White Papers


	A Gaping Hole in Your Identity and Access Management Strategy: Secure Shell Access Controls Identity and access management (IAM) is a critical component of an enterprise's security strategy. IAM implementations have largely focused on gaining control over the massive number of business users in the enterprise through both enhanced governance and automated provisioning capabilities. IAM deployments have helped IT security teams gain significant control of and visibility into a broad range of users — from rank-and-file employees to C-level executives. However, this governance framework has largely ignored privileged users (systems and applications administrators) and the large number of automated application-to-application processes that drive day-to-day IT operations. This is a gaping hole in the overall security architecture of the vast majority of enterprises. IDC believes that enterprises must become engaged in addressing SSH key management as a component of the overall IAM strategy. This paper is designed to provide IT managers with basic background material on SSH key management and access control issues, outline the attendant IAM risks, and describe how those risks can be mitigated.



	The Challenge of Identity and Access Management in Secure Shell Environments The challenges faced today by large enterprises in managing SSH user keys include manual errors in key setups, lack of removal of keys, possibility to copy keys to home directories, and no visibility as to who has the possibility to access what SSH servers. These drivers affect organizations from not only in terms of risk, however also from a compliance and cost perspective. This white paper focuses on the existing technical risks related to public key authentication and the lack of SSH user key management in enterprises. It will highlight the architecture of SSH Communications Security's Universal SSH User Key Manager (TM), address internal security risks in the architecture, and identify how they have been solved or mitigated. In doing this, it will demonstrate how the solution can affectively decrease risks faced by enterprises today in managing their SSH user keys.



	Preventing Data Loss Through Privileged Access Channels Even with SSH there is a fundamental gap in the security of privileged access. Enterprises rarely apply a reliable audit or monitoring capability to privileged user activity. Because these activities are secured by encryption, they are opaque to standard layered defenses such as next generation firewalls and data loss prevention systems. A rogue administrator can steal company information, alter critical data and damage systems – and erase the systems based logs that record what they did. Privileged access channels are also attractive vectors for external criminal entities to steal information and disrupt operations. This white paper focuses on how organizations facing these issues of privileged access can effectively balance the challenges of cost, risk and compliance. It describes how privileged access governance can be made minimally invasive, scale to enterprise requirements and most importantly, prevent costly losses.



	Security Solutions for IBM Mainframes: Implement, Manage and Monitor Your Encrypted Environment First introduced in the 1960s, the IBM mainframe is still the workhorse of enterprise IT. Like many technologies with roots in the past, mainframes were designed with little thought to security. Over time, security gaps have been addressed but there are still significant issues with respect to protecting critical information and systems from malicious activity. In many enterprises, Secure Shell (SSH) is used to address security gaps in both information transfer and system administration. It is used to end the practice of transfering sensitive data in clear text and to protect system administration from compromise. However, SSH is a protocol and not in of itself a security solution. Improper use of SSH exposes enterprises to unforeseen risks. This white paper discusses the challenges and benefits of using SSH within mainframe environments and how a solutions approach can address those challenges.



	SSH User Key Remediation: Getting Control of One of the Most Significant Hidden Threats to Your Enterprise Security Sloppy management of authentication keys for SSH, an encryption protocol used for automation in IT systems, risks catastrophic IT failure in banks, government and industry. Most organizations have no process for managing, removing, and changing access-granting keys. This violates SOX, FISMA, PCI, and HIPAA, all which require proper control of access to servers and proper termination of access. This white paper focuses on SSH user key remediation as a process which all organizations utilizing SSH should be aware of and consider implementing. It will outline a basic process and set of tools which can be utilized to identify the existing trust relationships in your environment, bring legacy keys under control, and automate the creation, deployment, rotation and removal of keys.



	SSH User Keys and Access Control in PCI-DSS Compliance Environments As the Payment Card Industry Data Security Standard evolves to include requirements to manage secure shell user keys as carefully as passwords, the current tools many organizations use for secure shell user key management will become ineffective and create a compliance issue. This white paper analyzes how emerging key management and access control technologies will likely impact PCI compliance mandates and presents SSH’s Universal SSH Key Manager as a solution that can be implemented today to both increase security controls and meet the coming, common sense changes to compliance mandates.

	The Cost of Insecurity: FTP And the Looming Financial Hazard It Is Creating For Your Organization Unsecure file transfers (FTP) remain one of the most significant security risks on the mainframe today. Still, many organizations continue to use FTP despite the known risks and a long history of highly publicized and costly breaches. With SSH for mainframes, organizations can easily start the process of eliminating FTP from their mainframes while maintaining compatibility with their legacy solutions, thereby improving their security posture and compliance profile without having to make major changes to their network infrastructure.



	Technology Risk Management Guidelines by Monetary Authority of Singapore Cost-Effective Controls for Compliance The Technology Risk Management Guidelines, published by the Monetary Authority of Singapore, present best practices for financial institutions to establish a technology risk management framework and to strengthen system security. This white paper will examine the guidelines, highlight particularly significant and challenging requirements found within, and propose cost-effective solution approaches to addressing these. Examples of available security solutions offered by SSH Communications Security will be presented in each section. Suggestions for further development of the guidelines will also be proposed.

A Gaping Hole in Your Identity and Access Management Strategy: Secure Shell Access Controls

The Challenge of Identity and Access Management in Secure Shell Environments

Preventing Data Loss Through Privileged Access Channels

Security Solutions for IBM Mainframes: Implement, Manage and Monitor Your Encrypted Environment

SSH User Key Remediation: Getting Control of One of the Most Significant Hidden Threats to Your Enterprise Security

SSH User Keys and Access Control in PCI-DSS Compliance Environments

The Cost of Insecurity: FTP And the Looming Financial Hazard It Is Creating For Your Organization

Technology Risk Management Guidelines by Monetary Authority of Singapore Cost-Effective Controls for Compliance

Overview

Latest News

Quick Links

Products

Resources