Security by Design
Philip Lieberman, President
One of my responsibilities over the years has been to guide our
company’s products so that they meet the needs of clients and also to
anticipate and invest in the future. My goal is to make sure that our
products evolve along with the capabilities of our customers.
Something Really New and Interesting
Since 1997 we have seen our enterprise customers evolve in
size with geometric growth every 4 years or so with the release of new
server operating systems from Microsoft. This growth has been fueled by
improvements in directory technology and virtualization with the rise
of large cloud vendors and managed service providers.
Another driving force of our evolution has been the
concurrent evolution of nation state cyber-warfare. Back in 1995, it
was clear to many of us that the Internet was easy to attack. For all
these years there has been a situation where criminals and security
software companies have been fighting each other with great commercial
profitability; just look at the size of the RSA show each year and the
ferocious investments by venture capitalists in security companies.
However, even back in 1995 and up until recently one genie
has been kept in the bottle and that is the aggressive and public use
of nation state technology level attacks against businesses and our
critical national infrastructure. The problem, which we all have seen
coming, but hoped would not, is that commercial companies generally do
not build products to protect against nation state attacks. Opponents
European Identity Conference (EIC)
Last week at the EIC conference in Munich we were showing
our latest version of our technology for privileged identity management
(PIM) known as version 4.83.6. This is the next stage in PIM automation
The New Challenge to Solve
For a long time we have been beating the drum about how
automation is the only way to get control over the privileged
identities in your environment. Our assertion has always been that
every step from discovery to password changes to propagation must be as
automated as possible. To that end, we have been developing ever
faster, deeper and more sophisticated technology.
Our philosophy is simple: cyber-warfare opponents use
automation to find weaknesses in your environment. Only by employing
automation for security can you find and automatically repair
weaknesses faster than your opponents can find them.
The challenge we faced at the beginning of this year from
one of our largest customers was: how do you build a solution to manage
500,000, 2 million, 20 million or larger systems? (To manage each cell
phone, cable box, or phone/cable company router – the back-end
infrastructures are huge.) There is no off-the-shelf software to manage
anything that large and there are tons of companies who have deployed
that number of systems as part of their businesses. So, how do you do
it? More importantly, how do we do it?
Goodbye: Web Interfaces, GUIs, etc.
At massive scale deployment no company will be using a
vendor’s web or GUI interface to manage security or even compliance
because it is too slow, not scalable, and it will never be configurable
to meet their needs or security model. Companies of this scale manage
the lifecycle (discovery, generation, disclosure, change, destruction)
of identities, certificates, passwords, files, configurations – all
with virtually no human interaction.
We have also reached the point where privileged identity
management is no longer about administrator types of accounts. Secure
environments now require that all identities on all devices must be
captured and managed.
All of these capabilities are now part of the latest release
of Enterprise Random Password Manager via our introduction of a
complete cross platform web service interface and PowerShell interface
that provides a programmatic option for identity security management.
You can think of it as PIM automation as a platform; but it provides
programmatic storage, discovery and management with no UI needed.
I Don’t Have That Many Machines
This new technology means that if you can still use our
product and its automation as-is, but if you don’t like our web
interface or the platform it is running on, no problem. You can connect
to the web services interface and build your own user interface in
minutes. Want to do discovery, password changes, storage of
certificates – from a mobile device, Linux, or mainframe? It’s easy to
do in minutes just by consuming our web services. (Yes, programmatic
access from Android, iPhone, Windows Phone today and in any language to
consume resources, or to manage the local secrets, files or
certificates on the platform.)
The goal of this version was to make it simple to
programmatically use and manage identities and certificates within
minutes to orchestrate identity management from any platform.
Orchestration is the key to managing large environments and also for
creating more secure environments, because essentially all the work for
identity management and security is handled from within your own
For large critical national infrastructure and defense
users, there is a critical need for an open, scalable and secure
security management platform from a company that believes that we need
to make better tools than those used by our enemies and make them easy
to deploy at scale without taking years to implement.
you think? Email me at: Phil@liebsoft.com.
You can also follow me on Twitter: @liebsoft
or connect with me via LinkedIn.