Lieberman Software

PRIVILEGED IDENTITY MANAGEMENT NEWS LINE
January 2010
Top of Mind
Promises of the Cloud: A Dose of Karma

Philip  Lieberman, CEO Lieberman Software

Over the last few weeks we have been reading about Google and the security (or lack thereof) of cloud computing. The current circumstances of Google lend credence to the existence of karma for their arrogance, greed and hollow statements of “do no evil”.

Most Cloud Vendors are Secure... More or Less

We have been working with large ISPs and cloud vendors since the 1990’s and have found them to be generally highly ethical and very secure. ISPs do operate in a siege mentality environment where they are attacked each and every day 7/24 from every corner of the world and are beset with demands from every corner including trade groups, attorneys, government agencies and both sane and insane customers. Google is unique in that they are virtually opaque to their customers and the outside world (try finding their telephone number on their web site) with respect to everything including their security. Their public security policy appears to be “trust us”. As an exercise, try to find out what security methodologies are being used by Google to protect your sensitive data and try to gain access to their audit logs of access to your data.

It was very surprising to see Google complain about being attacked by criminal hackers (state sponsored or otherwise) given that this has gone on for a long time to just about everyone on the Internet. This situation is well known to just about any company that monitors their firewall logs. For those with very high value assets (political and financial), it is reasonable to expect government level internal attacks to occur (both first-person human initiated and proxy malware attacks). 

Ethics Quiz

Here is a case study for our readers: take a look at which company squats on our corporate name: “Lieberman Software” on Google and ask yourself the question, is Google protecting our rights? (Their answer: file a lawsuit in Federal Court if you want us to stop it.) Here is another question: should you trust a potential vendor of security solutions who squats on the good name of its competitors? Is it competition, or is it a lack of ethics to attempt to siphon off search engine traffic by claiming a relationship with the name of your competitor on Google? What does it say about Google to allow competitors to siphon off traffic as long as Google can make a buck doing it?

While I don’t condone the actions of those that are penetrating and exploiting the security holes of Google (physical or logical), perhaps this may be a wakeup call for Google. Opacity and obfuscation are not what they should be looking for in a vendor (cloud or otherwise). Security is all about transparency, trust, truth, competence and strong technology.  When it comes time to judge the vendors you use, look at their actions rather than their tag lines. At least in life, karma does override tag lines... ultimately.
Tech Tip of the Month

Identify and Disable Stale Computer Accounts

Stale computer accounts likely exist in most large organizations. But the existence of these accounts is not merely an IT nuisance. Left unmanaged, these accounts are potential security threats that can be exploited to gain unauthorized access into the network. Fortunately, User Manager Pro Suite can remedy this risk...  Learn how.

Lieberman Software Corporation
1900 Avenue of the Stars
Suite 425
Los Angeles, CA  90067
Liebsoft.com

(01) 310-550-8575
newsletter@liebsoft.com
 
Partner News
  • Lieberman signs agreement to distribute Oracle 11g with its flagship product: Enterprise Random Password Manager.
  • We have signed a new reseller partner to support our US Government business - a certified Disabled Veteran Business and National Minority Supplier: Heritage Global Solutions, Inc.
  • We have been certified for integration with ArcSight and a press release with more information is forthcoming. Bottom line: you can view all Enterprise Random Password  Manager and Random Password Manager events from within ArcSight via our connector. Click  here for details on what it means to be ArcSight Certified Common Event Format (CEF) Compliant.
Product Updates / Launches / Podcasts
Analysts / Press / Events
  • Join us at the RSA Conference 2010! March 1-5 at Moscone Center in San Franciso, CA. Stop by our booth # 1033.
  • Computerworld, January 2010: Update: Heartland breach shows why compliance is not enough. "The Heartland incident showed in no uncertain manner that compliance with standards such as PCI are meaningless unless there is a way of monitoring that compliance on a continuous basis, said Philip Lieberman, CEO of Lieberman Software, a Los Angeles-based vendor of identity management products."
  • Network Centric Security, December 2009: Philip Lieberman discusses current cyber security threats and the challenges to resolving them in his article "Building Legal Frameworks for CyberSecurity Change".
  • Tek Tips, December 2009: Mismanaged Privileged Accounts: A New Threat To Your Sensitive Data. "Once a single computer is compromised, the intruders leapfrog from system to system, compromising highly sensitive privileged accounts throughout the organization until the infrastructure is mapped and its most valued information can be extracted quickly enough to render conventional safeguards powerless."
  • Dark Reading, December 2009: Enterprise Random Password Manager integrates with all current and recent versions of SharePoint Server. "SharePoint Server makes extensive use of privileged accounts for its processes, and is an example of an enterprise service that could benefit from Lieberman Software's Enterprise Random Password Manager."
Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy.