SSH Communications Security Restores Compliance, Reduces Risk at Global Bank
Inventor of the Secure Shell Protocol Identifies and Remediates Scope of Secure Shell Key Mismanagement
HELSINKI and WALTHAM, Mass., Feb. 23, 2016 – Poorly managed Secure Shell (SSH) keys can leave an organization open to serious security threats and compliance violations. SSH Communications Security today announced it has completed one of the largest-scale SSH Key remediation projects, enabling one of the world’s biggest banks to reduce risk and restore compliance after a security audit revealed lack of governance over Secure Shell user keys. For more information, please visit https://ssh.com/ssh-key-management .
SSH keys enable thousands of mission-critical connections every day within an enterprise, but this security protocol is not widely understood. This was made evident by the global bank, as it was unaware of unknown risks and vulnerabilities. SSH Communications Security was able to:
- Identify the scope of the problem: The bank’s use of the SSH Health Check™ discovery tool revealed the problem was even more widespread and serious than auditors had initially thought. The bank had over 1.5 million Secure Shell user keys distributed across its entire infrastructure, including over 150,000 user keys granting root access, with no records of who was in possession of the corresponding private keys.
- Uncover security loopholes: Some of the bank’s critical security safeguards, such as those ensuring separation of test and production environments, were easily circumvented via Secure Shell keys. SSH Communications Security supported the bank’s project team in deploying and managing the Universal SSH Key Manager® (UKM) solution and, combined with its professional services, enabled the bank to regain control.
- Implement strong key management: UKM provides the monitoring capability to capture key usage. Unneeded keys are removed and actively used keys are brought under administrative control. UKM is able to provide central administration to ensure policy control over key usage, key lifetimes and authority over key creation. Lastly, UKM is able to monitor and alert security administrators to any policy violations.
- Restore compliance: The bank’s unmanaged authentication system was in violation of compliance mandates from government authorities and SOX. Universal SSH Key Manager has enabled the bank’s Secure Shell project team to align with these mandates.
Joe Scaff, director of global customer support & services, SSH Communications Security, said: “The compromise of just one key granting root access to server infrastructure would expose the bank to information theft, tampering and loss – even including the loss of backups.With over 85 percent of all of the bank’s Secure Shell transactions being critical application-to-application data transfers, we needed to lock down the environment and identify trust relationships. Then we were able to redeploy new keys – all without causing an outage. We get great satisfaction from combining our products and our expertise to design and implement solutions that meet each client’s specific needs.”
About SSH Communications Security
As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com