Your browser does not allow storing cookies. We recommend enabling them.

Universal SSH Key Manager Enables Financial Institutions to Meet New Compliance Requirements from Monetary Authority of Singapore


Strengthened Compliance Requirements Around Secure Shell Access Controls Becoming Reality for Banks and Other Financial Institutions

HELSINKI, Finland and WALTHAM, Mass. – SSH Communications Security, known the world over as the inventor of the ubiquitous Secure Shell and SFTP protocols, today announced that its Universal SSH Key Manager™ (UKM) solution enables banks and other financial institutions to meet the Technology Risk Management Guidelines of the Monetary Authority of Singapore (MAS), Singapore’s central bank.

Key News Facts:

In June of 2013, MAS made updates requiring that financial institutions:

  • Prevent unauthorized access, misuse or fraudulent modification through proper access controls and continuous monitoring of authentication keys in the environment
  • Put in place effective measures to prevent internal sabotage, malware infestation or other attack vectors that could cause severe harm or disruption, such as transitive trust attacks targeting unmanaged authentication keys that enable attackers to rapidly hop from machine to machine
  • Implement a physical or logical segregation of duties and utilize a “least privilege” approach to access controls , such as ensuring authentication keys used by development are not passed on to production machines to create unauthorized access paths between non-production and production environments

Last year, a top global bank with a significant market presence in Singapore selected UKM along with the SSH Key Remediation Services to begin the process of bringing its Secure Shell environment under control. UKM has enabled the bank to monitor, manage and inventory its keys in line with MAS recommendations as well as other compliance mandates including SOX, PCI DSS and others.

SSH will be holding a webinar related to this topic as follows:

Date & Time: October 16, 2013 (3pm SGT), “Meeting the Revised MAS TRM Guidelines”

Supporting Quote:

Tatu Ylönen, CEO and founder of SSH Communications Security, said:

“Compliance bodies are quickly adopting language specific to Secure Shell systems access control and monitoring. The Monetary Authority of Singapore has been on the leading edge of reform because it recognizes the risks and wants to protect consumers and businesses from the devastating impacts of a widespread data breach. With Universal SSH Key Manager, our customers are staying ahead of the trends and are already in good position to pass upcoming PCI v3 audits relating to Secure Shell access controls as well as other compliance mandates.”

About SSH Communications Security

Founded in 1995, SSH Communications Security is the company that invented the SSH protocol - the gold standard protocol for data-in-transit security solutions. Today, over 3,000 customers across the globe - including seven of the Fortune 10 - trust our Information Assurance Platform to secure the path to their information assets. We enable and enhance business for thousands of customers in multiple industries in the private and public sectors around the world. A fast-growing company, SSH Communications Security operates in the Americas, Europe, and APAC regions, with headquarters located in Helsinki, Finland. The company shares (SSH1V) are quoted on the NASDAQ OMX Helsinki.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more