ERPM handles passwords on Windows service accounts, IIS accounts, SQL Server and Oracle database accounts, SharePoint, Directory Services, and Linux and other major platforms, both physical and virtual servers. As an enterprise product, it is designed to work with a variety of configuration management repositories such as CA, IBM and BMC's CMDB software and with system management tools such as Microsoft System Center, HP Operations Center and Arcsight.
All of these accounts are discovered without the need to install any agents on individual servers. Once it does find these accounts, ERPM will automatically detect password changes and make the updates across all the various systems and devices.
Installation is a bit of a hassle with a huge list of prerequisite software to support its services. We installed it on a box running an early version of Windows 8.1 and chose the default mySQL database for its password store. But once you get through this process, it is easy to maintain. One of its advantages is a continuous real-time automated account discovery of potential target accounts. You can also add accounts from your Active Directory store, from scanning particular IP address ranges, or individually. The new accounts are placed into a batch "change control" job that can be run regularly to update your password collection.
ERPM also includes a variety of audit reports so you can satisfy various compliance requirements and can output its information to various file formats for further processing by security management software. A number of preconfigured reports come with the software to get you started.
Lieberman supports various multi-factor authentication tools, including RSA SecurID and YubiKey, along with other one-time methods. Users can be authorized for particular accounts to either recover or reset specific passwords too.
One nifty feature of ERPM is being able to recover a password through its Web client. Any user with the right access rights can use it, and these requests are logged as well. You can also set up rather complex workflows to approve privilege escalation requests.
Lieberman also works with a third-party tool called Balabit's Shell Control Box, an activity monitoring appliance, to restrict user access to privileged resources.
The biggest downside to ERPM is its cost. The entry-level price tag is a steep $25,000, but that includes unlimited users and accounts. Given the rather unique market position for ERPM, this could be a reason why it is so pricey.
1Password is an individual consumer product without any enterprise management capabilities. It has versions for Windows including Windows 8, Mac, iOS and Android phones. The Windows 8 support is fine with non-IE browsers: if you use IE, you have to bring it up from the desktop and not from the Metro interface, although they are working on fixing that.
Sign up for CIO Asia eNewsletters.