Five Golden Rules for a Secure
(Excerpt - Read
the Full Article in Virtual
President & CEO
Survey after survey has
revealed that security is the top concern voiced by prospective
customers about cloud computing and its outsourced, on-demand business
model. Worries over data privacy may prove to be service providers’
greatest roadblock to new business. In addition, the risks of a data
breach seem certain to grow as a service provider’s infrastructure
expands and its IT staff becomes more numerous and decentralized.
So while an outsourced cloud infrastructure can be a good fit for many
companies, it holds huge potential for costly disasters. And, if the
outsourcer fails you could be left without the resources to repair the
damage. There is little margin for error in choosing an outsourcer, as
Lieberman Software found in our recent industry surveys at the annual
RSA and InfoSecurity conferences held earlier this year. Our survey
revealed that 77 percent of IT professionals said that their
outsourcers had made up work simply to earn extra money.
Here are my five golden rules to ensure your outsourcing lifeboat
doesn’t sink mid-stream:
Make a Transition Plan and Stick to It
2. Get Your Outsourcing
Plan in Writing
3. Demand Transparency
with Respect to
4. Know Their Financial
Standards, History, and Audit Points
5. Find Experts in the
Areas You Need
Those are our five golden rules. But remember - our position is that
outsourcing as a means solely to reduce costs is a fraud since these
cost reductions are achieved by gutting the organization of its talent
and providing its customers with the poorest possible support at the
Ultimately outsourcing for cost savings alone leaves a company weak and
ill prepared to respond to emerging threats and opportunities. On the
other hand, outsourcing to provide unique talent that is otherwise
unavailable or impossible to train can provide your company with
distinct competitive advantages. Outsource when there’s expertise to be
gained (through contracting of specialists), not lost (through
abandonment of loyal staff).
What do you think?
Email me at: firstname.lastname@example.org.
You can also follow me on Twitter: @liebsoft
or connect with me via LinkedIn.
Tech Tip of the Month
Manage All Windows Tasks
The built-in Windows Task
Scheduler is a great tool for
automating recurring tasks on Windows hosts. However, it does lack a
centralized way to add, remove and edit scheduled tasks, and update
files, on multiple systems simultaneously. Fortunately our Task
tool can do all this and more. Here’s
Follow us on Twitter!
New in Identity Week
Featured commentary on our Identity
Week blog this month includes:
- HP Protect 2011: What you should have seen
The seventh annual HP Protect 2011security and compliance conference in
Washington D.C. bills itself as the single largest summit of security
and compliance professionals, experts, architects and gurus under one
- 5 Ways to Avoid Being the Next Security
Headline. It’s been an active season for criminal
hackers, rogue IT administrators and others with vindictive motives and
the ability to exploit weak and outdated security systems. Let’s recap
with a look at just a few of the security fiascos we’ve seen in recent
Events / Press /
Managing Database Administrator Credentials. October 26, 2011 @ 11am PT.
Learn how to easily find SQL Server
instances on your Windows systems, find their accounts, change
credentials and propagate new credentials to connection strings in
seconds. See how Enterprise Random Password Manager
(ERPM) can be used to manage the credentials and connection strings of
other database engines.
Self-Service Passwords Resets and Password Synchronization, The Easy
Way. October 27, 2011 @
11am PT. Users forgetting their passwords is
always the number one load on the Help Desk. Automating the solution to
this problem can save money and free up Help Desk staff to address more
critical user problems. See how our self-service password reset and
password synchronization products can eliminate users calling the Help
Desk for password resets.
- WEBINAR: Windows Privileged
Identity Management. November
2, 2011 @ 11am PT. Learn how
ERPM can be used to automatically find machines, accounts and their
usage, reliably propagate password changes, and delegate access to
sensitive credentials on the Windows platform. Integrate into SIEM and
trouble ticket systems to alert you to
out of compliance situations.
Effectively Managing Windows Services, Scheduled Tasks and COM objects.
November 3, 2011 @
11am PT. Proper maintenance of Windows Services,
Scheduled Tasks and COM objects across thousands of computers can be
such a large task that it never gets done. Our tools allow you to
update credentials or change configuration across thousands of machines
in just a few minutes. Attend our free webinar and see how quickly you
can get the job done.
Linux/UNIX Privileged Identity Management. November 9, 2011 @ 11am PT.
Learn how ERPM can be used to automatically
find machines, accounts and their usage, reliably propagate password
changes, and delegate access to sensitive credentials on the Linux/UNIX
platforms. Integrate into SIEM and trouble
ticket systems to alert you to out of compliance situations.
- WEBINAR: Managing Lights-out Management
16, 2011 @ 11am PT. Up
until recently, there has been no easy way to change the default
credentials on a large number of lights-out management cards (IP KVMs)
at the same time, much less control access to who has the credentials.
Learn how to find these cards, change their credentials, and delegate
access to these devices in a time limited manner using ERPM.
- Will NFC make the
mobile wallet work? BBC News. Phil Lieberman, head of IT
security specialists Lieberman Software, believes the technology poses
a significant security risk to consumers. "I think it's insane. How's
that for vague?" he says.
loses data on more than three million customers to hackers.
InfoSecurity. The brutal reality is that a multi-million pound
betting exchange, with operations in several countries, processing
millions of transactions every single day, was clearly hacked by Far
Eastern cybercriminals, despite the fact that the exchange had claimed
previously that its security systems – as required by multiple
regulatory authorities – were up to scratch.
Factor Authentication: SMS vs. Tokens. eSecurityPlanet. It’s
really a toss-up with no right answer. SMS-based authentication is
technically inferior to hard tokens in that the transmission could
theoretically be intercepted and used by an intruder. In practice, the
SMS method is superior since the organization does not have to worry
about token distribution or lost tokens and this is a less expensive
and generally a more easily deployed methodology. Most of the cost and
complexity of hard tokens revolves around configuration and