Lieberman Software

July 2010

Top of Mind
Why Privileged Identity Implementations Fail

Philip  Lieberman, President & CEO, Lieberman Software

Over the last few years we are starting to see customers coming to us both dissatisfied and angry with their initial purchase of a privileged identity management solution provided by some of our competitors.

The most common complaints are that the solution they purchased does not scale up, fails to complete changes reliably, misses many of their systems, increases head count, and/or simply did not perform as promised.  The other most common complaint is the fact that their privileged identity project is now on its second (or more) year of implementation and it still is not fully deployed.

As customers eventually come to realize, the purchase and implementation of a privileged identity management system is a complex business critical decision that should not be delegated to an RFP or shoot out conducted by the purchasing department. 

Unfortunately, many companies start out with an RFP spreadsheet from an analyst, add some customizations, count up the number of check boxes, check for the lowest price, easiest installation and slickest brochures and figure they are done. How could the project fail when the company purchasing the solution simply followed the advice of analysts and the IT department? 

The Simple Truth

The simple truth is this:  privileged identity solutions are not a generic purchase, nor should they be purchased based on price or the size of the features list.  Consequently, they are wholly inappropriate for an RFP or RFI process.  Due diligence, extensive research, and proof of concepts are absolutely essential.

The differences in the technologies used for privileged identity management solutions are vast and in many cases, not even comparable. A bicycle and a racing motorcycle both have two wheels and take you from point A to point B, but for those that don’t care to ask the right questions, they provide considerably different rides.

Don’t Trust the Analysts

The regrettable truth is some of our competitor’s solutions are extraordinarily labor intense to install and run, generally non-scalable, highly proprietary and are sourced from off-shore VC financed firms. Analyst firms that prepare RFP templates for these solutions are loathe to point out the serious shortcomings of these companies (and their products) to their corporate accounts in this field because the analysts and their firms receive rich yearly fees for trade shows, consulting and webinar co-presentations for these same companies.

Case in point: during the creation of a recent analyst report on privileged identity management, we pointed out to the analyst preparing the report that he completely neglected to cover the expected implementation time, scalability and total cost of operation from both an initial implementation point of view as well as from the ongoing cost of operating the solution. Even issues such as whether professional services are required, high upgrade fees, inability for customers to upgrade themselves, and disadvantageous licensing details were left off the analyst report because of the devastating effect it would have on the revenue his firm derives from our competitors. When asked why he neglected to provide these critical details, his only response was that these were not factors he wanted to consider at this point (you draw your own conclusions).

Privileged Identity Management Solutions Require More than an Appliance Delivery

Here is a scenario that is guaranteed to go wrong: a company needing to remediate their handling of privileged accounts states that they will only purchase the lowest cost solution that can be delivered on an appliance and demands a money-back guarantee. And, this same company has 30 years of legacy systems that must be managed by the appliance, little to no segregation of duties, roles or groups, no consistency in the management of their security configurations, and repeated security breaches to overcome that have already cost the organization vast amounts of money and loss of reputation. Finally, they expect a 30-75 page spreadsheet to be filled out by all of the vendors in less than two weeks with extensive diagrams and illustrations. The winner will be the vendor with the least cost and slickest presentation. There will be no technical or architectural discussions, nor will audit findings or business needs be discussed.  We see these types of RFPs and RFIs bimonthly on average.

How the Process Should Work

You would not go to the cheapest surgeon, nor would you expect him to prescribe a therapy without getting your medical history and running some tests. The same protocols hold true of implementing a privileged identity management system.  

The decision of which solution to select and how it is to be implemented requires an honest dialog with all of the stakeholders including the CSO, CIO, IT administrators, and anyone involved in the management of sensitive accounts. The most important stakeholders are those that suffer the damage should the solution take too long to implement, or if it provides incomplete coverage.

The cost of the solution is generally not a significant factor. The core requirement is the ability to rapidly remediate auditor findings and provide continuous proof that fundamental security controls exist and are continuously operating with respect to privileged identity management.

What do you think? Email me at:

Tech Tip of the Month

Managing the Local Logon Cache

Managing remote systems is difficult enough. But when the local domain controller becomes unavailable, IT administrators are presented with a whole set of new problems. Fortunately, Service Account Manager offers a local logon cache feature which ensures uninterrupted authentication during system startup. Here’s how.

Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067

(01) 310-550-8575

What's New in Identity Week

We have launched a blog! Check out our Identity Week blog for topical tips, news and opinion on the latest CyberSecurity issues. Featured commentary this month includes:

  • Compelling Survey, Weak Solution: Last week a software vendor published survey data stating that over 40% of IT staff abuse administrative passwords to access sensitive information that’s not relevant to their jobs...

Partner News

We have expanded our Channel Partner Program! Below are the new partners we brought on board this month:
  • Nanjgel Solutions has been appointed a select partner in our Partner Program. Nanjgel will market, sell, and support the entire Lieberman Software product line throughout the United Arab Emirates, Qatar, Saudi Arabia, Oman and Bahrain.
  • PRIOLAN GmbH. PRIOLAN will market, sell, and support the Lieberman Software product line in the following countries: Austria, Croatia, Germany, and Switzerland.
For information on all our reseller partners, please visit our partners website.

Product Updates / Launches / Podcasts

NEW PRODUCT RELEASE! We are pleased to announce the release of Enterprise Random Password  Manager (ERPM) version 4.83. This is a recommended upgrade for users of previous versions of ERPM. This new version adds:
  • Out of the box BMC Remedy help desk ticketing system integration – eliminating the need to perform customizations 
  • Java SDK inclusion – providing application-to-application and application-to-database and local cached credentials to non-Microsoft systems 
  • Additional out of the box device support – includes Cisco ASA, Cisco ACE, Cisco Nexus, Juniper, HP, and other answer files (this support is documented in the upgraded user’s guide available online)
Additional new features and updates included in Enterprise Random Password Manager 4.83 can be found on the product revision history page.

If you are currently under a Software Maintenance Agreement, this upgrade is available to you at no charge.

Events / Press / Analysts
  • Top 10 Cloud Computing Complaints. InformationWeek. Leading industry experts respond to gripes that IT professionals have about the security, cost, and portability of cloud computing in the enterprise.

  • AT&T iPad Breaches Are About App Security, Not Mobile Devices, Experts Say. Dark Reading. "In the recent case of AT&T and Apple, their incompetence at building scalable and secure infrastructures -- or the incompetence of the vendors who built their systems -- is on display for the whole world to see," said Phil Lieberman, CEO of Lieberman Software.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.