IDC TECHNOLOGY SPOTLIGHT
SSH Governance is Needed to Reduce Risk & Bridge the Trusted Access Gap
Organizations are increasingly addressing weaknesses in Secure Shell (SSH) authentication management, which has suffered from poor governance for years. A recent study conducted by IDC found that the responsibility for provisioning and deprovisioning SSH credentials rests with multiple stakeholders.
This fact is known by criminals who take advantage of the lack of governance over SSH to use valid SSH keys in order to bypass security controls and quickly move laterally in the corporate network to sensitive resources. It is essential for organizations to gain visibility into and control over SSH key management as the tally of data breaches stemming from stolen account credentials and hijacked accounts continues to rise.
SSH keys help administrators securely manage critical systems remotely and even automate data exchange between applications. The irony is that poorly implemented policies and monitoring and enforcement mechanisms have resulted in a false sense of security. Today, organizations are swamped with thousands of unchecked SSH keys, some of which have long been abandoned or never revoked.