Your browser does not allow storing cookies. We recommend enabling them.

SSH Communications Security Reveals Compliance Predictions for 2016


Privileged Access Management and Encrypted Channel Monitoring Facing Key Challenges from HIPAA/HITECH, PCI and SOX in 2016

HELSINKI and WALTHAM, Mass., Jan . 13, 2016 – As industry business models change, compliance challenges are being compounded by an evolving threat landscape and by increased scrutiny from federal agencies looking to protect critical data. SSH Communications Security today announced its predictions for the top compliance challenges of 2016. For more information, visit

An increasingly complex network environment and the sophisticated attacks against it demand better security and privacy controls. Key data access trends for 2016 include:

  • Privileged access management (PAM) and third party access are unavoidable – Outsourcing tech support to offsite workers with remote access to production environments and highly sensitive information is increasingly popular. As regulators demand more effective access controls and accountability for monitoring privileged access actions, PAM will be a compliance headache in 2016.

  • HIPAA/HITECH – The federal government is actively enforcing HIPAA/HITECH in 2016. Auditors will be zeroing in on the areas where healthcare providers, health plans, and clearinghouseshave failed audits most often in the past, and will be levying massive fines for noncompliance.As a result, HIPAA/HITECH will be a heavy compliance burden in 2016.

  • Financial Industry and SOX-404 – Relentless ongoing audits and internal controls assessments continue to impact financial organizations, with privileged access controls expected to cause the most audit infractions. Expect mandates calling for all publically traded companies to have an internal audit function in place, and for the scope of internal controls audits to expand exponentially.

  • NISTIR 7966 Security of Interactive and Automated Access Management Using Secure Shell (SSH) – In 2016, U.S. federal government agencies will be required to abide by this guide to manage Secure Shell for access control; as a result, the private sector needs to be prepared for regulatory and standards bodies to follow suit.

Fouad Khalil, director of compliance, SSH Communications Security, said:

“As cybercriminals attack on all fronts, federal auditors are cracking down to help keep customer data safe and reduce the number of breaches. Our predictions show that compliance trends in 2016 will require access control and encryption to become key elements of every organization’s security strategy. Well-defined and integrated security controls will help expedite breach investigations and ensure compliance with reporting requirements well into 2016 and beyond.”

About SSH Communications Security

As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now