|Promises of the Cloud: A Dose of Karma
Lieberman, CEO Lieberman
Over the last few weeks we have been reading about Google and the
security (or lack thereof) of cloud computing. The current
circumstances of Google lend credence to the existence of karma for
their arrogance, greed and hollow statements of “do no evil”.
Most Cloud Vendors are
Secure... More or Less
We have been working with large ISPs and cloud vendors since the 1990’s
and have found them to be generally highly ethical and very secure.
ISPs do operate in a siege mentality environment where they are
attacked each and every day 7/24 from every corner of the world and are
beset with demands from every corner including trade groups, attorneys,
government agencies and both sane and insane customers. Google is
unique in that they are virtually opaque to their customers and the
outside world (try finding their telephone number on their web site)
with respect to everything including their security. Their public
security policy appears to be “trust us”. As an exercise, try to find
out what security methodologies are being used by Google to protect
your sensitive data and try to gain access to their audit logs of
access to your data.
It was very surprising to see Google complain about being attacked by
criminal hackers (state sponsored or otherwise) given that this has
gone on for a long time to just about everyone on the Internet. This
situation is well known to just about any company that monitors their
firewall logs. For those with very high value assets (political and
financial), it is reasonable to expect government level internal
attacks to occur (both first-person human initiated and proxy malware
Here is a case study for our readers: take a look at which company
squats on our corporate name: “Lieberman Software” on Google and ask
yourself the question, is Google protecting our rights? (Their answer:
file a lawsuit in Federal Court if you want us to stop it.) Here is
another question: should you trust a potential vendor of security
solutions who squats on the good name of its competitors? Is it
competition, or is it a lack of ethics to attempt to siphon off search
engine traffic by claiming a relationship with the name of your
competitor on Google? What does it say about Google to allow
competitors to siphon off traffic as long as Google can make a buck
While I don’t condone the actions of those that are penetrating and
exploiting the security holes of Google (physical or logical), perhaps
this may be a wakeup call for Google. Opacity and obfuscation are not
what they should be looking for in a vendor (cloud or otherwise).
Security is all about transparency, trust, truth, competence and strong
technology. When it comes time to judge the vendors you use, look
at their actions rather than their tag lines. At least in life, karma
does override tag lines... ultimately.
Tip of the Month
Identify and Disable Stale Computer Accounts
Stale computer accounts likely exist in most large
organizations. But the existence of these accounts is not merely an IT
nuisance. Left unmanaged, these accounts are potential security threats
that can be exploited to gain unauthorized access into the network.
Fortunately, User Manager Pro Suite can remedy this risk... Learn how.
Avenue of the Stars
Angeles, CA 90067
- Lieberman signs agreement to distribute Oracle 11g with its
product: Enterprise Random Password Manager.
- We have
signed a new reseller partner
to support our US Government business - a certified Disabled Veteran
Business and National Minority Supplier: Heritage Global
- We have
been certified for integration with ArcSight and a press release with
more information is forthcoming. Bottom line: you can view all
Enterprise Random Password Manager and Random Password Manager
events from within ArcSight via our connector. Click here for
details on what it means to be ArcSight Certified Common Event Format
Launches / Podcasts
/ Press / Events
- Join us at the RSA Conference 2010!
March 1-5 at Moscone Center in San Franciso, CA. Stop by our booth #
- Computerworld, January 2010: Update:
Heartland breach shows why compliance is not enough. "The
Heartland incident showed in no uncertain manner that compliance with
standards such as PCI are meaningless unless there is a way of
monitoring that compliance on a continuous basis, said Philip
Lieberman, CEO of Lieberman Software, a Los Angeles-based vendor of
identity management products."
Centric Security, December 2009: Philip Lieberman discusses
cyber security threats and the challenges to resolving them in his
Legal Frameworks for CyberSecurity Change".
- Tek Tips, December 2009: Mismanaged Privileged
Accounts: A New Threat To Your Sensitive Data. "Once a single
computer is compromised, the intruders leapfrog from system to system,
compromising highly sensitive privileged accounts throughout the
organization until the infrastructure is mapped and its most valued
information can be extracted quickly enough to render conventional
- Dark Reading, December 2009: Enterprise Random
Password Manager integrates with all current and recent versions of
SharePoint Server. "SharePoint Server makes extensive use of
privileged accounts for its processes, and is an example of an
enterprise service that could benefit from Lieberman Software's
Enterprise Random Password Manager."