Skip to content
Get in touch

Insurance company  achieves compliance with robust key management

Multinational insurance company also automates SSH key management for cost savings.
Learn more about key manager
Central mainframe augmented with light data

Customer

The customer is a Fortune Global 500 multinational insurance company based in Asia. Its principal products include health, life, insurance and annuities.  
Powerful quantum-safe security solutions

Customer challenge: Lack of access management and governance

The customer uses SSH keys to manage access to their IT environment. SSH keys are crucial in providing access to critical connections that transfer sensitive information, such as customer insurance data.

As a large financial institution that handles thousands of keys daily, they realized that they have a serious challenge with SSH keys which are widely used in the customer environment as access credentials to critical targets. In particular, the customer realized that:

They have an accumulation of unmanaged keys that could grant access indefinitely if not removed.

They have no way to track who is using which key for which purpose.

They face a risk of attack without proper key governance.

They are at risk of failing compliance requirements, since SSH keys are an audit failure point.

They have no tools to locate these unmanaged ‘rogue’ SSH keys.

Solution: Automated key lifecycle management

The customer needed a solution that would eliminate the threat of unauthorized remote access between systems and implement a periodic key replacement process.  The customer decided to go with PrivX Key Manager as it has fulfilled all of their key requirements. 

The customer had keys located in an NFS shared drive, so they needed a function to identify those not in the local system. PrivX Key Manager not only supports this environment - but also monitors the usage status of distributed keys and identifies long-term unused keys - adding an additional layer of security that is crucial for financial organizations.   

PrivX Key Manager’s automatic key lifecycle management ensures that keys are replaced periodically, ensuring the validity of all keys and helping the organization comply with security regulations. The customer also liked the comprehensive workflow, specifically its key distribution application and approval process. 

Benefits
Priviledged-access-management
Centralized key management 

PrivX Key Manager brought customer's unmanaged keys under control through a single UI. 

 

gear-cycle
Key governance automated

A comprehensive set of SSH key management workflow allowed automating key renewal, deletion and remediation operations and reducing the risks of unauthorized access.  

graduate
Auditing, tracking and recording

All sessions and auditing and tracked and can be recorded whenever needed. SSH keys associated with an identity.

 

High Speed
Efficiency gains

Automation cut down the time and resources previsously  spent on managing SSH keys manually.

ot-security
Compliance

The customer gets reports on existing policy-violating keys and can remedy the situatation. Further policy enforcement will prevent unauthroized keys from being introduced to the environment.

integration-api
Integrations

PrivX Key Manager integrated out-of-the-box into existing customer environment with its extensive REST API library. 

Learn more about getting keys under control.