Finland-based SSH Communications Security announced today the launch of a new governance, risk and compliance (GRC) service designed to help organizations with Secure Shell (SSH) key management in data center environments.
SSH is a cryptographic network protocol used for secure data communication and other network services. Organizations that don’t manage their SSH keys properly expose themselves to internal and external attacks, and they risk getting fines in case an audit finds that they are not compliant with mandatory security regulations and laws.
The new Secure Shell HealthCheck service launched by SSH Communications Security at the IT-SA Conference in Nuremberg, Germany, can be used to identify violations and other issues related to SSH management, configuration and access control.
“Too few companies are fully aware of the risks associated with lax Secure Shell key management. Secure Shell HealthCheck provides organizations with a complete view into their Secure Shell environments and a detailed assessment of security and compliance risks impacting their data centers,” said Christian Kress, general manager, DACH, SSH Communications Security. “When production servers are accessible with unknown keys and where access to those servers violates policy – a common scenario we encounter – the risks to the business are evident.”
Secure Shell HealthCheck provides a full analysis of the SSH environment, including SSH key locations, trust maps, and information on nearly a dozen other significant risk areas. The service also provides organizations with information on the actions they must take in order to remediate issues, reports for each category of stakeholders (CISOs, managers and engineers), and compliance analysis for regulatory frameworks such as PCI-DSS, Basel III, and NIST guidelines.
“At many enterprises there is a lack of awareness of the role Secure Shell plays in critical day-to-day operations. Secure Shell key-based authentications can easily outnumber many other logins within the data center,” commented Kalle Jääskeläinen, vice president of product management and services at SSH Communications Security. “While companies have implemented access controls and management procedures for employee login and external facing web applications, even basic security controls like key size, strength and type, rotation and de-provisioning are not part of the IT regimen for data center access controls. Our Secure Shell HealthCheck service provides the actionable information needed to improve security and access controls.”
Tatu Ylonen, the inventor of the SSH protocol and the CEO of SSH Communications Security, is one of the authors of a recently published NIST guide for addressing the security risks posed by the use of SSH for automated access.