Skip to main content
banner image
venafi logo

SSH Keys—Lowest Cost, Highest Risk Security Tool

SSH Keys—Lowest Cost, Highest Risk Security Tool

ssh key risks
October 13, 2017 | Christine Drake

Generating SSH keys is free, but poor SSH key practices expose businesses to costly risk. It takes just one SSH key for a cybercriminal to access an organization’s network and pivot to gain further access to the most sensitive systems and data.

When do SSH keys become a liability? SSH keys are often used for routine administrative tasks by system administrators, but are also used for secure machine-to-machine automation of critical business functions. However, the SSH keys themselves are often left unprotected, leaving organizations vulnerable to unauthorized privileged access.

At ISACA Cybersecurity Nexus (CSX) 2017 Europe conference, the Head of the Global Security Architect team at Venafi, Mike Dodson, will share the potential risks of allowing system administrators to configure and manage their own SSH keys—namely through ad hoc processes that use inconsistent security practices. Many keys are left unused and unmonitored, and some walk out the door with prior employees—whether maliciously or innocently. With no expiration and a lack of lifecycle management, enterprises can wind up with literally millions of SSH keys and a broad attack surface.

In his presentation, Mike will challenge you to consider how much security you place around passwords and how often you rotate them. Then, he’ll ask you to compare that to your SSH keys—the credentials that provide the most privileged access. You’ll hear the common mistakes that almost all enterprises make around security, policy, and auditing practices when managing SSH keys, supported by current survey results. Plus, you’ll discover the SSH key risks that are not addressed by IAM/PAM solutions and why they are probably some of the biggest risks in your environment. Finally, you’ll learn how to take SSH keys from an operational liability to a security asset.

In his CSX session, Mike will pull from real-world SSH security projects to illustrate how many enterprises wind up with millions of SSH keys. You’ll explore all-too-common pitfalls in SSH key management as well as best practices to avoid them, including topics like these:

  • How cybercriminals are exploiting SSH keys to gain unauthorized privileged access.
  • How SSH keys provide the ideal mechanism for cyber criminals to pivot through your environment, and how to control it.
  • Why PAM solutions don’t protect against SSH key risks.
  • How to develop a plan to incorporate best practices into SSH key management

Interested in learning more? See Mike Dodson present at CSX 2017 Europe, October 30-Novemer 1, 2017 in London, UK.

Like this blog? We think you will love this.
Featured Blog

All About SSH Key Management and SSH Machine Identities

SSH is a secure way to initiate remote computer access and en

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Christine Drake
Christine Drake

Christine Drake writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more