SSH One™ Trusted Access Security and Automation Platform
SSH One™ API & Connectors
Future-proof, no vendor lock
- Extend, customize, integrate, report
360° visibility and control
Universal SSH Key Manager®
Premium Secure Shell
Services & Consulting
World-class subject matter expertise at your disposal
- Access, specify, plan, evaluate
- Deploy, implement, managed service
SSH One™ Overview
SSH One™ is a platform for solving trusted access security and automation. It addresses all aspects of trusted access and access automation. It ensures compliance with a wide variety of regulations, enables effective audit, and reduces risk.
In large enterprises, the platform saves millions of dollars annually by automation, in addition to reduced reputation risk, better business continuity, compliance with customer or government requirements. Furthermore, adoption of secure DevOps practices helps win new markets, gain market share, and obtain higher margins via better and more timely products.
The platform is built to transparently support customers' application-oriented distributed workflows and support and secure their transformation into cloud. It helps adopt microservices, containers, and serverless computing. It brings audit and control into DevOps and production deployments while enabling developer access with full audit and analytics.
The platform secures data transfers in distributed environments, controls access between computational instances, automates credential and secrets management, and enforces security boundaries.
The platform is designed to integrate into other security applications through open APIs.
The platform addresses critical security risks and audit points, including those relating to:
- Who has access to what systems and data, including proper provisioning and termination for SSH key credentials
- Separation of duties, including preventing SSH key based access from development to production
- Protection of confidentiality and integrity of communications
- Authentication of communicating devices and users
- Boundary protection
- Data leakage prevention
- Cryptographic key size, algorithm, age, and other policy controls
- Mapping data flows and connections between information systems
- Configuration change control for access-related configurations.
For more information on compliance, see the separate compliance page.
Who Has Access to What Systems and Data?
SSH keys grant access, and SSH access management is a top-5 critical security issue in enterprises right now. It is the top topic in identity and access management. It has turned out many organizations have way more SSH keys granting access to their systems than they have user names and passwords. The keys often bypass traditional privileged access management systems.
The platform includes the most comprehensive solution for managing SSH keys on the market. It manages and automates the full life cycle of keys, handling legacy environments, transformation to cloud, containers, and DevOps. It handles credentials for both automated and interactive access. In many organizations, over 95% of SSH access relates to automated processes and automated connections between information systems.
The platform manages keys for authenticating both devices and users. Device authentication keys include SSH host keys and X.509 certificates used for web server, application, and API server certificates and SSH host authentication. Management of user keys includes SSH user keys, X.509 certificates for user authentication, and other user certificates, such as X.509 keys for email encryption. For more information on the key management features, see Universal SSH Key Manager®.
A fundamental tenet of IT security is to define boundaries between security domains to limit access. These are enforced using firewalls and access controls. However, encryption prevents traditional firewalls from inspecting traffic going through the firewall.
By having access to server keys via its key management functionality, the platform is able to decrypt incoming traffic at a firewall. This enables it to monitor incoming access, whether by employees, outsourcing partners, vendors, or consultants. It can also enforce policy, such as prevent SSH tunneling, to prevent backdoor access, or require a second factor of authentication. It can do these at the firewall, without installing agents or additional software on servers. It can also send any files transferred using the encrypted SFTP protocol to a data loss prevention system or anti-virus system for inspection. It can pass all session contents to analytics systems for early warning detection, and can record any or all sessions for forensics and internal investigations.
Privileged Access Management
The platform performs session recording, password management, and other normal privileged access management operations. It differs from traditional privileged access management systems in that it can operate transparently, without a jump server. It can also prevent going around the privileged access management system using SSH keys, which is possible with traditional approaches.
Secure Data-in-Transit and Communications
The platform provides data-in-transit protection for administrative access, file transfers, and connecting servers at different data centers (VPN).
APIs for Integration, No Vendor Lock
The platform provides secure REST APIs, that is, programming interfaces that can be used for reading data from the platform components. The APIs can be used for operating the platform, including provisioning or deprovisioning of SSH keys, for exporting or importing data, for implementing plugins and extensions, and for integrating the platform to other products. This ensures there is no vendor lock and components of the platform can be mixed with existing and future infrastructure in the enterprise. For more information, see SSH One APIs & Connectors.
Services to Ensure Customer Success
We further provide services to ensure success in customer's deployment of SSH key management projects. From the SSH Risk Assessment service to subject matter expertise in SSH key management to full managed services, we focus on making the customer's project fast, minimally disruptive, and cost-effective. A success.
We also provide 24x7 support services for all our products.