Lieberman Software

March 2010

Top of Mind
The Trust Time Bomb

Philip  Lieberman, President & CEO Lieberman Software

Rodney Gedda of CSO Magazine posted an excellent description of a security phenomenon known as the “trust time bomb” on this month in an article called: Access build-up a new concern for CIOs: security pro.

In his article he explained how over time, employees build up an incredible number of privileges that grant dangerous privileged access. This is akin to the current problem with database administrators that retain DBA super user privileges indefinitely, as well as IT staff using the same password on every system in the company as a matter of convenience. Below is an edited response I sent to Rodney. Let me know what you think of my response by writing me directly at:

“I totally agree with your position on the ‘trust time bomb’. The problem of privileged identity creep extends from physical systems (i.e. switches, routers, KVM, ILO), through hypervisors, hosted operating systems, stacks such as Windows and LAMP, middleware, and up to applications. Compound this with IT sharing the same password on all these systems and never changing passwords when there is turnover, and you have a recipe for a disaster.

The problem is that IT does not want to change its habits and prefers the convenience of poor security to make their jobs easier. Unfortunately, many CSOs are not aware of the bad practices employed by their IT staff and developers. When CSOs try to implement a solution, they are frustrated by both passive and active resistance to efforts by C-level staff to implement proper security controls (segregation of duties, need to know, approvals of access, limited time access, etc.).

What needs to happen is a direct hands-on attack of the privileged identity management problem by the CSO rather than delegating the problem to IT to fix. Technical solutions exist to solve the problem, but the problem must first be solved at the organization level by implementing appropriate policies and enforcement to reasonable controls.

It is also important that the auditors be part of the remediation process to make sure that privileged credentials are cut back to a least privileged and least time rule. Auditors must also come back regularly to assure that the security controls are not only implemented, but are also followed so as not to fall into the PCI point in time security trap (i.e., we were okay on our January 1st audit, but fail every other day).

Most of all, the CSO must get personally involved in both the technical and business end of reducing the privilege threat. The solution requires both technology and process, and in the end a third party auditor must confirm that real security has been achieved rather than a point in time compliance.”

Tech Tip of the Month

Configuring Delegation Rules and Rights

It's well known that Enterprise Random Password Manager (ERPM) can delegate user access to the privileged account passwords in the enterprise. But do you know the extent to which ERPM can be configured to control the access of delegated users within ERPM itself?
>> Learn more

Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067

(01) 310-550-8575

Customer Snapshot

Heartland Financial USA, headquartered in Iowa, is a publicly traded financial services company that provides banking, mortgage, wealth management, insurance and consumer finance services across 73 locations.

The Situation:
Heartland Financial required a solution to secure and manage privileged account access in order to comply with regulatory mandates, including Sarbanes-Oxley.

The Solution:
Enterprise Random Password Manager (ERPM) was acquired and deployed to all branches in the network.

The Result:

"Our biggest advantage is that our systems are now much more secure. Controlling our privileged identities helps protect us against threats like malicious software. Another benefit with ERPM is the time savings and increased productivity compared to scripting."
Shane Nicely | VP of Information Services, Heartland Financial USA

Click here to read the detailed case study.

Partner News
  • Hewlett-Packard Silver Business Partner Announcement: Lieberman Software's participation in the HP Software Enterprise Management Alliance Program demonstrates our commitment to develop privileged identity management solutions that help safeguard deployments of HP Operations Center and HP Network Management Center (formerly known as HP OpenView™). 

Product Updates / Launches / Podcasts
  • Podcast: Virtual Strategy Magazine - Interview with Philip Lieberman about cloud computing security and the new release of Enterprise Random Password Manager (ERPM) v4.82. Duration 15:39.

Events / Press / Analysts
  • Network World, March 2010
    "Lieberman Software's Enterprise Random Password Manager (ERPM) provides new levels of visibility and control for cloud service providers and large enterprises to secure privileged identities."
  • ChannelWeb, March 2010
    ERPM named one of 25 Hot Products to Watch at RSA! "With this version of ERPM, cloud service providers can assure both customers and IT auditors that privileged access to sensitive data is continuously monitored and secured."
  • Help Net Security, March 2010
    "ERPM now delivers fine-grain management features to protect every asset in the cloud infrastructure – including physical and virtual computers and network appliances, hypervisors, databases, middleware, line-of-business applications, and more."
  • Dark Reading, March 2010
    "ERPM continuously discovers, secures, and grants fully audited, role-based administrative access to physical and virtual IT assets within the cloud infrastructure."
  • ebizQ, March 2010
    ERPM Helps Cloud Service Providers and Large Enterprises Manage and Secure Privileged Identities
  • Global Security Magazine, March 2010
    "ERPM adds the capability for cloud service providers to delegate different levels of privileged access, audit and compliance reporting to end-customers."

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. If you do not wish to receive email messages from Lieberman Software in the future, please click here.