Fraud & Identity Fraud & Identity



Fraud & Identity Industry News

TMCNet:  ISACA Report Confirms SSH Keys Need To Be Properly Managed To Ensure Compliance and Reduce Risk

[September 12, 2017]

ISACA Report Confirms SSH Keys Need To Be Properly Managed To Ensure Compliance and Reduce Risk

HELSINKI, and WALTHAM, Mass., and ROLLING MEADOWS, Ill., Sept. 12, 2017 /PRNewswire/ -- The use of Secure Shell (SSH) is ubiquitous, a critical service on which the security profile of most organizations depends. Yet, according to a new report issued by ISACA and sponsored by SSH Communications Security, only rarely is that usage appropriately secured, assessed, documented and managed in a systematic and risk-aware way. Consequently, poorly managed SSH key environments may lead to compliance challenges and security breaches. The full report can be downloaded free of charge from the ISACA or SSH Communications Security websites.

SSH Communications Security. (PRNewsFoto/SSH Communications Security)

The report outlines considerations that technology risk professionals, auditors, security practitioners and governance professionals should take into account as they approach the use of SSH in their enterprises. It offers guidance for the assessment of SSH usage, including items to incorporate in audit plans to ensure SSH access control and management is in place. Key areas auditors should consider regarding SSH keys include:

  • Security issues: Practical challenges include managing and tracking cryptographic keys at scale, responsibility for "key hygiene" and executive oversight for the use of SSH.
  • Assurance considerations: The ubiquity and transparency of SSH access makes the surface area for consideration very large, while the underlying mechanics of operation make it specialized and potentially complex. The report explores the core areas that auditors should consider when evaluating SSH usage.
  • Suggested controls: ISACA recommends specific areas to focus on when evaluating enterprise networks for SSH compliance, including configuration management and provisioning.

Frank Schettini, Chief Innovation Officer, ISACA, said: "SSH is one of those rare technologies that is in frequent use in almost every type of organization around the world. The report from ISACA examines the specific steps audit practitioners should take to ensure that they are not ignoring SSH usage and the access it provides, and gives general guidance on appropriate controls to assess and manage SSH keys. Our goal is to provide a practical starting point for improving any organization's security posture and overall governance."

Fouad Khalil, VP of Compliance, SSH Communications Security, said: 
"Audit, risk, security and governance practitioners have a huge and complex job on their hands when it comes to SSH user key management. ISACA's new report recommends that practitioners systematically address, assess and periodically re-evaluate the mechanics of SSH usage within their environments. Our robust set of solutions removes the complexity and difficulty from these urgent, critical tasks so organizations can become or remain secure and compliant."

About ISACA
Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology.

About SSH Communications Security
SSH Communications Security (NASDAQ OMX) is a leading provider of enterprise cybersecurity solutions that monitor, control and automate trusted access to critical data. Customers worldwide trust our flagship Universal SSH Key Manager® and other solutions to manage access, enhance security and achieve compliance. SSH sells direct through offices in North America, Europe and Asia and through a global network of certified partners. Access more at www.ssh.com




Company Contact:

Rueben Rodriguez

SSH Communications Security

+1 781-247-2100

Rueben.Rodriguez@ssh.com

Company Contact:

Kristen Kessinger

ISACA

+1 847-660-5512

kkessinger@isaca.org

Agency Contact:

Laura Schaub

Nadel Phelan, Inc.

+1 831-440-2414

Laura.Schaub@nadelphelan.com

 

View original content with multimedia:http://www.prnewswire.com/news-releases/isaca-report-confirms-ssh-keys-need-to-be-properly-managed-to-ensure-compliance-and-reduce-risk-300517637.html

SOURCE SSH Communications Security


[ Back To Fraud & Identity's Homepage ]




Industry Insights

(MobileID) Proactive Fraud Prevention

Interconnect-related fraud such as International Revenue Share Fraud (IRSF) and PBX hacking fraud continue to be a billion dollar problem to the telecom industry.

(Defender Shield) Defense solutions for the modern SMS ecosystem

SMS is a ubiquitous communication method for person-to-person (P2P) text messaging, which has been in use globally for nearly 20 years.

(Defender Shield) Preventing Grey Routes and the Multi-billion dollar Threat

The convenience of mobile messaging has brought communication efficiency to billions of consumers worldwide. As is often the case with widely accepted technologies; however, convenience can provide a vulnerable gateway to fraudulent activity.

Product Documents

Asset Protect

While unlimited or high-volume voice and SMS plans offer great value to subscribers, sometimes fraudsters exploit these plans to avoid paying termination and interconnect fees.

Defender Shield

In a world with ever-increasing Application-to-Person (A2P) messaging needs and competition, improving customer satisfaction and eliminating revenue leakage is key for protecting SMS profits.

MobileID

Accurate and cost-efficient routing of voice calls and SMS is critical. Unfortunately, gathering reliable routing data on ported numbers and keeping up with constant changes in number plans is expensive and time-consuming.

Fraud Solutions

Communications fraud is a $20B annual global problem and growing. Companies are looking for peace of mind so that their business and their customers are protected from the onslaught of technology crime that is damaging their reputations and their balance sheets.