SSH Communications Security - Leader in Trusted Access
SSH Communications Security Corp (NASDAQ OMX Nordic: SSH1V) is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.
Our technology secures the infrastructure of our digital world. We are present in over 90% of all data centers in the world - on-premise or in the cloud. With over 20 years of history and dozens of relevant patents, we understand trusted access like no other.
Bridging the Trusted Access Security Gap
Identifying users and controlling their access are vital to business. Present identity and access management (IAM) solutions fall short in addressing trusted access - the automated and privileged access by systems, administrators, developers, outsourcing partners, and other privileged users.
Trusted Access: Control and Visibility
Our offering centralizes and automates management of keys and access to critical resources. It provides visibility into the identities and access of man-to-machine and machine-to-machine communications and controls the provisioning of access.
Our solutions ensure operational integrity, improve system availability, and deploy without disruption to the customer's business processes. Our management solutions save a typical Fortune 500 customer an average of $1 to $3 million per year in costs while reducing the risk of serious security and compliance breaches.
SSH Communications Security bridges the trusted access security gap by:
- Managing the identities and access with Universal SSH Key Manager® - an enterprise SSH key management solution. It discovers, monitors, remediates, and manages keys that enable interactive and automated sessions on-premise and in the cloud. We put our customers in control without disrupting existing production or automated processes.
- Providing visibility and control info encrypted communications with CryptoAuditor®. It empowers customers to monitor, control, and audit privileged access. CryptoAuditor requires no agents, and deploys without disruption to end-users or systems.
- Securing the communications to critical infrastructure with Tectia® SSH, a premium, PKI-enabled, cross-platform Secure Shell implementation from the inventor of the protocol. It includes built-in support for advanced file transfers and complies with the requirements of PCI-DSS, SOX, HIPAA, and FISMA.
SSH Communications Security focuses on access management and other solutions related to SSH (Secure Shell) and trusted access.
The company intends to maintain and strengthen its leadership in SSH key management. It estimates its products, expertise, and deployment capability lead the competition by 2-3 years. Given that SSH keys constitute 90% of credentials granting access to servers, the company sees no way they could continue to be ignored in identity and access management.
The company further leverages its CryptoAuditor to complement its key management offering and to be more strategic to its customers:
- Protects enterprise data from theft and leakage (financial and reputation risk) by enabling data loss prevention and anti-virus checks for encrypted file transfers and interactive sessions crossing enterprise network boundary.
- Protects enterprise internal network (risk reduction, digital transformation enablement) by preventing backdoors into the internal enterprise network using SSH tunneling, which would otherwise pose a major security risk when moving servers to the cloud, such as into Amazon AWS.
- Enables network monitoring, audit, forensics investigations, and analytics for access to the internal network by third parties, such as by outsourced IT administrators, financial systems consultants, and vendors (reduces risks, enables more outsourcing, protects, reduces reputation risk due to breaches, detects attacks earlier).
- Facilitates fast and cost-efficient deployment of two-factor authentication for cloud services, data centers, and server clusters without having to install software on the servers themselves (cost saving, better security).
The company also intends to derive significant revenue from its patent portfolio, and intends to diligently protects its intellectual property relating to SSH key management from unlawful exploitation by competitors. The company has by far the strongest portfolio of patents and patent applications relating to SSH key management on the market.
History of SSH Communications Security
Tatu Ylonen developed the original SSH implementation in 1995 and published it in June. By the end of the year, he was getting 150 support emails per day asking for support, and places like UC Berkeley asking if they could buy commercial support for SSH.
December 1995 he founded SSH Communiations Security Corp. The company grew to 190 people and $20m in sales by 2000, and went public in the Helsinki Stock Exchange, which is now part of NASDAQ OMX Nordic. The company opened its US subsidiary, SSH Communications Security, Inc., in 1998 and has done more than 50% of its sales in the United States since 1999.
In the early years, the company derived most of its revenue from IPSec OEM licensing, with customers such as Sun Microsystems, Lucent, Compaq, Intel, Juniper, Nokia, Ericsson, NEC, and about 100 other telecommunications, networking, and firewall vendors. That part of the business was sold to Safenet in 2003; however, the company still retains patents from that time that are used in smartphones, VoIP (voice-over-ip), and various operating systems. The company expects to derive substantial revenue from these patents in the coming years.
In the early years, the company was in an exclusive distribution arrangement around SSH (Secure Shell), and could not start selling it direct until 2000. In 2000, it released the first SSH client with fully integrated file transfers, and surpassed the sales of its former exclusive distributor in six months.
Since 2003, the company has been focused on serving large enterprise customers. Many of its customers don't want to be mentioned by name, but include many of the largest global banks and 40% of the Fortune 500. Public customers include Walmart and many others.
We enforce a strict anti-bribery and anti-corruption policy. We endeavor to obey the laws and policies of the jurisdictions it operates in.
We have a strict no-backdoor policy. We do not put backdoors into any of our products for anybody. However, we will refrain from selling to the more questionable regions in the world as well as to any organizations where sales would be illegal according to the laws we operate under.
We respect the privacy of people. However, security often involves a compromise between security and privacy. While some of our products can be used for internal surveillance within organizations, we do not provide products for mass surveillance of citizens. Generally our products require the secret encryption keys of a server before access to it can be monitored, and that generally limits monitoring to legitimate business purposes involving the organization's employees, contractors, and customers when they access the organization's information systems. A certain amount of internal surveillance and analytics is necessary to catch cybercriminals and terrorists trying to infiltrate an organization and to get an early warning of security incidents.
We respect and protect the environment and attempt to minimize the environmental impact of our operations. We seek to improve the society around us. We shun away from business partners associated with child labor, human rights abuse, criminal activity, or terrorism.
We endeavor to be a good employer. We pay competitive salaries, provide equal opportunities regardless of gender, sexual orientation, age, or other similar factors, and treat employees fairly. We have a strict non-harrassment policy.
We believe that work should be fun, most of the time. We also seek to hire the top talent, offer them challenging work that has a positive impact on the world, and also expect a lot from them. We want to offer our employees an opportunity for both personal and professional growth.
We make the world safer. We make our customers more competitive.
Overview of Group Structure
The publicly listed parent company, SSH Communications Security Corp, is based in Helsinki, Finland. It operates in the United States through its fully owned subsidiary, SSH Communications Security, Inc. For the last 15 years, 50-70% of group revenues have been from the United States.
The group additionally has sales and technical support subsidiaries in various regions, including SSH Operations Oy (European Union area branches), SSH Communications Security (S) Pte. Ltd. (Singapore), SSH Communications Security Ltd. (Hong Kong), and SSH Communications Security K.K. (Japan). It also has various other subsidiaries related to certain partnerships, joint ventures, or government customers.