Recently surveyed IT security professionals in the U.S. say securing systems that are disconnected from their corporate networks is a challenge, a situation that could worsen over time, reports Los Angeles-based Lieberman Software Corporation.
Polled at Black Hat USA 2017, an annual security event held in July in Las Vegas, Lieberman Software surveyed attendees and found that 53% of respondent IT security professionals considered the disconnect to be a challenge.
In addition, 32% of those queried predict that “more than one fourth of their end-users will not be regularly connected to the network in two years,” notes a statement Monday Lieberman Software, a provider of cyber defence products to remediate intrusions that penetrate the network perimeter.
“IT departments must proactively manage privileged account passwords and access to sensitive and critical systems,” cautions Philip Lieberman, president and CEO of Lieberman Software. “This task has become nearly impossible as companies move to in-field laptops, remote offices, the cloud and isolated servers. In many cases, these core assets are no longer centrally managed by IT, nor always connected to the network,” Lieberman continues.
The company reports most companies have moved or are moving from a centrally managed IT infrastructure to one of cloud and mostly disconnected systems.
Products are available that can secure privileged passwords on connected systems, the company notes, but doing so with remote and disconnected environments, providing controlled privileged access, has been a big problem.
Lieberman Software is now offering the Disconnected Account Management feature of its Lieberman RED-Rapid Enterprise Defense Identity Management solution – what the company claims is “the first privileged identity management solution that provides comprehensive support for both connected and disconnected systems.”
Employing patent-pending technology, the new feature uses a local application or service that regularly changes credentials on local accounts using a unique per-machine shared cryptographic seed and time synchronization.
As well, the statement explains, it performs regular automatic password changes on workstations and servers, without the need for connectivity, directories or central management software. Authorized password recovery for disconnected systems is said to be accomplished securely via any web browser on a desktop or mobile device.