A Gaping Hole in Your Identity and Access Management Strategy: Secure Shell Access Controls
IDC White Paper On SSH Access Controls
Identity and access management (IAM) is a critical component of an enterprise's security strategy IAM implementations have largely focused on gaining control over the massive number of business users in the enterprise through both enhanced governance and automated provisioning capabilities. IAM deployments have helped IT security teams gain significant control of and visibility into a broad range of users — from rank-and-file employees to C-level executives. However, this governance framework has largely ignored privileged users (systems and applications administrators) and the large number of automated application-to-application processes that drive day-to-day IT operations. This is a gaping hole in the overall security architecture of the vast majority of enterprises. This white paper is designed to provide IT managers with basic background material on SSH key management and access control issues, outline the attendant IAM risks, and describe how those risks can be mitigated.