October 2009

Top of Mind

Password Vaults: A Poor Man's Stopgap for Real Security
Philip Lieberman, Founder and CEO
Lieberman Software Corporation

When a company begins the journey to improve its security for handling privileged identities, it first examines how it currently manages these accounts. In many cases, the information is kept in people’s heads, on sticky-notes, in publicly available spreadsheets, or the knowledge is lost. As a consequence of these ad-hoc credential management solutions, one of the most fundamental tenants of security - regularly changing sensitive passwords - rarely occurs.

Faced with a failed audit, many IT organizations attempt to take a shortcut and purchase our competitor’s “password vault” solution. The thinking goes that if the IT department can hide away the passwords and who is using or knows them from the auditors, then they can pass their regular security audits and move on to other tasks. Unfortunately, this misguided approach never solves the fundamental problems with shared passwords, unchanged critical passwords, and unknown/unmanaged credentials.

What we have seen recently is that security auditors are getting wise to the “hiding credentials” solution of vaults. Auditors are now demanding that customers implement Service Level Agreements (SLAs) for the proactive and audited handling of privileged accounts as well as ensuring discovery of all the places they are used. The days of allowing static shared passwords to be used as well as storing passwords in Excel spreadsheets in a vault are coming to an end.

We are also seeing customers that are disillusioned with the incomplete and unmet promises of password vault solutions that are now in the 2nd or 3rd year of implementation, with no completion date in sight. We have seen customers come to the realization that their vault-based solutions are wholly incapable of keeping up with the complexity and growth of their IT infrastructure. Now they are looking for a proper solution that can provide a security SLA without taking years to deploy.

If you are user of a password vault product and now have to implement proper security for your privileged accounts, let us show you how easily and quickly this can be accomplished with the right technology. Send an email to and let us show you the right way to implement privileged identity management.

Lieberman Software Corporation
1900 Avenue of the Stars
Suite 425
Los Angeles, CA  90067

(01) 310-550-8575

Breaking News!

STOP THE PRESSES: ERPM 4.81 is now available!

With the release of Enterprise Random Password Manager (ERPM) 4.81 we build upon our market-leading account discovery and propagation capabilities to offer the first truly cross-platform privileged identity management solution.

ERPM 4.81 now offers a choice of MS SQL or Oracle 11g Release 2 as the secure, back-end data store. Along with the Oracle data store integration, version 4.81 adds comprehensive support for today's multi-platform Oracle environments. It integrates out-of-the box with Oracle Internet Directory and discovers and manages the privileged credentials found within Oracle 11g, 10g and 9i databases, and  within applications such as Siebel, PeopleSoft and JD Edwards that use these databases and credentials.

New discovery, management, and propagation features add support for application pools and virtual directories, IIS 6 and 7Sybase ASE, SharePoint and more. Version 4.81 also offers expanded directory services integration to support eDirectory, Tivoli Directory, Oracle Internet Directory, Apache Directory, and other LDAP-compliant directories.

By managing all major directories and platforms ERPM 4.81 is the first privileged account password management solution that can control the privileged identities on virtually every IT resource in the multi platform enterprise.

Contact us
today to see if you qualify for our product evaluation program. We will show you how we can help bring your organization into compliance and secure your back-office infrastructure.

Product Updates / Launches / Podcasts

Analysts / Press / Events
  • November 5, 2009 -- Online: Special webinar for Healthcare Providers and Payers on "Privileged Identities in Healthcare: Four Key Steps To Securing Patient Data." When? 11:00am to 12:00pm PST. For more information and to register, please click here.
  • November 9-13, 2009 -- Berlin, Germany:  Lieberman Software will be exhibiting with our reseller partner, IBV Informatik, at TechEd Europe 2009. Stop by our booth, E10, and play our quiz game to win a fabulous prize!

  • InformationWeek, October 2009                                                 Whiteboard: Privileged Identity Management
  • Network World, October 2009
    "The other major announcement was from Lieberman Software, which unveiled a privileged identity management solution for the Oracle Ecosystem."

  • Help Net Security, October 2009
    "Lieberman Software has integrated its privileged identity management solution, Enterprise Random Password Manager (ERPM), with Oracle."
  • Dark Reading, October 2009
    "For example, Lieberman notes, many organizations leave themselves at risk when they fail to encrypt database backup tapes. The data may be secure on the server, but if someone with ill intent gets hold of the unencrypted tape, then it will be compromised all the same."

Tech Tip of the Month

How can privileged identity management software help lower the cost and uncertainty of your regulatory compliance audits? Download the new white paper Controlling IT Audit Costs to learn how.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy.