Privileged Identity Implementations Fail
Lieberman, President & CEO, Lieberman
Over the last few years we are starting to
see customers coming to us both dissatisfied and angry with their
initial purchase of a privileged identity management solution provided
by some of our competitors.
The most common complaints are that the solution they purchased does
not scale up, fails to complete changes reliably, misses many of their
systems, increases head count, and/or simply did not perform as
promised. The other most common complaint is the fact that their
privileged identity project is now on its second (or more) year of
implementation and it still is not fully deployed.
As customers eventually come to realize, the purchase and
implementation of a privileged identity management system is a complex
business critical decision that should not be delegated to an RFP or
shoot out conducted by the purchasing department.
Unfortunately, many companies start out with an RFP spreadsheet from an
analyst, add some customizations, count up the number of check boxes,
check for the lowest price, easiest installation and slickest brochures
and figure they are done. How could the project fail when the company
purchasing the solution simply followed the advice of analysts and the
The Simple Truth
The simple truth is this: privileged identity solutions are not a
generic purchase, nor should they be purchased based on price or the
size of the features list. Consequently, they are wholly
inappropriate for an RFP or RFI process. Due diligence, extensive
research, and proof of concepts are absolutely essential.
The differences in the technologies used for privileged identity
management solutions are vast and in many cases, not even comparable. A
bicycle and a racing motorcycle both have two wheels and take you from
point A to point B, but for those that don’t care to ask the right
questions, they provide considerably different rides.
Don’t Trust the Analysts
The regrettable truth is some of our competitor’s solutions are
extraordinarily labor intense to install and run, generally
non-scalable, highly proprietary and are sourced from off-shore VC
financed firms. Analyst firms that prepare RFP templates for these
solutions are loathe to point out the serious shortcomings of these
companies (and their products) to their corporate accounts in this
field because the analysts and their firms receive rich yearly fees for
trade shows, consulting and webinar co-presentations for these same
Case in point: during the creation of a recent analyst report on
privileged identity management, we pointed out to the analyst preparing
the report that he completely neglected to cover the expected
implementation time, scalability and total cost of operation from both
an initial implementation point of view as well as from the ongoing
cost of operating the solution. Even issues such as whether
professional services are required, high upgrade fees, inability for
customers to upgrade themselves, and disadvantageous licensing details
were left off the analyst report because of the devastating effect it
would have on the revenue his firm derives from our competitors. When
asked why he neglected to provide these critical details, his only
response was that these were not factors he wanted to consider at this
point (you draw your own conclusions).
Management Solutions Require More than an Appliance Delivery
Here is a scenario that is guaranteed to go wrong: a company needing to
remediate their handling of privileged accounts states that they will
only purchase the lowest cost solution that can be delivered on an
appliance and demands a money-back guarantee. And, this same company
has 30 years of legacy systems that must be managed by the appliance,
little to no segregation of duties, roles or groups, no consistency in
the management of their security configurations, and repeated security
breaches to overcome that have already cost the organization vast
amounts of money and loss of reputation. Finally, they expect a 30-75
page spreadsheet to be filled out by all of the vendors in less than
two weeks with extensive diagrams and illustrations. The winner will be
the vendor with the least cost and slickest presentation. There will be
no technical or architectural discussions, nor will audit findings or
business needs be discussed. We see these types of RFPs and RFIs
bimonthly on average.
How the Process Should Work
You would not go to the cheapest surgeon, nor would you expect him to
prescribe a therapy without getting your medical history and running
some tests. The same protocols hold true of implementing a privileged
identity management system.
The decision of which solution to select and how it is to be
implemented requires an honest dialog with all of the stakeholders
including the CSO, CIO, IT administrators, and anyone involved in the
management of sensitive accounts. The most important stakeholders are
those that suffer the damage should the solution take too long to
implement, or if it provides incomplete coverage.
The cost of the solution is generally not a significant factor. The
core requirement is the ability to rapidly remediate auditor findings
and provide continuous proof that fundamental security controls exist
and are continuously operating with respect to privileged identity
What do you think? Email me at: firstname.lastname@example.org
Tip of the Month
Managing the Local
Managing remote systems
is difficult enough. But when the local domain controller becomes
unavailable, IT administrators are presented with a whole set of new
problems. Fortunately, Service Account Manager offers a local logon
cache feature which ensures uninterrupted authentication during system
startup. Here’s how.
Avenue of the Stars,
Angeles, CA 90067
New in Identity Week
We have launched a blog!
Check out our Identity Week blog for topical
tips, news and opinion on the latest CyberSecurity issues. Featured
commentary this month includes:
Survey, Weak Solution: Last week a software vendor published survey
data stating that over 40% of IT staff abuse administrative passwords
to access sensitive information that’s not relevant to their jobs...
have expanded our Channel Partner Program! Below are the new partners
we brought on board this month:
Solutions has been appointed a select partner in our Partner
Program. Nanjgel will market, sell, and support the entire Lieberman
Software product line throughout the United Arab Emirates, Qatar, Saudi
Arabia, Oman and Bahrain.
information on all our reseller partners, please visit our partners
- PRIOLAN GmbH. PRIOLAN will market, sell, and support
the Lieberman Software product line in the following countries: Austria, Croatia,
Launches / Podcasts
PRODUCT RELEASE! We are pleased to announce the release of Enterprise Random
Password Manager (ERPM) version 4.83. This is a
recommended upgrade for users of previous versions of ERPM. This new
features and updates included in Enterprise Random Password Manager
4.83 can be found on the product
revision history page.
- Out of the box BMC Remedy help desk
ticketing system integration – eliminating the need to perform
- Java SDK inclusion – providing
application-to-application and application-to-database and local cached
credentials to non-Microsoft systems
- Additional out of the box device support
– includes Cisco ASA, Cisco ACE, Cisco Nexus, Juniper, HP, and other
answer files (this support is documented in the upgraded user’s guide
If you are currently
under a Software Maintenance Agreement, this upgrade is available to
you at no charge.
Events / Press /
10 Cloud Computing Complaints. InformationWeek. Leading
industry experts respond to gripes that IT professionals have about the
security, cost, and portability of cloud computing in the enterprise.
iPad Breaches Are About App Security, Not Mobile Devices, Experts Say.
Dark Reading. "In the
recent case of AT&T and Apple, their incompetence at building
scalable and secure infrastructures -- or the incompetence of the
vendors who built their systems -- is on display for the whole world to
see," said Phil Lieberman, CEO of Lieberman Software.