[zelon88]

I'm not sure why you're being down voted so hard. You might be a little off topic, but not wrong.

I don't like the idea of consolidation. It's a bad security posture. People love to point out that "they" can secure your data better than you can, but always neglect to mention that a consolidated target has considerably more value. Credential theft results in compromised networks. If you host your own passwords, an attacker would have to start with access in order to steal credentials. If you put all your passwords on a 3rd party server that you can't audit, with millions of other passwords from millions of other customers, it's only a matter of time before they get leaked. In fact, it's almost guaranteed that it will leak, because the value of the prize is millions of times greater.

Why would I waste 3 months trying to hack one business to harvest credentials when I can spend 12 months hacking last pass to get a million passwords? It's a simple cost/ benefit calculation. And lazy administration to think anything different.

So go ahead, consolidate your whole business on infra you have no real authority over. The next major world conflict will result in 4 cloud providers being physically attacked with data centers destroyed and then you will be partly to blame when 90% of the free world's economy disappears overnight.