Enterprise Random Password Manager (ERPM) and Random Password Manager (RPM) from Lieberman Software offer hardware-based encryption through integration with Thales nShield dedicated hardware security modules (HSMs), part of the nCipher product line.
This integration allows credentials managed by these products to be encrypted. The encryption keys are protected by a tamper-resistant hardware device and never exposed to the computer itself, enabling them to be more effectively managed and safely stored. Lieberman Software was the first commercial ISV to utilize HSM technology as a method for securing sensitive password data in a commercial off-the-shelf application.
The partnership with Thales provides Lieberman Software customers with the most secure method possible for storing local passwords utilized by every system in the enterprise. Given that the security of sensitive passwords is integral to the continued operation of an organization, the inclusion of an HSM option in these products is a significant security enhancement.
Hardware-Based Encryption of Privileged Passwords
Hardware based encryption key management is an industry best practice because it overcomes the inherent security weakness of using and managing keys in software. Thales nShield HSMs provide ERPM and RPM with a secure key management and encryption subsystem that is independently validated to FIPS 140-2 levels 2 and 3 and Common Criteria EAL 4+. This is a de-facto security benchmark for cryptographic processing and a mandatory requirement for many organizations.
The integration of Thales nShield HSMs with ERPM and RPM provides a tangible security benefit. Encryption is rapidly becoming a mainstream security tool and the use of it in the context of password management is an example of how it can protect critical assets. Privileged passwords and other high value account credentials are increasingly identified as a point of risk that requires management attention.
HSM technology has been utilized for years in the government, military, and intelligence industries to protect against the security flaws of conventional encryption software. Even when keys are encrypted, software debuggers can locate and access the decryption key, allowing critical data to be compromised. With an HSM, there is no record of keys stored in memory. Instead the keys are stored in a secure device, physically inside of a computer.
For Lieberman Software customers this means that the local administrator and root passwords generated by ERPM and RPM can be securely stored and protected against unauthorized access. Both products can interface with any HSM developed by commercial third-parties or the intelligence community when a PKCS#11 interface library is provided.
For more information on how Lieberman Software's HSM integration can help protect your enterprise, contact an account manager.