Get Your Golden Bridge Awards Entry Kit Now
Welcome How To Submit Enter Online Advertisements & Sponsorships Tickets Volunteer as Judge Merchandise Winners Home
Philip Lieberman: Common misconceptions hindering adoption of cloud computing

Lieberman Software provides privileged identity management and security management products to more than 1200 customers worldwide, including nearly half of the Fortune 50. By automatically discovering and managing privileged accounts throughout the network, Lieberman Software helps secure access to sensitive data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance.

Rake Narang: What are some of the most common misconceptions hindering adoption of cloud computing?

Philip Lieberman: Many organizations are rushing into cloud migrations due to the perceived economic advantages of the cloud. However, most of these organizations do so without thinking about the potential effects on their data security and regulatory compliance. The fact that so many cloud providers – large and small – have no interest in managing privileged identities to limit access to sensitive data and systems should give customers great pause before putting their most precious data and resources in the hands of many providers.

The recent leak of NSA data by contract systems administrator Edward Snowden confirmed what I’ve been saying for years -- that persistent and broad access to sensitive systems is inappropriate. It also points out the other issue of privileged access, namely the problem of using contractors and controlling their access. The same situation occurs in the cloud where contractors are used to keep the price down of managing and running these environments, but here too, there is effectively unlimited access to those that do not have a direct fiduciary responsibility to the provider. Technology can put a clamp on this access, but without it, trust and prayer are the only security models.

About Philip Lieberman

Rake Narang: How large of a barrier is security for companies that are considering the cloud?

Philip Lieberman: Many IT security professionals are still wary of moving to the cloud, according to our recent cloud security survey. This survey measured the attitudes of nearly 300 IT security professionals and it revealed that almost half of them are deterred from keeping sensitive data in the cloud because of fear of possible government and legal interference.

There are several reasons why IT experts might be apprehensive about storing corporate data in the cloud. The key issues are data security, government surveillance and cloud legislation.

IT managers are often unsure that cloud providers can keep their data properly protected, which could ultimately affect their job and their business.

Another issue concerns legislation and the fact that IT managers don’t want governments snooping around in their corporate data. If a government or official body wanted to see what data a company was holding in the cloud, the cloud host involved would be legally obliged to provide them access.

This means there is very limited privacy in cloud environments. IT managers know it is much easier to hide data within their own private networks. This doesn’t necessarily mean that organizations have something illegal they would like to keep from the government, it might just be that the data held is sensitive and they need to keep it private. Besides, there’s always the chance that data could be accessed accidently if it’s hosted in a cloud environment.

Rake Narang: What exactly are the security issues that companies are concerned about?

Philip Lieberman: Organizations are concerned with several major security factors regarding the cloud: unknown or unverified processes of cloud providers, untrusted cloud provider employees and contractors, and lack of access to audit records and physical access records. There’s also an absence of transparency and coordination with regard to IT infrastructure management.

Every cloud infrastructure can be home to potentially hundreds of thousands of vulnerable privileged accounts. The presence of automated hacking tools means improperly secured privileged logins are almost certain to give hackers free reign on the network and access to customers’ private data, within minutes of an incursion.

Until now privileged accounts and other file-based secrets have proven difficult to secure within large-scale, dynamic Cloud Service Provider (CSP) networks, and many still use humans and first-generation software tools to try and manage the task.

As a result, improperly secured privileged accounts provide an easily exploited attack surface for hackers and malicious insiders.

Rake Narang: What can be done to improve cloud security to the point where companies are more likely to become cloud adopters?

Philip Lieberman: Cloud providers could differentiate themselves by offering transparency as to their internal processes. There is actually little real security because the internal processes of the cloud providers are opaque. These providers operate under strict non-disclosure agreements, which mean that inadequate security processes never see the light of day. The best scenario would be indemnification of clients against losses caused by poor security practices, in line with generally accepted standards of gross negligence.

If there is indemnification, along with government supplied safe harbors that protect adopters against litigation, cloud adoption would be easy. As for private clouds, there is a case to be made considering that cloud providers can offer economies of scale in the purchase and running of infrastructure, with minimal additional security risk versus an on-premises solution.

Of course, there is little to nothing to be gained in security by such a private cloud solution, but in the never ending quest for reduced operating costs, there is a business case for the private cloud. On the other hand, if the private cloud vendor fails as a business or changes its strategy, then the customer has to have a “plan B” to migrate back to an on-premises solution or to find another suitable private cloud provider.

Company: Lieberman Software
1900 Avenue of the Stars, Suite 425, Los Angeles, CA 90067 U.S.A.

Founded in: 1978
CEO: Philip Lieberman
Public or Private: Private
Head Office in Country: United States
Products and Services: Enterprise Random Password Manager™ (ERPM), the company’s flagship Privileged Identity Management (PIM) product, is the industry’s first Security-as-a-Service PIM platform, providing full automation and programmatic orchestration of privileged credentials, certificates, pin codes, passcodes and other sensitive data generated on a massive scale by large multi-tenant organizations. With ERPM, the discovery, auditing and access control of credentials and certificates in the world’s largest enterprises and service providers can now be managed entirely by machines, rather than through direct human interaction.

Lieberman Software also offers award-winning Windows security management tools, including User Manager Pro Suite, Service Account Manager and more.
Company's Goals: Lieberman Software pioneered the privileged identity management space by releasing the first product to this market in 2001. With more than 1200 customers worldwide, including nearly half of the Fortune 50, the company will continue to update and expand its privileged password management solution set while growing its customer base in this vibrant and emerging market to help organizations mitigate complex IT security, reporting and auditing operations.
Key Words: Privileged Identity Management, Security-as-a-Service, Security Management, Risk and compliance management

Interested in doing a written interview with us?

Let's do a quick written interview. Let's share success stories. Let's connect.


San Madan

san [@] goldenbridgeawards [dot] com
Connect with me on LinkedIn

Click here now to see the interview questions.