Lieberman Software
PRIVILEGED IDENTITY MANAGEMENT NEWS LINE
  Follow us on Twitter  Follow us on LinkedIn  Blog  Lieberman Software on YouTube  Google Plus
November-December 2013       

Top of Mind

Evolution of the Cloud as a Security Platform

Philip Lieberman, President & CEO, Lieberman Software

With the CSA 2013 Congress taking place this week I thought it would be a great time to update our latest private/public cloud development work to make your privileged identity management (PIM) implementation easier, faster and even less expensive.

The cloud has always held the potential of being a cost effective and elastic computing resource for a wide variety of customers. With the cloud’s evolution in the public space, providers of cloud computing resources have become part of the United States critical national infrastructure. 

As cloud vendors have become recognized as mission critical to the nation, there has been an interesting evolution into becoming not only security competent platforms, but one in which the security resources available for defense can now achieve competence above even the largest corporate entities. These competencies have been achieved by repeated cooperation among critical national infrastructure vendors, but also in cooperation with the government in order to provide coordinated responses against daily threats. In effect, we now see an environment where an attack on one critical national resource is seen as a potential attack on all, and all members react as such with the cooperation of the government to assure national interests are covered.

Moving outside of the political and government aspects of this new reality, we now view platforms such as Microsoft Azure and others as suitable platforms for our security solutions due to both operational and technical improvements.

Elastic Clouds

A few years ago I saw a great keynote demo by Microsoft on how Hyper-V virtual machines could be rerouted between different sets of hardware/hosts as well as between different data centers without the loss of data or even loss of service. I have also seen this same capability demonstrated by VMWare in their environment too. We implemented this same architecture within our own data centers to run our workloads and as a way of exploiting generic hardware + high performance SAN to achieve scale and flexibility. In general we have seen the benefits of hypervisor mobility and have achieved great results so far.

One big game changer we now see in the marketplace is the advancement of systems management platforms such as Microsoft System Center 2012 to not only monitor and manage virtual workloads in a private hypervisor environment, but also to extend this ability to move workloads to and from cloud providers such as Azure.

Price and Deployment Benefits

We have always been agnostic as to what platforms we manage and run on. This policy meant that we ran on both physical hardware as well as in a partial or fully virtual machine environment. In all cases, the choice has always been up to the customer to deploy our solution on a variety of different systems. 

We have eschewed providing proprietary hardware appliances with embedded versions of operating systems and databases. We have always thought that given the sensitivity of privileged identity management, you should be able to own and understand the hardware and software you were running.  Having an open and non-proprietary architecture means that you can deploy an appropriate physical and logical distribution of our software that is suitable for your geography and security needs as well as budget. 

The economics of customers supplying hardware and underlying software has been working great since the inception of our company since many of our customers also have direct agreements with companies such as Microsoft and Oracle to obtain their core operating system and database software.

With the migration of Microsoft to become a product, cloud and services business, we have seen two changes that have been both good and bad. Prices for many of their on-premises products have gone up, while the same or equivalent products running in their cloud are now effectively free of perpetual license costs.

An Opportunity

With this change in strategy by Microsoft we decided to try out hosting our solutions in Azure to see how well they work and to test the performance in the cloud. As part of the latest release of Enterprise Random Password Manager (ERPM) 4.83.7 (public release) we made a series of technological improvements to support Azure. This includes support for a wide variety of different database provider drivers including ODBC and also the support of native drivers with support for automatic failover.

This development work in ERPM meant that we could exploit Azure’s geographical distribution of hosts and databases, as well as use our zone processor architecture to minimize the effects of latency between the Microsoft data centers and on-premises hosts. We also tested out and confirmed that the Azure VPN system could provide secure point-to-point connectivity between customer instances in Azure and their data centers.

As part of our development work we also created PowerShell scripts that create an entire ERPM environment within Azure in just a few minutes. Via the Azure control panel you can distribute the components of ERPM in just minutes everywhere in the world where there are Azure data centers. These components can operate in tandem with your existing ERPM installations that may already be in place.

Pricing

The interesting part of this new model is that there are no license costs for instances of Windows Server 2012 or SQL Server in Azure, and many of our existing partners and customers have entitlements for Azure already included in their MSDN and EA/SA agreements, so bringing up ERPM or expanding it in Azure can be done quickly and with minimal capital expense for Microsoft licenses.

