Things That Make Me Crazy...
Lieberman President & CEO
HAPPY NEW YEAR!
I wanted to start out the new year talking about a few of the things
me crazy... when it comes to information security (or a lack
Almost every week we run into security scenarios that
make me slap my head in disbelief. Everything from companies
putting all of their administrator passwords onto a spreadsheet and
then sharing it on a publicly visible share, to companies buying
competitive solutions that are appliance-based with the clear intention
of never implementing the solution. In the latter case, the only goal
to point to the
device when the auditors come back to show them that some sort of
action has been taken since they failed their IT audit.
We see companies that don't change their passwords, have no controls,
are fined by regulators regularly, and consider it harder to spend
money and time to fix their problems, than to pay the fines. Apparently
it is easier to pay the money as fines than it is to fix their
One scenario we saw was the selection of a competitor's product and our
postmortem discussion with the IT manager where we were told
that the CIO selected the other solution sight unseen based on an
analyst recommendation. The IT management staff knew it would
never work, but the IT manager who made the purchase would be leaving
before the revelation of incompetence of the company's purchase became
From the point of view of security in general, from both insider
threats as well as national security incidents, the one common theme
I see is that most intrusions and compromises are found by
accident, and usually because the attacker becomes both bold and
unrestrained in behavior and arrogance. Unfortunately, the
damage is usually done and only then do the money and resources flow to
solve the problem. Even then, the half-life of attention seems to
last only weeks before security once again drops down into the noise
level and its funding is cut. Sigh.
What things make you crazy? Email me at: firstname.lastname@example.org.
Tip of the Month
Managing AT Tasks
Task Scheduler Pro is
a handy tool for IT administrators who need to manage Windows tasks
across all of their systems as a set. But did you know that it’s also
one of the only ways to create and run new AT tasks?
New in Identity Week
commentary on our Identity Week blog this month includes:
Breaches In Depth
Want to know what’s really happening in the world of data security?
Download the up-to-the-minute Data Loss Database from the Open Security
Foundation (free registration required)...
Security – What You Don’t Know Can Hurt You
I thought it would be a good time to share some of the more frequent
cloud security questions I receive, and my thoughts on the ever
evolving relationship between the cloud and security/compliance
Global Solutions provides Lieberman Software's security products to the
Federal Government: Lieberman
Software solutions have been added to Heritage's GSA schedule.
Events / Press /
Conference. February 14-17,
2011. San Francisco, CA. Stop
by our booth: # 529.
18-20, 2011. Orlando, FL. Visit us at Booth 308. Get 10% off
your registration by using the code OS11/VDIS
- Is anyone in
control of cloud security? Help
Net Security. There are those who argue that the age of cloud
computing is merely in the minds of the more far-sighted IT
visionaries. I have even met those whose businesses are indifferent to
the cloud. This indifference may cost them dearly – and soon.
Is About Compliance, Not Trust. Virtual Strategy Magazine. The
word “trust” appears in the tagline for a great many security products
and services. But in the business world what we often tout as trust
simply boils down to an acceptance of risk and the expectation that we
can transfer liability to other parties should that trust be broken.
The Threat Of Negligent Insiders. eWeek Europe. According
to many security experts, the most prevalent IT security threat arises
from negligent insiders. Malicious hackers prey upon enterprise
much access? Privileged Identity Management to the rescue. CSO
Magazine. "Compliance is the big issue for us," says an
information security analyst for a large federal credit union that uses
Lieberman Software. "We had open audit issues associated with service
accounts, passwords that hadn't been changed since dirt was clean."
e-mail makes Swiss bank lose millions? Help Net Security. Reports
that a rogue e-mail generated by a Swiss bank employee has cost the
organization around £6.2 million in lost business highlights the
problem of data leakages caused by email errors, says Lieberman
Identity Management For Dell Servers. Darkreading. "Lieberman Software is the first member
of the Dell PartnerDirect ISV Program to be certified for managing the
privileged identities that control access to DRAC devices," said Kevin
Noreen, Senior Product Manager for Systems Management, Dell Enterprise