Privileged Identity Management News Line January 2013

Top of Mind

Thank You

Philip Lieberman, President & CEO
Lieberman Software

With so much going on in both your world and ours, we rarely have the opportunity to say thank you to our clients as well as to those on our staff that provide great service and amazing products all year. Thank You!

What’s New in 2013?

Over the last quarter of 2012 we started some very interesting development projects to extend the functionality of our privileged identity management products. In this month’s Top of Mind column, I would like to share some of the exciting new features coming out in the next version of E/RPM. We are expecting this version to be released in the March/April 2013 timeframe.

Double Safekeeping / Four Eyes Release

As part of BASEL II, many organizations are now being required to store and retrieve secrets in multiple parts so that no single person maintains certain key secrets alone. The idea is that to unlock something or gain access to something, two (or more) parties must be physically present to provide their part of a secret such as a password. Double safekeeping is similar to the “two-man rule” used for missile launches.

In our new implementation, you can break up both static (you upload them) and dynamic (random and automatically generated) passwords in as many different parts as you wish. Each part or segment is assigned to a group (or user) that is given access to that part for uploading/downloading/retrieving their part at the appropriate time. The idea is that no normal individual would belong to a group that would give them more than one part of the password. In practice, a manager may own one part of the password and an IT staff member may be able to obtain their part; together both parties have the whole password and neither discloses their part to the other.

The nice thing about our implementation is that all of the delegation and splitting/assembly of passwords is automatic and can be configured on an account-by-account basis for all types of passwords. The other great part is that you can decide which credentials you want to split in this fashion, into as many parts as you wish. All of the recovery steps by each participant are fully audited automatically.

Password Check-Out to a Group

Normally, credentials are checked-out to one and only one user so that you have attribution of usage to a specific person. In the case where another person needs to check out a password that is already checked-out, the first person must first check-in the password.

One of our customers had the situation where groups of persons needed access to not one, but a set of credentials at the same time without the requirement to change the password every time the password was disclosed to another person.

To support simultaneous access of passwords, we have implemented a new feature that allows a user to optionally delegate access to their checked-out password to any group they are a member of at the time of password check-out (password disclosure point). When a user of a just delegated group tries to check-out a credential that was previously checked-out, they receive the same password previously disclosed to the original requester without the need to change the password. If any user or group delegated access to the password checks-in that password, it checks it in for everyone and it gets changed automatically (or after a time-out of disclosure, it gets changed automatically).

Other Great New Features

The next version of E/RPM has integrations for some new and existing partners. For those using McAfee ePO, we have completed a new integration that allows you to check-out credentials for systems you see in the ePO interface. We are currently waiting for the completion of official certification by McAfee for this integration.

For those using the Qualys QualysGuard product line, we are in the process of completing an integration with Qualys that allows their appliances to retrieve access credentials for systems and databases needing administrative access. We have completed our part of the integration and are awaiting the release of the next version of the Qualys software which incorporates support for our product.

If you are using ServiceNow as your trouble ticket system, we have completed a comprehensive integration with their service. The integration not only allows trouble ticket verification of state, owner and ID number, but also annotates tickets with credential check-outs. As is typical of our third-party integrations, adding support for ServiceNow will take less than 5 minutes to complete, and you can do it yourself; as you have come to expect, it is fully documented and non-proprietary.

When Are These Available?

All of the above features and enhancements are available today for beta testing (except Qualys, since they need to release a new version to support our software; and McAfee does not allow uncertified solutions to be touched by customers). If you want to try these new features out in your environment or via one of our hosted test environments, contact our support department (support@liebsoft.com) and they can arrange to get you a beta copy of the next version of E/RPM.

Is There More?

The above is just a tiny subset of the new features for the next version of E/RPM. Our development team has been working non-stop since the last release to produce a new version that will amaze you and further confirm what you have heard from us: your purchase is not an expense, but an investment in the future.

What do you think? Email me at: Phil@liebsoft.com. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.

Events / Press / Analysts

Cyber Security Symposium 2013. February 22, 2013. Washington D.C. Lieberman Software will be a Platinum Sponsor at this AFCEA event. Join us!

RSA Conference 2013. February 25 - March 1, 2013. San Francisco, CA. Visit us in Booth 633.

Lieberman Software Selects Accumuli Security as European Partner. Yahoo Finance. Lieberman Software Corporation has partnered with Accumuli Security to provide its fully automated privileged identity management products to the European market. The partnership has already resulted in the successful implementation of Lieberman Software’s Enterprise Random Password Manager™ (ERPM) into a large grocery retailer in the UK.

G-Cloud scheme brings public sector IT security concerns. ProSecurityZone. Welcoming news that suppliers have now been invited to apply for the right to be listed in the G-Cloud catalogue the Government has developed for its IT services procurement plans, Lieberman Software has warned public sector bodies about the need to rethink their security strategies before starting to store their data in a cloud computing environment.

Cloud Security: Attitudes Of The Experts. CRN. Lieberman Software has issued the results of a survey of IT professionals regarding their views of cloud services and security. The survey was conducted at the 2012 Cloud Security Alliance Congress in November. Roughly 70 percent of survey participants were from companies with more than 1,000 employees, and 50 percent had more than 5,000 employees. While most were willing to give the cloud credit for cost and ease-of-use, concerns about security abound.
Security Spotlight: Five common practices that lead to failed IT compliance audits and security breaches. ComputerWorld UK. Avoiding the auditor's trap is a strong motivator, but avoiding falling into a criminal's trap has got to be the ultimate goal.

IT Managers Reject Cloud for Their Own Use, Mixed for Work. Accounting Technology. IT managers still have some mixed feelings about the cloud, according to a recent survey from Lieberman Software Corporation 51 percent of respondents indicated they don’t trust the cloud for any of their personal data while 91 percent believe the move to cloud services has been more convenient for their organization’s in-house IT team.

Most IT pros do not trust cloud services with sensitive data. Computer Weekly. Just over half of IT professionals who focus on cloud computing do not trust cloud services for any of their personal data, a survey has revealed.

The cloud is loved, but not trusted. Infosecurity. 'Do as I say, not as I do' seems to be the attitude toward the cloud held by security professionals – it’s good enough for company data, but not our own data.

Mobile Biometrics: The Next Phase of Enterprise Authentication? Network Computing. Smartphones and tablets have the potential to become powerful platforms for enterprise authentication. By combining biometric capabilities such as a fingerprint reader or voice recognition software with mobile devices that users carry with them all the time, enterprises may be able to roll out two-factor authentication as part of an identity and access management (IAM) infrastructure.

Identity management flaws lead to Swiss attack. Pro Security Zone. A cyber attack on the national security agency of Switzerland has been put down to poor control over identity and access management.

Tech Tip of the Month

Easily Manage COM+, MTS and DCOM Components Across Multiple Machines

COM+ Manager administers web farm and server farm transaction components – including COM+, MTS, and DCOM – on a mass basis through a single display.

These components are responsible for your company's website, online transactions and line of business functions. They run as privileged accounts that must be changed frequently. Here's how.