Lieberman Software

    Follow us on Twitter  Follow us on LinkedIn  Blog  Lieberman Software on YouTube                                                                                                                                                               November 2011

Top of Mind

How Do You Handle Password Spreadsheets?

Philip  Lieberman, President & CEO
Lieberman Software

We all know that the number one password management solution is the trusty sticky note. You write down your complex password on the sticky note, and then hide the note in a place you can find it (hopefully not on your monitor).

The second most popular way to store commonly used credentials (such as root, administrator, sa, etc.) is to put them all on a spreadsheet and then share that spreadsheet with those that need access to the credentials on the spreadsheet. For better security, some companies create different spreadsheets for different parts of the organization.

Why Do Auditors Hate Password Spreadsheets?

Spreadsheets drive your auditors crazy because there is no way to know who has seen the passwords on the spreadsheets, when they saw the info, nor is there generally any way to control access to part of a spreadsheet, much less track when/if passwords get changed.

Why Support Password Spreadsheets If We Have Full Password Automation?

Simple: not every company is ready or can afford to switch over from spreadsheets to a fully automated privileged identity management.

Many companies need to migrate off of publicly shared password spreadsheets, to something that is more secure, and then have a path to automation when they are finally ready. IT budgets, resources, and expertise may be limited, so the best solution is to migrate the spreadsheets to a secure solution to meet minimum regulatory requirements, then move up to an automated solution later.

Password Spreadsheet Manager

At the Gartner Identity and Access Management Summit on 14 September 2011, we announced a new product offering known as Password Spreadsheet Manager (PSM).

PSM allows you to seamlessly import your spreadsheets in minutes to a safe, secure and encrypted database (Microsoft SQL Server or Oracle 11g) that provides easy web based audited and delegated access to the rows in your formerly shared spreadsheets.

How is Password Spreadsheet Manager Different From Competitor’s Products?

Our objective was not to create another “secure” file vault - these suffer from the same flaws as a shared spreadsheet: lack of detailed spreadsheet row level tracking. Without detailed row-level tracking, the solutions from competitors provide little improvement over spreadsheets kept on Microsoft SharePoint.

PSM’s Objective: take the insecure and prevalent methodology of shared password spreadsheets and convert it into a row-level secure and auditable shared database with all of the scalability, security, and broad systems integrations you would expect from an enterprise quality application.

PSM provides all of the things you need for security such as workflow approvals, multi-factor authentication, role-based authorizations, and integrations to trouble ticket systems, loggers, and SIEM systems. This product also integrates with the products of our privileged user management (PUM) and session monitoring partners including: FoxT, Balabit, ObserveIT, and Viewfinity.

A Path To The Future

Converting from insecure password spreadsheets to PSM allows you to quickly provide secure access and management to shared credentials. Depending on your industry, it may be necessary to regularly change credentials, as well as immediately after disclosure or employee turnover. With PSM, the password changes must be done manually as required using either labor or scripts.

When a customer wishes to automate the local password change process after disclosure, PSM can be upgraded to our Random Password Manager product. If you have the more complex scenario of changing not only credentials, but also where they are also used in the middleware/application stack, you can upgrade to our flagship privileged identity management product: Enterprise Random Password Manager.

What do you think? Email me at: You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.

Tech Tip of the Month

Take Control of Your Windows Systems

Learn how to execute mass changes to security settings on thousands of Windows systems simultaneously in a single operation without scripts. Get configuration and security reports on all Windows machines on the network in minutes using User Manager Pro Suite. Here’s how.
  Follow us on Twitter!
What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • SIEM Tools Have Blindspots! Guest Commentary by Brad Young, VP Marketing, ObserveIT. The various Log Management and SIEM tools available today have matured to a point that they can provide effective reports and correlation analysis for just about any activity that appears in the system logs we get via Applications, Databases, OS and  Configuration Management)...
  • Hackerazzis and the Risks of Free Email Systems. This week’s Los Angeles Times story about a hacker being indicted for allegedly breaking into the email accounts of several celebrities is interesting because most of the victimized celebrities were apparently using Apple as their email provider. Other free, consumer grade email systems from Google and Yahoo were also involved...

Partner News

Balabit Integration Partnership

Lieberman Software's Enterprise Random Password Manager (ERPM) has been integrated with Balabit's Shell Control Box (SCB). SCB is an activity monitoring appliance that controls access to remote servers, virtual desktops, or networking devices, and records the activities of the users accessing these systems.

With this integration, it is possible to restrict users based on their actual activity or on the type of access (like file-transfer, command execution, etc.). Furthermore it is possible to record and track the details of these accesses besides recording the fact and the time-frame of the access. Without these detailed recordings, it is very hard to answer the “who did what?” question. Click here for more information.

Viewfinity Integration Partnership

Lieberman Software has integrated its privileged identity management solutions with Viewfinity's Privilege Management product. Viewfinity Privilege Management offers IT Administrators flexible control over the types of applications and privileges allowed. Through the use of automated policy settings, corporate mandates can be managed for multiple dimensions of configurable, logical groupings: departments, applications, end users, connectivity status, time of day and more. Viewfinity's features: Elevate Privileges, Policy Management, Block Application/Whitelisting, Activity Auditing, Policy Auditing, and Support for FDCC, SOX, PCI Compliance and other desktop-level control procedures.

Joint customers benefit from a complete, integrated solution for securing, managing and tracking all privileged and administrative activities. Lieberman Software provides privileged identity management while Viewfinity delivers privileged user management. Click here for more information.

Events / Press / Analysts
  • Common Access Card. Enterprise Random Password Manager (ERPM) supports multi-factor authentication through the Common Access Card (CAC). Leading regulatory mandates – including the Consensus Audit Guidelines (CAG) and others – require use of multi-factor authentication for accessing highly privileged accounts.

  • Tech Insight: Managing Privileged Accounts. Dark Reading. Strategies for identifying, managing, and auditing privileged accounts.

  • Lieberman Software says chemical company hacker attacks could have been prevented. bobsguide. Commenting on reports from Symantec that hackers targeted nearly 30 companies in the chemical industry this summer with the intent of stealing sensitive IP (intellectual property), Lieberman Software says that this latest cyber crime wave cries out for privileged identity management technology.
  • GSN 2011 Awards Countdown: Hot contest in ‘privileged access management’ category. Government Security News. No fewer than six finalists have been named in the IT Security category called “Best Privileged Access Management Solution,” and the winner will be identified at GSN’s homeland security awards dinner in Washington, DC, on November 14.

  • Should you share breach information? Network World. When companies suffer a security breach today they face that core dilemma: Tell the world and hope the honesty helps others, or keep it under wraps to avoid tarnishing the brand and duck possible lawsuits? One thing is clear from the arguments below: It is time for the government to take the guesswork out of the equation.
  • Are Your IT Pros Abusing Admin Passwords? InformationWeek. One in four IT professionals know of a coworker who has used privileged credentials to snoop. Worse, 25% of superuser passwords don't pass basic security test.
  • Password Misuse Could Be Root Cause of Hacking Spike. IT Business Edge. In 2011, Lieberman Software surveyed more than 300 IT professionals for their insights into password practices and security outcomes. Portions of the survey focused on the numbers of passwords in use, sharing of privileged passwords, organizational security and other areas. The survey revealed that 48 percent of IT security professionals have worked for organizations whose network has been breached by a hacker. The results also paint a vivid picture of password chaos amongst IT staff and apathy about password security among senior management.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.
Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
           |    (01) 310-550-8575  |