IT Auditors: Friend or Foe
President & CEO
At the beginning of June, Lieberman
Software was a sponsor at a major analyst and CIO summit in London,
During this summit, one of the roundtable discussions revolved around
the topic of the relationship between CIO and auditors. To say the
least, this topic created heated responses that really hit a sensitive
nerve for many of the CIOs in attendance.
There appeared to be two different general opinions about auditors:
1. One group hated them and considered them to be
incompetent, intrusive and bullies that caused
nothing but grief for the CIO and the organization
at large. For this group, they saw no benefit from
the IT audit process and considered the entire
waste of time and money.
2. The other group of CIOs saw their IT auditors as
business partners who provided useful feedback
on what was
working from a security and risk
view as well as what could be improved.
also seemed to gain an understanding
exposure and alternative mitigation
Upon digging deeper into the reasons for such a polarized response, the
core of the issue of helpfulness and utility came down to whether the
IT auditor had a fundamental understanding of the unique aspects of the
client’s business (and wanted to become knowledgeable in same), or were
blindly following a checkbox list. Another aspect that caused
polarization was whether the auditor was truly knowledgeable about
technologies they were evaluating, or were stumbling through the audit
process with no real hands-on knowledge of the systems they were
We also saw the level of intrusion of auditors into the operations to
be an element of how auditors were being perceived. In some cases, CIOs
did not want auditors to provide any advice on risk mitigation (i.e.
stay out of my business), and in other cases CIOs were interested in
learning how to implement best practices.
The other element of the auditor/CIO divide came down to whether the
CIO was on the continuous compliance bandwagon or whether they were
only interested in spending the least amount of money and time to
achieve point in time compliance.
It was clear that for most of the CIOs in the room, the auditor
relationship was either warm and friendly, or angry and bitter cold.
Nobody in the room seemed to be neutral with respect to the auditor’s
business value and how they felt about dealing with auditors.
I have always seen the IT audit process as a potentially invaluable way
to protect critical business assets and reputation as well as way to
introduce best practices to smooth operations and improve efficiencies.
From this summit, I can see that – depending on the auditor and the
company culture – the IT audit process can be a perennially bad
experience for some technology executives.
How do you see auditors?
me at: firstname.lastname@example.org. You can also follow me
on Twitter: @liebsoft or connect with me via LinkedIn.
Tip of the Month
Gain Accountability with
With the recent spate of data
breaches organizations now, more than ever before, are facing
significant challenges in mitigating threats from insiders with
privileged access. Fortunately, Enterprise Random Password Manager
provides auditing and session screen recording of privileged
activities, ensuring that every authorized user is complying with
security best practices and corporate policy. Learn more.
|Hot Off The Press!
invited to join us for a private webinar announcing the new features
and capabilities of our privileged identity management products:
We've been really busy over the
last six months, and are pleased to pre-announce the half-year release
of our flagship products. We've been listening to all the things
you've been asking for, and are excited to share with you this major
product update. You'll be excited too!
- Enterprise Random Password Manager
- Random Password Manager
New in Identity Week
commentary on our Identity Week blog this month includes:
- Where's Your Weakest Link?
Commentary by Jon Geater, Director of Technical Strategy at Thales
We are all well used to the traditional security metaphor, the
chain. Good, sturdy, tangible chunks of steel that keep gates
closed and chests locked. And we’re also well used to the
traditional insecurity metaphor, the weak link...
Lieberman Software Partner Program
eB2Bcom, a leading
value added reseller for Asia Pacific, will market, sell and support
Lieberman Software’s privileged identity management and security
management solutions throughout Singapore, China, India and other
countries in the Asia Pacific region, to enterprises seeking to locate,
secure and manage their powerful privileged account passwords.
“eB2Bcom has a 14 year track record in the Asia Pacific region of
introducing, marketing and supporting the products of innovative IT
security suppliers,” said Bob White, Founder and CEO of eB2Bcom. “ERPM
is an ideal fit for our business as organizations seek to enhance their
security and sensitive access control. We are very enthusiastic about
partnering with Lieberman Software to bring their solutions to the Asia
Events / Press /
- Techworld Awards: Security Software.
Enterprise Random Password Manager is a finalist in the Security
Software category of the 2011 Techworld Awards!
19 Third-party Execs To Keep an Eye On. Redmond Magazine. Phil
is a true software character. The president of Lieberman Software, Phil
is known for working directly with his customers, at all hours of the
day and night, to solve their problems. Based in Hollywood, Lieberman
doesn't just lead his eponymously named privilege management and
security concern, but is an outspoke advocate for more secure software
and hardware. A former professor, Phil has also penned numerous
Strong: Don't let the insider threat bring down your organization.
Network Centric Security. While awareness about the insider
threat has grown over the last few years, a major problem lies in the
way companies respond to this information. It’s been nothing more than
ineffective security theater.
CEO puts the boot into RSA for security failures. Computer Business
Review. This incident shows that there is a very strong
business case for sustained and planned investment in security... This
is not just bad news for RSA Security - it paints the rest of the IT
security industry in a bad light.
URLs in phone and tablet browsers. Network World. Lieberman
went on to say that lessons need to be learned from smartphone Web
browsers such as Safari on the Apple iPhone and iPad, which displays
the URL details and search engine element at the top of the user’s
screens at all times.
Voices Concern Over Internet Explorer 9 Security. Microsoft Certified Professional Magazine.
One of the attendees and exhibitors at the confab, Phil Lieberman,
president of Lieberman Software, has some strong feelings about cloud
security -- more aptly, the lack thereof.
model in peril? Computerworld. A new survey reveals that clients are not
happy with their IT outsourcing deals, with some respondents saying
their contracts have become more expensive than originally planned.