President & CEO
With so much going on in both your world and ours, we rarely
have the opportunity to say thank you to our clients as well as to
those on our
staff that provide great service and amazing products all year. Thank
What’s New in 2013?
Over the last quarter of 2012 we started some very
interesting development projects to extend the functionality of our
identity management products. In this month’s Top of Mind column, I
to share some of the exciting new features coming out in the next
E/RPM. We are expecting this version to be released in the March/April
Double Safekeeping /
Four Eyes Release
As part of BASEL II, many organizations are now being
required to store and retrieve secrets in multiple parts so that no
person maintains certain key secrets alone. The idea is that to unlock
something or gain access to something, two (or more) parties must be
present to provide their part of a secret such as a password. Double
safekeeping is similar to the “two-man rule”
In our new implementation, you can break up both static (you
upload them) and dynamic (random and automatically generated) passwords
many different parts as you wish. Each part or segment is assigned to a
(or user) that is given access to that part for
their part at the appropriate time. The idea is that no normal
belong to a group that would give them more than one part of the
practice, a manager may own one part of the password and an IT staff
be able to obtain their part; together both parties have the whole
neither discloses their part to the other.
The nice thing about our implementation is that all of the
delegation and splitting/assembly of passwords is automatic and can be
configured on an account-by-account basis for all types of passwords.
great part is that you can decide which credentials you want to split
fashion, into as many parts as you wish. All of the recovery steps by
participant are fully audited automatically.
Password Check-Out to
Normally, credentials are checked-out to one and only one
user so that you have attribution of usage to a specific person. In the
where another person needs to check out a password that is already
the first person must first check-in the password.
One of our customers had the situation where groups of
persons needed access to not one, but a set of credentials at the same
without the requirement to change the password every time the password
disclosed to another person.
To support simultaneous access of passwords, we have
implemented a new feature that allows a user to optionally delegate
their checked-out password to any group they are a member of at the
password check-out (password disclosure point). When a user of a just
group tries to check-out a credential that was previously checked-out,
receive the same password previously disclosed to the original
without the need to change the password. If any user or group delegated
to the password checks-in that password, it checks it in for everyone
gets changed automatically (or after a time-out of disclosure, it gets
Other Great New
The next version of E/RPM has integrations for some new and
existing partners. For those using McAfee
we have completed a new integration that allows you to check-out
for systems you see in the ePO interface. We are currently waiting for
completion of official certification by McAfee for this integration.
For those using the Qualys
QualysGuard product line, we are in the process of completing an
with Qualys that allows their appliances to retrieve access credentials
systems and databases needing administrative access. We have completed
of the integration and are awaiting the release of the next version of
Qualys software which incorporates support for our product.
If you are using ServiceNow
as your trouble ticket system, we have completed a comprehensive
with their service. The integration not only allows trouble ticket
of state, owner and ID number, but also annotates tickets with
check-outs. As is typical of our third-party integrations, adding
ServiceNow will take less than 5 minutes to complete, and you can do it
yourself; as you have come to expect, it is fully documented and
When Are These Available?
All of the above features and enhancements are available
today for beta testing (except Qualys, since they need to release a new
to support our software; and McAfee does not allow uncertified
solutions to be
touched by customers). If you want to try these new features out in
environment or via one of our hosted test environments, contact our
they can arrange to get you a beta copy of the next version of E/RPM.
Is There More?
The above is just a tiny subset of the new features for the
next version of E/RPM. Our development team has been working non-stop
last release to produce a new version that will amaze you and further
what you have heard from us: your purchase is not an expense, but an
in the future.
you think? Email me at: Phil@liebsoft.com.
You can also follow me on Twitter: @liebsoft
or connect with me via LinkedIn.