Lieberman Goes Super Secret with Privileged Passwords
March 5, 2013 Alex Woodie
In old war movies, you’ve probably seen how, before launching a nuclear missile, the captain and his first lieutenant must turn their keys simultaneously for the launch to work. This is actually a security practice instituted by the United States Air Force and other military organizations that’s called the “two man rule.” Last week, security software vendor Lieberman Software launched a version of the two man rule to control the passwords for privileged user profiles.
Lieberman’s flagship product, called Enterprise Random Password Manager (EPRM), is a security utility designed to discover, secure, track, and audit the use of privileged user profiles across multiple operating systems, including IBM i, Unix, z/OS, Linux, and Windows. The software continuously changes the passwords for privileged user profiles, and generates dashboards that show auditors and managers how the powerful accounts are being used.
With EPRM’s implementation of the two man rule–also called double safekeeping—Liebermann is giving organizations another layer of security over their most powerful and dangerous user profiles. Under double safekeeping, a single password for a powerful user profile is split into two pieces, and distributed to two individuals. To allow that user profile to be used, each of the individuals must enter his portion of the password.
This approach bolsters the security of the user profile by eliminating the chance that a programmer or administrator will be able to log onto the system without the knowledge of anybody else, says Philip Lieberman, president and CEO of Lieberman Software.
“When implemented, ERPM’s double safekeeping functionality prevents any one individual from having all of the credentials for the powerful privileged accounts that can access an organization’s most sensitive data and IT resources,” Lieberman says in a press release.
While double safekeeping has long been used by institutions such as the US Government to safeguard critical assets, such as nuclear weapons, the practice is not widespread in the corporate sector. However, that could soon change.
“Some regulatory compliance requirements, such as BASEL II, are now requiring organizations to store and retrieve sensitive information–including passwords–in multiple parts so that no one person can maintain key secrets individually,” Lieberman says.