Viewfinity interviews Phil Lieberman of Lieberman Software on IT Security: 

  Mr. Lieberman has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in existing products on the market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials.

1. It seems like a week doesn't go by without an IT news story describing a high profile data breach at a large company or government agency. Why is this such a frequent occurrence? And what are the most common mistakes that IT groups make when it comes to protecting their organizations' against security threats?

Fundamentally most companies provide too much access for too long to too many people with no monitoring or controls.  There is also little thought given to limiting damage that can occur with super user credentials that are never changed and widely used.

2. What should IT groups be doing to better secure access to their sensitive data? What security products and/or processes are involved?

The first step is to identify sensitive resources and classify who has access and how this can be controlled and monitored.  Organizations also need to identify direct access methodologies as well as side channels to access.  It is also a good idea to consider the introduction of silos that separate data by both physical and logical means.

3. You've been in the security software industry for more than 30 years. Based on your experience, what new or emerging IT security threats do today's IT groups need to be aware of, and why?

Cutting corners to save money and the general attitude that security is a commodity are the greatest security threats today.  This goes in line with the idea that outsourcing myth that says that external entities located off-shore provide the magical properties of reducing IT costs as well as access to superior security and technology at bargain basement prices.  The threat is simply that security requires vigilance and effort as well as money and smart people that must be part of your own organization.

4. On January 12 you're co-hosting a webinar with Leonid Shtilman of Viewfinity. What are the key advantages that you hope the attendees will gain from the session?

It is now practical to achieve enterprise-wide superuser password management quickly (less than a week) and permanently with the right technology solution.  When possible, it is best to not disclose superuser credentials, but instead escalate applications to a super user privilege when appropriate. 

With both our technologies we allow end-users to achieve their business objectives that require super user access, but we also provide real security by proactively managing the actual superuser credentials where they are stored and where they are used.

Our combined solutions provide fully automated password management and privileged account auditing along with elevation of privileges for applications or to reduce permissions for privileged users on specific applications and tasks in a least privilege environment.  This help companies increase security by achieving least privileged access to programs, as well as the removal of shared knowledge of superuser credentials and their anonymous use.

Sign-up for the Lieberman Software and Viewfinity webinar on January 12, 2012 by clicking here.