Skip to main content
banner image
venafi logo

How Can Auditors Help Organizations with SSH Key Risk? [Venafi @ ISACA]

How Can Auditors Help Organizations with SSH Key Risk? [Venafi @ ISACA]

October 19, 2021 | Scott Carter

Why is effective SSH machine identity management so critical now? Machines across your organization are using SSH keys to identify themselves to one another and ensure secure communications, particularly in the cloud. Many digital transformation initiatives involve migrating to the cloud, and many cloud servers rely on SSH for protection. However, SSH is notoriously difficult to manage because SSH machine identities, unlike SSL/TLS machine identities, never expire and are rarely removed.

Are Your SSH Machine Identities Secured? Find Out Now!

This difficulty has resulted in an epidemic of unmanaged keys across most large enterprises. According to Venafi Risk Assessments, enterprises have, on average, one root access orphan key per every server and one shared SSH private key for every two servers. Shared private keys—where users share a given SSH key with other users—are an ideal cover for malicious intent. Edward Snowden purportedly stole and leaked classified NSA files leveraging shared private keys.

Root access orphan keys are even more dangerous. Because they have root access and are untraceable without the help of specialized technologies, root access orphan keys serve as backdoors for all types of nefarious conduct. Specialized (and often commoditized) SSH malware like TrickBot, Kobalos, Hildegard and Pro-Ocean are taking advantage of these many backdoors to steal data and turn servers into botnets, among other risks. And the risks posed by malware that abuses SSH machine identities is growing in tandem with the exponential growth of SSH across the enterprise.

Find out why organizations may be underestimating the substantial risk that SSH keys pose and how auditors can help reduce it at ISACA Conference Europe 2021 | Virtual. On Wednesday, October 20 at 3:25 Helsinki time, Angela Morris, senior product marketing manager for SSH at Venafi, and Nikita Reznik, SSH global architect at Venafi will present on why audits can be the most effective way to measure the impact of SSH key management programs. In their session entitled, How Can Auditors Help Organizations with SSH Key Risk?, Morris and Reznik will explore the role audits can play in demonstrating SSH risk to organizations and how auditors can help organizations improve their security.

You’ll learn:

  • What risks are posed by improperly managed SSH keys?
  • Why do organizations underestimate the risks SSH keys can pose?
  • Why are audits essential for testing the effectiveness of SSH key management programs?
  • What can auditors do to conduct more effective security audits—and help organizations improve their SSH machine identity management strategies?
Why is effective SSH machine identity management so critical now?

The number of SSH keys across most large organizations numbers in the millions, with no sign of slowing as organizations move more and more workloads to the cloud. And although some organizations have SSH policies and key management programs in place, many still don’t. As a result, many organizations underestimate the number of SSH keys they have in their network—often by as much as 100% or more. According to Reznik, organizations rarely have a handle on their total SSH key population because most of them lack complete visibility into their inventories.

Much of that is due to the difficulty in managing so many keys without specialized technologies to support them. Organizations lack the proper tools that can provide them with visibility into their entire SSH key population to see the risks posed by orphaned or misused keys, let alone the automation capabilities to enforce key governance policies. For example, an organization may have a policy in place that calls for immediate revocation and removal of SSH keys associated with terminated or reassigned employees, but they won’t be able to consistently enforce this policy unless they can automate the actions that support such a policy.

Arguably, the most effective way of getting organizations to establish and improve their SSH machine identity management program is regulations that require them to have effective governance, including clear and enforceable policies in place. PCI-DSS, HIPAA/HITRUST and FISMA are just a few of the many standards bodies that require companies to perform regular audits of their SSH key management program to prove compliance. When organizations in highly regulated industries, including financial services, healthcare and government, fail to adhere to policies they risk fines and penalties that could imperil their livelihoods.

Attend the Venafi SSH session at ISACA Conference EMEA on Wednesday, October 20 at 3:25 Helsinki time, to learn why audits can help your organization measure the effectiveness of your SSH key management programs.

Related Posts

Like this blog? We think you will love this.
how ssh works
Featured Blog

How Secure Shell (SSH) Keys Work

How it works SSH is a type of network protocol that creates a cryptographically secure

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more