Compliance with Comprehensive Key Management
A Marine Vessel Operator Secures Remote Access for Diagnostics, Maintenance and IoT Data Collection
Customer
The customer is a Fortune Global 500 multinational insurance company based in Asia. Its principal products include health, life, insurance and annuities.
Challenge - Lack of Access Management and Governance
The customer uses SSH keys to manage access to their IT environment. SSH keys are crucial in providing access to critical connections that transfer sensitive information, such as customer insurance data.
As a large financial institution that handles thousands of keys daily, they realized that they have a serious challenge with SSH keys which are widely used in the customer environment as access credentials to critical targets. In particular, the customer realized that they
- have an accumulation of unmanaged keys that could grant access indefinitely if not removed
- no way to track who is using which key for which purpose
- face a risk of attack without proper key governance
- risk of failing compliance requirements, since SSH keys are an audit failure point
- have no tools to locate these unmanaged ‘rogue’ SSH keys
Solution - Automated Key Lifecycle Management
The customer needed a solution that would eliminate the threat of unauthorized remote access between systems and implement a periodic key replacement process. The customer decided to go with PrivX Key Manager as it has fulfilled all of their key requirements.
The customer had keys located in an NFS shared drive, so they needed a function to identify those not in the local system. PrivX Key Manager not only supports this environment - but also monitors the usage status of distributed keys and identifies long-term unused keys - adding an additional layer of security that is crucial for financial organizations.
PrivX Key Manager’s automatic key lifecycle management ensures that keys are replaced periodically, ensuring the validity of all keys and helping the organization comply with security regulations. The customer also liked the comprehensive workflow, specifically its key distribution application and approval process.
Centralized key management
PrivX Key Manager brought customer's unmanaged keys under control through a single UI.
Key governance automated
A comprehensive set of SSH key management workflow allowed automating key renewal, deletion and remediation operations and reducing the risks of unauthorized access.
Auditing, tracking and recording
All sessions and auditing and tracked and can be recorded whenever needed. SSH keys associated with an identity.
Efficiency gains
Automation cut down the time and resources previsously spent on managing SSH keys manually.
Compliance
The customer gets reports on existing policy-violating keys and can remedy the situatation. Further policy enforcement will prevent unauthroized keys from being introduced to the environment.
Integrations
PrivX Key Manager integrated out-of-the-box into existing customer environment with its extensive REST API library.
