DevOps Security Challenges - Trusted SSH Access to Production Servers
What Is DevOps?
The essence of the methodology is to leverage native, well-known tools and processes in an agile and iterative fashion in teams that are self-sufficient and capable of rapid and frequent, even daily, code releases. The use of native tools of developers and IT professionals allows a low threshold for the adoption DevOps, resulting in a highly automated, high-frequency release cycle, instead of the release-per-year approach of the traditional waterfall development model.
The motto of Release Early, Release Often imposes some clearly visible challenges for operational security.
The Role of SSH (Secure Shell)
SSH is deeply immersed DevOps. The culture emphasizes frequent releases, highly automated (and often remote) build processes, constant configuration, and distributed teams. All these characteristics call for secure communications and file transfer tools that are native to developers and other power-users. There is no other tool as deeply embedded into DevOps than SSH. It is the “swiss army knife” of secure data communications. SSH provides the remote connectivity, secure file transfers, and secure automation capabilities for development and production environments.
In DevOps environments the development teams are directly (and frequently) in contact with production systems. It is common that there are daily releases of code directly into the live production servers, and the traditional boundaries between development, test, and production environments have eroded. This cross-environment work requires the development teams to have system-level trusted access to systems that are the heart of enterprises' core businesses - in technical terms, there is abundant and frequent root access to the corporate core platforms.
Providing the above requires the ability to monitor, control, and audit the connectivity into sensitive data and systems. The traditional security systems are often ill-suited for this task, and risk countering and defy automation. Imposing privileged access management (PAM) solutions that require users to go through jump servers for privileged access or secure shared use of privileged accounts requires undesirable changes in toolsets, workflows, and processes. They may also impose a need for user trainings, which can be time-consuming and hence costly.
Sample Use Scenario
SSH Communications Security is the world leading provider of solutions that allow controlled SSH deployments in high security environments. One of our customers serves as an excellent example of how to realize the benefits of DevOps without making security or compliance compromises.
A leading US high-tech company has 800 developers in a fenced development environment. Compliance with internal security policy requires strong controls and auditing of developer access to production. A gateway-based PAM solution would have taken several days, even weeks, to set up, and the required changes to developer processes and tools would have been unbearable.
To realize the operational efficiencies of the DevOps model, the customer abandoned the jump host approach, and implemented transparent audit and control with CryptoAuditor.
Policy-based routing at their NG firewall forwards their privileged traffic to the CryptoAuditor virtual appliance for SSH and RDP auditing - and the entire solution was deployed data center wide within 8 hours.
Meeting Security Requirements - Monitor, Control, and Audit Encrypted Connections
Realizing the benefits of continueous deployment requires allowing a wide group of privileged power users access to production systems. Allowing this kind of transgression of the borderline between development and production domains carries many implications.
A secure and compliant implementation requires:
- The usage of shared privileged accounts must be auditable and accountable. The organization is required to know which particular user has been using a given root or administrator account at which point in time.
- The actions that are allowed need to be controlled. Sensitive data must be protected against data loss, and transfers of protected data must be monitored and prevented in real time. The monitoring solution must be able to see inside encrypted channels that are used for privileged access.
- DevOps makes extensive use of automation of the build and release processes. Employed tools and solutions need to address not only the human users, but also the very common machine-to-machine interactions and automated processes.
- Data Loss Prevention (DLP) controls to ensure business and customer data is not exfiltrated out of the production environment through the encrypted DevOps channels.
CryptoAuditor as a Security Solution
CryptoAuditor is a fully network-based solution for monitoring, controlling, and auditing encrypted connections. It is exceptionally well suited to securing an enterprise DevOps environment. As a virtual appliance it can be installed in private or public cloud, and a typical installation is at an internal or external firewall.
- Transparent monitoring of encrypted connections (SSH, RDP, HTTPS)
- Secure use of shared accounts - without disclosing the credentials
- Secure storage of credentials in a cryptographic vault
- Recording the monitored sessions as searchable videos
- Cost-efficient enforcement of two-factor authentication
- Easy, zero-touch installation - no changes to connection endpoints
- Network based - no agents at servers nor clients for end users
- Visibility into and encrypted connections between development and production systems
- Early warning of suspicious activity inside encrypted communications
- Accountability in shared account use
- Compliance with regulatory requirements that require separation of development and production systems
- Leveraging prior investments to security controls such as Data Loss Prevention (DLP), SIEM, Intrusion Detection, Intrusion Prevention, and Anti-Malware protection.