that’s a fit for MSPs. Ultimately, we want them to grow their business. LastPass is a product that will create a new revenue stream by being able to offer a best-in-class password management solution, with competitive margins, that fits within an MSP’s business model.
Secondly, LastPass helps providers secure their clients. About 80% of data breaches are due to weak passwords or reused passwords. This is a gap for most businesses, but LastPass helps MSPs strengthen their client relationships by increasing their password security while minimizing their risk of a successful (and expensive) breach.
The third benefit or opportunity, if you will, for IT providers or MSPs, is that it’s relatively easy to roll out and deploy LastPass. LastPass is not only easy to set up and maintain, but self-guided resources and a built-in dashboard also help with rollout and employee communications. You can get quick adoption, which you want as an MSP; you want it to be easy to deploy but also easy to use—you want people to actually use it.
Lastly, LastPass reduces the helpdesk calls that MSP get. Our research has found that around 25-40% of helpdesk calls are due to password problems, or resets. When end users have a solution to save passwords and not have to worry about forgetting their password, it reduces the number of helpdesk calls. If you reduce those, then the MSP can focus on more mission-critical things than just resetting passwords.
What LastPass plans are available for resellers to offer?
First is LastPass Business, which is the primary password management solution that includes shared folders, policies & reporting, SSO for up to three cloud applications, and an all-in-one admin console. Then if you want full unlimited SSO, you could add that on. The third component would be the MFA add on. At that point, you can use passwordless multifactor authentication for cloud and legacy applications, VPNs, and workstations.
What inspired LogMeIn to get involved with the channel with LastPass?
LogMeIn provides a number of solutions for the IT sector, all of which serve a mission to empower companies to allow their employees to work from anywhere, both in a remote and hybrid work environment. And so LastPass is one of those solutions that fits nicely into that mission.
LogMeIn has used the channel for years and been successful. I would say the difference now, is that we’ve really doubled down on the channel; more recently, as it relates to LastPass, we’ve upped our game. We’ve created an MSP-friendly model for LastPass, with consumption-based monthly pricing that MSPs can build into their practice more easily. The second thing we’ve done is that we’ve created a really easy dashboard, or one pane of glass for MSPs to easily manage all the customers they using LastPass for. We wanted to be able to meet our customers where they already were. A lot of our target customers purchase their software and hardware through the channel, so we wanted to ensure that our solutions were represented in that market.
That’s really why we’re excited about Sherweb. You guys know the MSP space so well, you have a track record of serving MSPs and curating applications for them. The fact that that you’ve chosen LastPass as one of the applications you offer is super exciting for us.