Search

COMMENTARY
INFORMATION TECHNOLOGY | Contributed Content, Singapore
Published: 10 Aug 12
1120 views


Tommi Lampila

3 challenges in user key management

BY TOMMI LAMPILA

Singapore, as an international city and the regional business and financial hub of Asia Pacific, has been inextricably in line with international standards of excellence.

While the adoption of the PCI-DSS and Sarbanes-Oxley Act (SOX) SOX standards began among North American organizations, multinational companies with global presence are adopting the standards and compliance efforts centred on them are increasing. For example, companies that need to be compliant with PCI-DSS also require their partners that exchange and co-process credit card data, to maintain the compliance.

Early before the development of the compliance requirements, global enterprises have adopted Secure Shell (SSH), a network protocol invented in 1995 for securing data communication. Today over 3000 global organisations use the SSH data-in-transit solution for moving information, including 7 of the Fortune 10 and trends have shown that there is an increase of SSH usage in the financial industry to meet compliance in recent years.

For these enterprises, the most critical enterprise data and applications are often transported and housed on SSH and OpenSSH servers. In order to access the data, user authentication is required. However, in today’s complex enterprise environments, it is nearly impossible to map the trust relationships between individual users, system accounts and application ID’s to their respective targeted destination SSH servers.

Enterprises typically have one or more IMS (Identity Management System) for their users, which usually does not encompass access to all systems and accounts across the enterprise and provides no visibility into user keys keys that provide access to the organizations most sensitive information.

Traditional manual approaches to managing user keys are not only time consuming and expensive; but also easily trigger manual errors in key setups. This not only poses a major security and compliance risk, but has also proven to be cost ineffective.

Challenges in managing keys

1. Compliance
Today the compliance standards are higher and even more specific on user key management. For instance, PCI DSS requires enterprises to “Protect encryption keys issued for encryption of cardholder data against disclosure and misuse.” and “Fully document and implement all key management processes and procedures”.

In addition, the ISO 27001-1 also specifies requirements for key management. Organizations need to expend more effort to comply with the more stringent requirements.

2. High cost
Setting up new keys and trust-relationships in traditionally manual way is complex. It is even more complex to rotate and remove the keys. The more dynamic the environments are, the more key operations are required. The widespread cloud and grid computing adoption has increased the burden of IT departments of many of institutions.

3. Growing risk
According to the IBM X-Force 2011 Trend and Risk Report, there were a large number of automated password guessing attempts directed at secure shell servers in the latter half of 2011.

In addition, the top 10 threat actions types by number of breaches within larger organizations, “Use of stolen login credentials” ranked no. 1, according to 2012 Data Breach Investigations Report by Verizon. The present situation calls for enterprises to seek ways to eliminate complex manual work, reduce risk of unauthorized access, improve visibility and meet compliance.

A logical three phased approach of user keys management The best practice of user keys management to overcome these challenges should include three phrases: discovery, monitoring and management.

First, the legacy environment of existing deployed private and public SSH keys and their associated users are discovered and manual errors and mismanagement in the past are then identified.

Thereafter, this environment is locked down and monitored, and the authorized users are linked to the respective servers via user and group information, as well as the defined access policies.

Finally, the environment is brought under automatic management, and user keys are automatically deployed, revoked, recertified and rotated according to changes in the operational environment and user repositories. 

The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.

Tommi Lampila

Tommi Lampila

Tommi Lampila is the Vice President, APAC, SSH Communications Security. 

Contact Information



Sign up for our newsletter

 

Do you know more about this story? Contact us anonymously through this link.

Click here to learn about advertising, content sponsorship, events & rountables, custom media solutions, whitepaper writing, sales leads or eDM opportunities with us.

To get a media kit and information on advertising or sponsoring click here.

