Password Vaults: A Poor
Man's Stopgap for Real Security
Lieberman, Founder and CEO
When a company begins the
journey to improve its security for handling privileged identities, it
first examines how it currently manages these accounts. In many cases,
the information is kept in people’s heads, on sticky-notes, in publicly
available spreadsheets, or the knowledge is lost. As a consequence of
these ad-hoc credential management solutions, one of the most
fundamental tenants of security - regularly changing sensitive
passwords - rarely occurs.
Faced with a failed audit, many IT organizations attempt to take a
shortcut and purchase our competitor’s “password vault”
solution. The thinking goes that if the IT department can hide away the
passwords and who is using or knows them from the auditors, then they
can pass their regular security audits and move on to other tasks.
Unfortunately, this misguided approach never solves the fundamental
problems with shared passwords, unchanged critical passwords, and
What we have seen recently is that security auditors are getting wise
to the “hiding credentials” solution of vaults. Auditors are now
demanding that customers implement Service Level Agreements (SLAs) for
the proactive and audited handling of privileged accounts as well as
ensuring discovery of all the places they are used. The days of
passwords to be used as well as storing passwords in Excel spreadsheets
in a vault are coming to an end.
We are also seeing customers that are disillusioned with the incomplete
and unmet promises of password vault solutions that are now in the 2nd
or 3rd year of implementation, with no completion date in sight. We
have seen customers come to the realization that their vault-based
solutions are wholly incapable of keeping up with the complexity and
growth of their IT infrastructure. Now they are looking for a proper
solution that can provide a security SLA without taking years to deploy.
If you are user of a password vault product and now have to implement
proper security for your privileged accounts, let us show you how
easily and quickly this can be accomplished with the right technology.
Send an email to firstname.lastname@example.org
and let us show you the right way to implement privileged identity
Avenue of the Stars
Angeles, CA 90067
STOP THE PRESSES: ERPM 4.81 is now
With the release of Enterprise
Random Password Manager (ERPM) 4.81
we build upon our market-leading account discovery and propagation
capabilities to offer the first truly cross-platform privileged
identity management solution.
ERPM 4.81 now offers a
choice of MS
SQL or Oracle 11g Release 2 as the secure, back-end data store. Along
with the Oracle data store integration, version 4.81 adds comprehensive
support for today's multi-platform Oracle environments. It integrates
out-of-the box with Oracle Internet
Directory and discovers and
manages the privileged credentials found within Oracle 11g, 10g and 9i
databases, and within
applications such as Siebel, PeopleSoft and
JD Edwards that use these
databases and credentials.
management, and propagation features add support for
application pools and virtual directories, IIS 6 and 7Sybase ASE,
SharePoint and more. Version
4.81 also offers expanded directory services integration to support eDirectory, Tivoli
Directory, Oracle Internet Directory, Apache Directory, and other
By managing all major
directories and platforms ERPM 4.81 is the first privileged account
password management solution that can control the privileged identities
on virtually every IT resource in the multi platform enterprise.
Contact us today to see if you qualify for our
product evaluation program. We will show you how we can help bring
your organization into compliance and secure your back-office
Launches / Podcasts
/ Press / Events
- November 5, 2009
-- Online: Special webinar for Healthcare
Providers and Payers on "Privileged Identities
in Healthcare: Four Key Steps To Securing Patient Data." When?
11:00am to 12:00pm PST. For more information and to register, please
- November 9-13, 2009 -- Berlin, Germany:
Lieberman Software will be exhibiting with our reseller partner, IBV
Informatik, at TechEd Europe 2009. Stop by our booth, E10, and play our quiz game to win
a fabulous prize!
Whiteboard: Privileged Identity Management
World, October 2009
"The other major
announcement was from Lieberman Software, which unveiled a privileged
identity management solution for the Oracle Ecosystem."
- Help Net
Security, October 2009
"Lieberman Software has integrated its privileged identity management
solution, Enterprise Random Password Manager (ERPM), with Oracle."
Reading, October 2009
"For example, Lieberman notes, many organizations leave themselves at
risk when they fail to encrypt database backup tapes. The data may be
secure on the server, but if someone with ill intent gets hold of the
unencrypted tape, then it will be compromised all the same."
Tip of the Month
How can privileged identity management
software help lower the cost and uncertainty of your regulatory
compliance audits? Download the new white paper Controlling IT Audit
Costs to learn how.