What is Cybersecurity?
Security is an essential part of all corporate planning – preparing for trouble goes a long way towards avoiding it - a known risk is usually a lessened risk.
Cybersecurity is the part of security that has a “digital dimension” – security topics that involve the ever-increasing number of digitalized systems, services, and solutions of our daily life. Cybersecurity means the research, plans, and actions undertaken to foresee, avoid, and counteract trouble in (or arising from) the digital world.
Due to the pervasiveness of the digital dimension, it touches nearly every part and layer of corporate life. This means that cybersecurity cannot be left to the responsibility of the “IT staff” or “CISO office”, but needs to be addressed by everyone. While the security departments and administrators may well be in charge of selecting, configuring, and maintaining the systems and environments, a significant portion of daily cybersecurity burden is borne by the ordinary users and employees. Well-designed systems with proper access control as well as end-user vigilance and education are vitally important. Corporate cybersecurity is everyone’s responsibility – from corporate leadership to the technical staff and the end-users.
Cybersecurity and Enterprise Risk Management
Corporate security is often examined from a risk management perspective – the potential damage dictates and justifies the actions taken. Similar approach can be applied to cybersecurity. However, often the risk assessment may be different and more complex. Cyber risks range from small to infinite and may be extremely difficult to assess. Initially minor information breaches can snowball to avalanches – for example in a case of a compromised user account that escalates to a compromise of a privileged account (that has system-wide visibility and access).
In cybersecurity, prevention is generally a more economical approach than focusing on crisis management in the event of an incident, and a well-designed approach to security will not impede operations whereas a failure to address the threats may hurt the organization – even mortally.
SSH – Trusted Access and Corporate Cybersecurity
The ubiquitous SSH protocol is the basis of trusted access in practically every corporate network. SSH serves in a vital role as it protects the access to corporate infrastructure and secures the connections and file transfers between users, servers, and other networked entities. The security features of SSH, a centralized SSH key management to complement it, combined with a well-defined and implemented identity and access management policy provide a solid cybersecurity base for building a corporate network infrastructure on.
Addressing the issues of trusted access and key management allow organizations to address key questions such as:
- Who (and what) has access to which resources?
- What happens when new users or processes are granted access?
- What happens when the need to the access ends?
NIST Cybersecurity Guidelines on SSH
There are a number of valuable resources for guidelines, best practices, and vision on how to address the various topics around cybersecurity. The field is wide and covers nearly all aspects of corporate life. The link below presents some guidance from a narrower, trusted access point of view.
From the perspective of trusted access with SSH, the NIST publication on SSH - “Security of Interactive and Automated Access Management Using Secure Shell (SSH)” (NIST IR 7966) provides a solid foundation on defining the processes for deploying, using, and managing the SSH protocol for interactive and automated operations in sensitive corporate networks.
SSH Communications Security has closely participated in the authoring of this document, in co-operation with other industry players and NIST experts.