This is part two of a two-part series. To read part one, click here.
Holes in IAM Governance
Identity and access management solutions assist in controlling the access to cloud infrastructure, applications, servers and both structured and unstructured data. These solutions are good at managing the identities assigned to interactive human users, but not so the larger number of identities assigned to the automated processes that drive much of the computing in large-scale data centers. As non-human identities continue to grow, IAM implementations are not addressing the majority of identities present in an enterprise: the identities performing the bulk of operations.
The majority of identities that enable M2M processes use Secure Shell for authentication and authorization because a secure encrypted channel is needed for M2M data transfers. However, holes exist in IAM governance of identities that use Secure Shell. Instead of a centralized provisioning procedure, application developers, application owners and process owners may all have identity creation and assignation privileges. This often leads to a lack of proper control and oversight over creation of identities and their authorizations. Without central management and visibility, enterprises cannot be sure how many Secure Shell identities have been created, what these identities are authorized to perform and what authorizations are in fact no longer needed.
In light of open source vulnerabilities like Heartbleed, many organizations have followed Google’s lead in re-thinking how they use and manage open source technologies, both in their products and within their organization. And that’s a good thing. The point here is not that open source is bad. Rather, it is a call to action for technology executives to take another look at the critical but oft-forgotten infrastructure that their businesses are riding on, especially when it is something as ubiquitous and critical as encryption technologies like SSL or Secure Shell. Important questions to ask include:
A Strong (Security) Profile
In general, OpenSSL has done an amazing job of encrypting sensitive data for two-thirds of all websites and has done so on a shoestring. However, lack of sufficient funding and oversight allowed vulnerabilities to go unpatched for far too long. Unscrupulous actors are constantly on the lookout for any opportunity, and a vulnerability in encryption software is hacking gold. If a vulnerability can enable hackers to steal Secure Shell keys, which allow undetected access to your network, something has got to change – and fast.
Change comes in the form of greater visibility, strong IAM controls and centralized provisioning – all best practices for using OpenSSL and implementing Secure Shell protocol. Heartbleed showed the world how dangerous an OpenSSL vulnerability can be, but adhering to these best practices will close loopholes and enable greater insight into your security profile.
Matthew brings over 10 years of high technology sales, marketing and management experience to SSH Communications Security and is responsible for all revenue-generating operations. His expertise in strategically delivering technology solutions that anticipate the marketplace has helped the company become a market leader.
Prior to joining the company, Matthew served as a member of the executive management team of Automaster Oyj which was successfully acquired by ADP Dealer Services Nordic. Before this, Matthew played professional soccer in Germany and Finland.
Matthew holds a BA in German from the University of South Carolina and an MBA from the Helsinki School of Economics and Business Administration.
Antivirus software is not enough. Apex Technology Services used its decades of IT and cybersecurity
experience to create budget-friendly network security packages every company needs.
Please take a moment to fill out your information so we can contact you directly regarding your request.
Discover the ways AI and computer vision can complement digital security systems. See the challenges and ethical obstacles it faces on the road to mak…
A multisignature wallet ensures that people are able to sign transactions and documents as a group. It is a type of digital signature that is generate…
IoT (Internet of Things) is an integrated system that works via the network of short-range mobile transceivers supplemented in electronic devices, fun…
Setting up VoIP for your business also means you must call on a VoIP provider. Find out why Aircall is the best choice for your company.
Innovators face several challenges in established organizations, cultural challenges are one of them. This often leads to the establishment of a physi…