Cyber criminals, such as malicious insiders, often use SSH keys to access systems from remote locations, evade security tools and escalate privileges. Auditing SSH entitlements as part of Privileged Access Management (PAM) policies can help organizations understand how well they control access to sensitive data.
Unfortunately, SSH entitlements are often not included in PAM policies, and thus are rarely audited. Without proper auditing and effective SSH security policies, SSH key weaknesses can go undetected, leaving organizations vulnerable to a wide range of cybersecurity attacks.
Venafi recently conducted a study that evaluated how organizations manage and implement SSH in their environments. Over 400 IT security professionals with in-depth knowledge of SSH participated, however, the study reveals a widespread lack of SSH audits. For example, 55% of the respondents said SSH entitlements are not featured in their PAM policies.
Additional highlights from the study:
“Proper oversight from auditors and policy makers would go a long way toward helping organizations understand SSH security risks,” said Steven Armstrong, enterprise information security and risk management consultant and former Federal Reserve Bank Examiner. “Sadly, without detailed insight into the impact of lax SSH policy enforcement, most organizations do not have the information or the catalysts they need to strengthen SSH security.”