Skip to main content
banner image
venafi logo

Venafi Study: CIOs Massively Underestimate SSH Risks [Do You?]

Venafi Study: CIOs Massively Underestimate SSH Risks [Do You?]

January 28, 2021 | Shelley Boose

Over the past several months, we’ve seen significant attacks that target or abuse Secure Shell (SSH)  machine identities. For example, we’ve seen a recent rise in attacks on Linux servers in the cloud and Lemon_Duck and FritzFrog cryptominers. Also, malware that abuses SSH keys is becoming increasingly popular with cybercriminals.

These attacks that misuse these characteristics are particularly pernicious because SSH machine identities authenticate privileged access between machines and are ubiquitous across enterprise networks. If organizations don’t have global visibility into how SSH keys are used and can’t automatically rotate or revoke orphaned, compromised or unneeded keys, they may leave themselves vulnerable to severe business risks.

But just how exposed are the SSH keys of most organizations? Venafi launched a study to better understand the the scale of this problem. While CIOs say they are concerned about the security risks SSH machine identities pose, Venafi data indicates they seriously underestimate the scope of these risks. In fact, the Venafi Risk Assessment team found an average of one root access orphan key, which can act as a permanent back door, on every enterprise server that was studied.

A new report compiles the results of the study, offering further insights into the security risks that poorly protected SSH machine identities pose to enterprises. The report compares findings from a survey of 550 CIOs from the United States, United Kingdom, France, Germany and Australia, with unique data and insights from aggregate SSH Risk Assessments conducted by Venafi SSH security experts over a two-year time period. The Venafi Risk Assessment team analyzed more than 14 million SSH client keys and 3.3 million SSH host keys and found serious SSH security risks.

Here are key findings from the report:

  • 80 percent of CIOs say they are concerned about the security risks connected with SSH keys. 68 percent recognize managing SSH will only become more difficult as organizations move to modern, cloud-native environments.
  • Enterprises average 2.5 root access keys per server analyzed. Root access keys provide the highest levels of access to machines. If a threat actor gains access to root privileges, they can access anything on a remote server—or multiple servers if the server has been cloned.
  • 96 percent of CIOs say their policies require the removal of keys when employees are terminated or transferred, but 40 percent admit they don’t have automated tools to remove unused keys.
  • Enterprises have, on average, more than 7,000 root access orphan keys, or at least one root access orphan per every server analyzed. Root access orphan keys bring great security risks for organizations because they can create persistent back doors into networks that can last for months or years.
  • Enterprises average 2 duplicate private keys and one shared private key per each server analyzed. A large number of duplicate private keys typically stems from ineffective or nonexistent enforcement of policies governing limitations on the location and security of the private key.

“SSH keys are extremely powerful assets that require careful protection,” said Kevin Jacque, global security architect for Venafi. “The problem is that most organizations do not have any automated tools to protect them, so SSH keys are often completely unmanaged, exposing organizations to major security risks. These major security risks are continuing to grow as organizations move more workloads to the cloud where SSH keys are used for many routine tasks. The only practical solution to these risks is a comprehensive SSH machine identity management solution that provides continuous visibility of all SSH keys and leverages automation to actively manage them.”

Related posts

Like this blog? We think you will love this.
Featured Blog

Most Common SSH Vulnerabilities & How to Avoid Them

Most common SSH vulnerabilities

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Shelley Boose
Shelley Boose

Shelley is Director of PR and Content Marketing at Venafi. In her own words, "I help companies translate complex technologies into engaging and compelling, digital stories."

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more