Privileged Identity Management News Line June 2011

PRIVILEGED IDENTITY MANAGEMENT NEWS LINE

June 2011

Top of Mind

IT Auditors:
Friend or Foe

Philip Lieberman
President & CEO
Lieberman Software

At the beginning of June, Lieberman Software was a sponsor at a major analyst and CIO summit in London, England.

During this summit, one of the roundtable discussions revolved around the topic of the relationship between CIO and auditors. To say the least, this topic created heated responses that really hit a sensitive nerve for many of the CIOs in attendance.

There appeared to be two different general opinions about auditors:

1. One group hated them and considered them to be
   incompetent, intrusive and bullies that caused
   nothing but grief for the CIO and the organization
   at large. For this group, they saw no benefit from
   the IT audit process and considered the entire
   process a waste of time and money.

2. The other group of CIOs saw their IT auditors as
   business partners who provided useful feedback
   on what was working from a security and risk
   point of view as well as what could be improved.
   This group also seemed to gain an understanding
   on risk exposure and alternative mitigation
   strategies.

Upon digging deeper into the reasons for such a polarized response, the core of the issue of helpfulness and utility came down to whether the IT auditor had a fundamental understanding of the unique aspects of the client’s business (and wanted to become knowledgeable in same), or were blindly following a checkbox list. Another aspect that caused polarization was whether the auditor was truly knowledgeable about technologies they were evaluating, or were stumbling through the audit process with no real hands-on knowledge of the systems they were evaluating.

We also saw the level of intrusion of auditors into the operations to be an element of how auditors were being perceived. In some cases, CIOs did not want auditors to provide any advice on risk mitigation (i.e. stay out of my business), and in other cases CIOs were interested in learning how to implement best practices.

The other element of the auditor/CIO divide came down to whether the CIO was on the continuous compliance bandwagon or whether they were only interested in spending the least amount of money and time to achieve point in time compliance.

It was clear that for most of the CIOs in the room, the auditor relationship was either warm and friendly, or angry and bitter cold. Nobody in the room seemed to be neutral with respect to the auditor’s business value and how they felt about dealing with auditors.

I have always seen the IT audit process as a potentially invaluable way to protect critical business assets and reputation as well as way to introduce best practices to smooth operations and improve efficiencies. From this summit, I can see that – depending on the auditor and the company culture – the IT audit process can be a perennially bad experience for some technology executives.

How do you see auditors? Email me at: phil@liebsoft.com. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.

Tech Tip of the Month

Gain Accountability with Session Recording

With the recent spate of data breaches organizations now, more than ever before, are facing significant challenges in mitigating threats from insiders with privileged access. Fortunately, Enterprise Random Password Manager provides auditing and session screen recording of privileged activities, ensuring that every authorized user is complying with security best practices and corporate policy. Learn more.

Hot Off The Press!

You're invited to join us for a private webinar announcing the new features and capabilities of our privileged identity management products:

Enterprise Random Password Manager (ERPM), and
Random Password Manager (RPM)

We've been really busy over the last six months, and are pleased to pre-announce the half-year release of our flagship products. We've been listening to all the things you've been asking for, and are excited to share with you this major product update. You'll be excited too!

Live Webinar Dates & Times:	Register To Attend:
Wednesday, July 20, 2011 @ 11:00 AM ET	RSVP
Thursday, July 21, 2011 @ 2:00 PM ET	RSVP

What's New in Identity Week

Featured commentary on our Identity Week blog this month includes:

Where's Your Weakest Link?
Guest Commentary by Jon Geater, Director of Technical Strategy at Thales
We are all well used to the traditional security metaphor, the chain. Good, sturdy, tangible chunks of steel that keep gates closed and chests locked. And we’re also well used to the traditional insecurity metaphor, the weak link...

Where's the Trust - Is Small Banking Better? Add Bank of America to the list of large banks whose customers have fallen victim to insider threats...

Partner News

eB2Bcom Joins Lieberman Software Partner Program

eB2Bcom, a leading value added reseller for Asia Pacific, will market, sell and support Lieberman Software’s privileged identity management and security management solutions throughout Singapore, China, India and other countries in the Asia Pacific region, to enterprises seeking to locate, secure and manage their powerful privileged account passwords.

“eB2Bcom has a 14 year track record in the Asia Pacific region of introducing, marketing and supporting the products of innovative IT security suppliers,” said Bob White, Founder and CEO of eB2Bcom. “ERPM is an ideal fit for our business as organizations seek to enhance their security and sensitive access control. We are very enthusiastic about partnering with Lieberman Software to bring their solutions to the Asia Pacific region.”

Events / Press / Analysts

Black Hat USA 2011. August 3-4, 2011. Las Vegas, NV. Come visit us in booth # 312!

Techworld Awards: Security Software. Enterprise Random Password Manager is a finalist in the Security Software category of the 2011 Techworld Awards!

Top 19 Third-party Execs To Keep an Eye On. Redmond Magazine. Phil is a true software character. The president of Lieberman Software, Phil is known for working directly with his customers, at all hours of the day and night, to solve their problems. Based in Hollywood, Lieberman doesn't just lead his eponymously named privilege management and security concern, but is an outspoke advocate for more secure software and hardware. A former professor, Phil has also penned numerous computer books.

News from the Analyst Summit in London. Kuppinger Cole. These are only a few of those companies I have seen, and of course there are more, that do a great Job such as Lieberman Software...

Stay Strong: Don't let the insider threat bring down your organization. Network Centric Security. While awareness about the insider threat has grown over the last few years, a major problem lies in the way companies respond to this information. It’s been nothing more than ineffective security theater.

Six Biggest Rising Threats from Cybercriminals. PCWorld. Watch out for these cyberattacks that can turn smartphones into texting botnets, shut off electricity, jam GPS signals and more.

O2 mobile wallet security: Lieberman Software CEO predicts disaster. Phones Review. The flurry of news surrounding mobile wallets and how NFC (near field communications) will soon allow us all to ditch our credit and debit cards in favour of a payment-enabled mobile phone ignores the security issue that is staring us in the face.

Lieberman CEO puts the boot into RSA for security failures. Computer Business Review. This incident shows that there is a very strong business case for sustained and planned investment in security... This is not just bad news for RSA Security - it paints the rest of the IT security industry in a bad light.

Hidden URLs in phone and tablet browsers. Network World. Lieberman went on to say that lessons need to be learned from smartphone Web browsers such as Safari on the Apple iPhone and iPad, which displays the URL details and search engine element at the top of the user’s screens at all times.

Questions asked on the cost implications of RSA replacing SecurID. SC Magazine. The replacement of 40 million RSA SecurID tokens will create huge cost issues for the vendor.

Compact web page navigation dangers on Chrome and Firefox. Infosecurity Magazine. Google and Mozilla are reported to be working on a compact web page navigation feature for their respective browsers, generating concern from a number of security sources.

Sophos Voices Concern Over Internet Explorer 9 Security. Microsoft Certified Professional Magazine. One of the attendees and exhibitors at the confab, Phil Lieberman, president of Lieberman Software, has some strong feelings about cloud security -- more aptly, the lack thereof.

Outsourcing model in peril? Computerworld. A new survey reveals that clients are not happy with their IT outsourcing deals, with some respondents saying their contracts have become more expensive than originally planned.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.

Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA 90067

Liebsoft.com | (01) 310-550-8575 | newsletter@liebsoft.com