SSH Communications Security Unveils Information Assurance Platform Service Solution for Secure Shell Environments
Company to Offer Complete Lifecycle Professional Services Focused on Controlling Costs, Improving Security and Meeting Compliance
HELSINKI, Finland and WELLESLEY, Mass.– Oct. 8, 2012 –SSH Communications Security, known the world over as the inventor of the secure shell protocol, today announced its services portfolio designed to help organizations secure their encrypted networks. The services offering is a new complementary component to the Universal SSH Key Manager and CryptoAuditor solutions of the company’s Information Assurance Platform.
Without a centralized key management system, it is virtually impossible for a large enterprise to identify all the trust relationships within its SSH environment, leaving the company vulnerable to exploitation and running afoul with regulatory compliance mandates. The new SSH offering deploys a team of experts to discover all legacy user keys within the enterprise’s encrypted network, test the environment and install the company’s Universal SSH User Key Manager, monitor the key activity usage and provide recommendations to application teams for key remediation policies.
“We have been working on a consultative basis with a half-dozen large enterprises since the launch of our Information Assurance Platform earlier this year,” said Matthew McKenna, head of sales and marketing at SSH. “Many of our customers have known audit items open regarding the management of secure shell user key access in their encrypted networks, often because they did not know a solution existed. As the inventors of the secure shell protocol, we are ideally positioned to help our customers manage their secure shell infrastructure cost, risk and compliance issues with a level of expertise unparalleled in the industry.”
The secure shell protocol, widely regarded as the gold standard for data-in-transit security, is a critical network security component that fulfills mission-critical tasks within large enterprises. Since many large enterprises have over 10,000 servers on their networks, they must be able to centrally manage deployment, configuration, host keys, user keys and auditing to ensure security and remain in compliance with regulatory standards such as SOX, PCI, FISMA and HIPAA.
Key SSH field research findings:
- Many large enterprises spend $2-3 million per year on manual key management, a cost that can be eliminated by automated key management
- About 10 percent of all SSH user keys provide root access, creating a major security and compliance issue
- Enterprises rarely know what each key is used for
- Many of the SSH keys that grant access to critical servers are no longer in use
- Some organizations permit administrators to create SSH user keys at will without approvals or control
- Very few organizations ever change SSH user keys
- Occasionally organizations share the same SSH host key across thousands of computers, leaving the network vulnerable to man-in-the-middle attacks
- Very few organizations remove keys when a user leaves or an application is decommissioned
- Key-based access can bypass existing privileged access management systems
- Key-based access grants are essentially permanent, in direct violation of SOX, PCI and FISMA requirements for proper termination of access
“Our Information Assurance Platform helps enterprises save time and money while eliminating the security and compliance issues commonly associated with network access control and encrypted traffic monitoring,” said Tatu Ylönen, CEO of SSH. “Our services module will help large enterprises bring their encrypted networking up to the best practices level while providing them with the ongoing support and expertise needed to ensure the optimal outcome.”
- Emerging PCI-DSS requirements for Secure Shell Key Environments
- The Technical Complexities and Risks of Public Key Authentication
- Universal SSH Key Manager
About SSH Communications Security
Founded in 1995, SSH Communications is the company that invented the SSH protocol - the gold standard protocol for data-in-transit security solutions. Today, over 3,000 customers across the globe, including 7 of the Fortune 10, trust our Information Assurance Platform to secure the path to their information assets. We enable and enhance business for thousands of customers in multiple industries in the private and public sectors around the world. We operate in the Americas, Europe, and APAC regions, with headquarters located in Helsinki, Finland. The company shares (TEC1V) are quoted on the NASDAQ OMX Helsinki.
For more information on SSH Communications Security please visit http://www.ssh.com
Nadel Phelan, Inc.
SSH Communications Security