All that is necessary for evil to triumph is for good men to do nothing
-Edmund Burke (1729 - 1797).
Before we had met this ‘Aristotle’ of our time at the just concluded InfoSecurity Europe 2012, it was our reading of an article written by Mr Philip Lieberman, President of Lieberman Software Corporation which enabled us to place him above his contemporaries as the scholars’ scholar, then writing for Vigilance as its Guest Columnist.
Before Lieberman, many other Chief Executive Officers in the global IT community had written for us, in as much as we valued their contributions to our magazine and still do, just one article stood him out of the other CEOs as the column is exclusively for the MDs/CEOs of the global IT companies, often on invitation or by recommendation for articles of any top notch in the IT world to appear on the column.
The first article of Lieberman on our magazine was later to open the floodgate for other articles to gush out of this enigmatic, charismatic and pragmatic IT philosopher, who by our reckoning is an IT evangelist crusading for best practice and a high level integrity for the IT practitioners.
Lieberman’s articles are not only scholarly, but highly insightful; not only highly insightful, but highly profound; not only highly profound, but highly philosophical and offer perspectives into his heartbeat for best practice, order and commonsensical practice in the seeming chaotic terrain of the IT world.
Having listened to him speak, what we could glean from this crusader and evangelist was that Lieberman is to the IT world what St. Paul was to the gospel for he is out to bring order to the prevailing chaos within the global IT industry. “We follow industry’s best practice…what controls do you have in place?” He asserted and raised a query at the same time.
In the current IT jungle, a sort of no man’s land, where everybody now tends to do whatever they like Lieberman said when asked by Vigilance: “I’m not a pastor in the evangelical sense, but I believe in shining the light, so others can follow.”
His lithe frame and cool mien remind one of diminutive Paul of Tarsus, although he is averagely tall and handsomer than the Tarsus evangelist. His natural tendency for deep thoughts into things recalls in a kaleidoscopic manner philosophers such as Thales, Anaximander, Anaxagoras, Heraclitus, Socrates, Plato, Aristotle, Thucydides, etc.
Of all these great philosophers of antiquity, we find more parallels in Lieberman and Aristotle, whose name means "the best purpose”, than any other as a noticeable mantra that he kept emphasising was “best practice” and accountability which was the preoccupation of Aristotelian Virtue Ethics.
Lieberman wants to sanitise the IT world and bring it the much needed order and harmony. But how is he waging this war? Blasting RSA last year for what he then referred to as their “greed” and “neglect” he said the data taken during the security breach against RSA’s networks might have led to an attempt on Lockheed Martin. This IT Oracle who then went to town with a ‘horse whip’ over the RSA saga chided: “By my estimates this breach is going to cost RSA a minimum of $400M to replace 40 million tokens. This is not just bad news for RSA Security – it paints the rest of the IT security industry in a bad light.”
Putting the blame squarely on the senior management of EMC, the parent company of RSA, the lack of investment in SecurID was viewed by him as one of the root causes for the breach.
Said Lieberman: “A quick review of the SecurID products show that the SecurID product line has languished in innovation and development investment since the takeover. EMC is guilty of milking the RSA cow dry, neglecting it, getting it sick, and then selling the tainted beef. The tragedy is that had they provided just a little bit of food and care to the cow, they could still be receiving milk and have a healthy cow today.”
Not a man to beat about the bush on issues, whatever the issues may be, Lieberman opened his cannonade and fusillade on the RSA once more saying the SecurID incident, “is a testament to the consequences of greed and outsourcing exhibited by EMC senior management, who, in their single minded wish to maximize profitability, neglected to provide sufficient resources and domestic talent to keep their company healthy and competitive.”
At the just concluded InfoSecurity Europe 2012, held between the 24th and 26th of April, 2012 Aristo (short form for Aristotle) went with his quiver loaded with arrows, his targets this time round were IT Administrators whom he thinks play their bosses monkey tricks because as he argued in his presentation at the earthshaking event held at Earl’s Court in London entitled: The Five Security Secrets Your IT Administrators Don’t want You to Know, IT Administrators often take more shortcuts than upper management might expect, especially regarding security.
Holding his audience spell bound as he sought to expose the ITAs, Lieberman said: “As valued members of any organization, IT administrators work every day to keep the infrastructure up and available,” Lieberman said. “But with demands to reduce operational costs, IT administrators often take more shortcuts than upper management might expect - especially regarding security.”
His presentation revealed hitherto little known facts about the state of today’s IT which included:
- Many IT professionals can still access critical systems on the network, even long after leaving the organization;
- Rank and file IT staff often have the same access to sensitive financial data as the CFO;
- Most organizations likely don’t know precisely who on the staff have the right credentials to read, copy and alter data;
- IT auditors don’t necessarily know everywhere to look to discover security holes.
“Fundamentally, the security of an organization hinges on how well IT balances convenience with controls and accountability,” Lieberman said. “All too often IT is granted free reign to operate under its own rules when it comes to security.”
During the interactive half hour session, the Oracle of the IT Age provided recommendations on how organizations could improve IT accountability through segregation of duties and auditing controls. The presentation also described potential solutions, such as privileged identity management software, which could automatically track privileged logins, delegate access and change credentials for each account after use.
Also, at the just concluded trade show, Lieberman showed his UK audience for the first time his companies Enterprise Random Manager which helps to protect against unauthorised access of built-in passwords. Although this security vulnerability is very well known by hackers and inside fraudsters to sneak into the network, he said Lieberman’s software would detect and secure default passwords, preventing unauthorised persons and malware gaining control of sensitive data.
Philip Lieberman, Aristotle of our time appears to have assigned himself the onerous task of leading the IT ‘Evangelicals’ to wage war against greed and all dubious tendencies in the IT world, but will he succeed? Time, time, only time will tell. In the main time, the Oracle has spoken, hear ye him!