About Us

We still continue to offer our products licensed and delivered as we always have. The only thing different now is that you can choose where you want to host different parts of our product as well as how you want to consume Microsoft licenses that underpin different parts of our product. If you are using System Center 2012, you can now move our VMs from on-premises to the cloud (public and/or private) and any mixture you wish.

The only difference is that we are supporting all of the different deployment strategies as part of your existing support agreements at no additional cost.

If you are considering Azure as a cloud platform, the Microsoft side has agreed to assist us with your deployment via direct cooperation with the worldwide Microsoft team. If you have entitlements to Azure that you have not used, why not try out PIM in a proof of concept (POC) or even use it for training? 

For many customers and partners, they have a certain free per-month entitlement in Azure that will do a great job running both the data and ERPM components (console, database, web services) with little additional cost especially if you are only doing testing.

Next Steps

If you would be interested in playing around with PIM in the cloud using Azure as the hosting environment, we can set you up with one of our systems engineers equipped with a simple PowerShell script and your entitlement code and have you running in less than an hour.

If you are interested, please send an email to support@liebsoft.com and mention Azure Demo. Or, you can contact your local Microsoft team that handles your Azure/enterprise licenses and we will coordinate with them (they can also send a request to support@liebsoft.com).

CSA Congress 2013 – Orlando, FL

If you are attending the CSA Congress this year in Orlando, don’t forget to attend our plenary talk about making the cloud resilient against nation-state attacks. Microsoft will be doing the plenary talk on day 1 and I will be doing the talk on day 2 – Thursday, December 5th at 9:15am, “Plenary Address: Identity Security Automation to Stay Ahead of Nation State Attacks.”

What do you think? Email me at: Phil@liebsoft.com. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • Ethics of Nation State Malware. This week it was revealed that British spy agency GCHQ has been accused of using fake LinkedIn profiles injected with malware to compromise the security of Belgium’s national telecoms operator Belgacom. The news stirred the debate around the moral principles of nation state malware and its implications for consumers...

Events / Press / Analysts
  • A look at IT security health checks. Help Net Security. Over the past few days, one thing got my attention which I think in many ways sums up the state of our industry. While on a shopping trip with my wife, she noticed a billboard from a certain health insurance organization with the slogan, “Our focus is health, not shareholders.”
  • The Road To Hell. Information Security Buzz. The past several months have been an unending nightmare for the US government and its allies, as one disclosure after another has caused unimaginable damage to relationships, and has potentially compromised Western security to an extent that we cannot even begin to imagine.
  • Lieberman Software And Securonix Partner To Identify Insider Threats. Dark Reading. This innovative joint integration enables the Securonix Security Intelligence Platform to consume Lieberman Software's award-winning Enterprise Random Password Manager (ERPM) Privileged Identity Management (PIM) events in real-time for automated detection of anomalous user or account behavior, as well as advanced privileged identity analytics. 
  • Modeling Users And Monitoring Credentials Prevents Breaches. Dark Reading. Legitimate user credentials are the digital lifeblood of attackers looking to compromise a network. With valid credentials, attackers can infiltrate a target network, elevate their privileges to gain access to more sensitive data, and take control of critical systems.
  • Analysis: Enterprise password management tools have room to improve. SearchSecurity. While we all have too many passwords to deal with, few of us have the proper tools for promoting better password hygiene in our day-to-day working lives. Despite the variety of consumer-oriented products available, finding an enterprise password management product or tool can be quite difficult.
  • Is the Battle for Network Security a Lost Cause? CIO Insight. As if the sheer number of malware samples roaming the world isn’t enough to keep CIOs up at night, a new study from software security firm Lieberman Software has revealed that increasingly sophisticated hackers, coupled with state-sponsored hacking, have thrust most organizations' ability to protect themselves into a state of near-impossibility. 

Tech Tip of the Month

Got Russian?

ERPM and RPM scale to global networks by providing native support for more than 23 languages through full translation of the application's web interface. We are currently in the process of adding Greek as well. Your authorized IT staff anywhere in the world can benefit from fast password checkout, intuitive workflows and easy enterprise reporting in the language of their choice.
Here's how.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.

Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
                 www.Liebsoft.com    |    (01) 310-550-8575  |   newsletter@liebsoft.com