For a successful, growing company like MailChimp, passwords can quickly become a hassle if a scalable, secure solution isn’t in place to onboard employees, manage shared passwords, and enforce strong password policies.
The Challenge of Secure Password Management
Founded in 2001, MailChimp is a leading provider of online email marketing solutions that allow individuals and businesses to manage contacts, send emails with impact, and track results. Security is a priority at MailChimp, and regular penetration testing is part of the company’s ongoing commitment to protecting its assets.
MailChimp began encountering several challenges with passwords, including:
- Securely sharing sensitive information in a way that was easy enough to prevent people from using email or other means.
- Maintaining strong passwords while giving everyone access to the latest credentials.
- Supporting all in-house operating systems.
- Managing work and personal credentials seamlessly.
- Encrypt company passwords to meet penetration testing recommendations and improve overall security posture.
These needs led MailChimp to implement LastPass Enterprise—a comprehensive password manager that saves users’ passwords and logs in on behalf of the user on password-protected websites, with secure access from everywhere. MailChimp originally deployed LastPass Enterprise for its Mandrill team; the solution was so well-received that it quickly became the standard for the company.
Standardizing Password Policies
Using LastPass Enterprise’s Policies, MailChimp’s corporate security team established a company-wide policy requiring a certain level of password length and complexity. They also implemented multifactor authentication for a second layer of protection, and new employees are onboarded with multifactor authentication by default.
Share Folders, Not Data
Public notes, database files, Excel spreadsheets, Word documents, or Sticky Notes containing password information are a thing of the past.
“One of the best features of LastPass for me is the enterprise folder capability,” said Homer Bartlett, Director of Internal Resources at MailChimp. “It makes it easy for me to manage team-level credentials and pass logins or notes securely.”
The Mandrill, operations, and company teams use shared folders extensively. LastPass automatically syncs changes across all users who have access to that folder. Team members share logins to websites, notes about projects, procedural passwords, and process instructions. For example, the IT team has their Apple login in a shared folder so team members can place orders for new equipment when needed. The Quality Assurance team shares access information to several testing accounts that they use when testing updates to the MailChimp service.
Strong Passwords, without the Hassle
LastPass makes it easy to provision new employees and manage access. It used to take several days to coordinate passwords and access—today it takes just a few minutes. Designated admins easily add and remove employees to LastPass Enterprise, and assign them to the tools and logins they need to hit the ground running. They can also customize permissions to hide passwords on a folder-by-folder or employee-by-employee basis.
Personal and Work Passwords, Together But Separate
MailChimp employees also have the option to link personal LastPass accounts to their work account, allowing them to access what they need from both accounts when logged in at work. Employees have convenient access to both, but the company only has control over the company account and the personal account remains private. The employee doesn’t have to worry that their data will be lost if they leave the company, while company data remains locked down.
Better Security. SOC Audits Say So.
Thanks to LastPass, recent penetration tests have had a much more difficult time breaking in through weak or compromised passwords. Each year MailChimp also undergoes a Service Organization Controls (SOC) audit. Although not called out specifically, LastPass clearly plays a role in several categories, including logical and physical access controls, risk management and control implementation, and communications.
“LastPass has helped us significantly improve password management,” said Bartlett. “And better password security certainly contributes to our overall corporate security posture. LastPass Enterprise just makes it so much easier to have—and maintain—secure practices.”
Ready to get your company’s passwords under control? Try LastPass Enterprise free today.