Tags: Tommi Lampila, SSH Communications Security, PCI-DSS Singapore, Singapore's enterprise environment, Identity Management Sytem in Sngapore

LATEST INFORMATION TECHNOLOGY JOBS »
PRINT ISSUE »

Subscribe Now
Survival of the fittest in Singapore’s franchising scene

19 views

Singapore’s IPO market falters as Hong Kong’s soars

8 views

Singapore’s “mid-life crisis”

45 views

MOST READ EXCLUSIVES

Bosch’s cutting-edge regional HQ is one of the greenest buildings you’ll find in Singapore

Bosch’s cutting-edge regional HQ is one of the greenest buildings you’ll find in Singapore

It boasts an automated sun-shading system.

by MARIANNE ESTIOCO
7 Jul 2015 | 14931 views
 

Husband and wife duo ditch plum banking jobs to shake up Singapore’s HR scene

Husband and wife duo ditch plum banking jobs to shake up Singapore’s HR scene

This small start-up has global dreams.

by MARIANNE ESTIOCO
8 Jul 2015 | 9669 views

Cocoa Colony to open 12 more outlets in Singapore by end-2015

Cocoa Colony to open 12 more outlets in Singapore by end-2015

The cafe chain seeks to target the masses.

by KRISANA GALLEZO-ESTAURA
21 Jul 2015 | 8909 views
 

10 smart ways to spend your GST Vouchers

10 smart ways to spend your GST Vouchers

Regardless of how much you spend, aim to spend it well.

by KRISANA GALLEZO-ESTAURA
8 Jul 2015 | 8583 views

TAIGER’s office bids goodbye to claustrophobia-inducing cubicles

TAIGER’s office bids goodbye to claustrophobia-inducing cubicles

Walls and windows function as a big canvas.

by MARIANNE ESTIOCO
15 Jul 2015 | 4712 views
 

Hootsuite boosts its APAC team opening a new office in Singapore

Hootsuite boosts its APAC team opening a new office in Singapore

Its VP talks about the importance of the company’s culture in line with opening the new space.

by LEE ANNE BABIERRA
18 Jun 2015 | 3330 views

Get bitten by the travel bug in Skyscanner’s quirky Asia-Pacific headquarters

Get bitten by the travel bug in Skyscanner’s quirky Asia-Pacific headquarters

Meeting rooms are named after Asian tourist spots.

by MARIANNE ESTIOCO
5 Jun 2015 | 3290 views
 

Bye bye blurry video calls: Here’s a WebRTC startup that offers close to HD video quality using any device

Bye bye blurry video calls: Here’s a WebRTC startup that offers close to HD video quality using any device

Find out how they are building the next generation of web communications.

by LEE ANNE BABIERRA
2 Jun 2015 | 2692 views

Singapore’s first dedicated F&B development to open in East Coast Road

Singapore’s first dedicated F&B development to open in East Coast Road

Katong Square plans to open at the end of the year.

by STAFF REPORTER
31 Jul 2015 | 2601 views
 

Experience a different form of Thai casual dining at Gin Khao

Experience a different form of Thai casual dining at Gin Khao

The man behind the Jus Delish Group opens its flagship outlet at East Coast Parkway.

by STAFF REPORTER
19 Aug 2015 | 2471 views

CtrlShift’s new office exudes a ‘wow-effect’ without being too grand

CtrlShift’s new office exudes a ‘wow-effect’ without being too grand

Paying attention to small details paid off.

by LEE ANNE BABIERRA
29 Jul 2015 | 2250 views
 

Former college dropout built his own company and made $2million in just 2 years

Former college dropout built his own company and made $2million in just 2 years

He developed a hiring software for jobless women and youth.

by KRISANA GALLEZO-ESTAURA
20 Aug 2015 | 1762 views

Grant Thornton aims to grow staff to 200-300 people in Singapore

Grant Thornton aims to grow staff to 200-300 people in Singapore

Here’s what it will do differently compared to the Big Four.

by KRISANA GALLEZO-ESTAURA
29 Jul 2015 | 1597 views
 

This handy app lets you book nearly any service under the sun

This handy app lets you book nearly any service under the sun

Find technicians, babysitters and more with Page Advisor.

by MARIANNE ESTIOCO
8 Jun 2015 | 1584 views

Could this site be your new financial buddy?

Could this site be your new financial buddy?

It allows users to look for financial services based on their pre-calculated profile.

by LEE ANNE BABIERRA
30 Jul 2015 | 1516 views
 

This app is out to prove that Singapore is anything but boring

This app is out to prove that Singapore is anything but boring

And Sugar helps SMEs in the process too.

by MARIANNE ESTIOCO
2 Jun 2015 | 1474 views

The wait is over: American Eagle Outfitters opens flagship store in VivoCity

The wait is over: American Eagle Outfitters opens flagship store in VivoCity

Shop until you drop with its wide selection of denim washed jeans.

by STAFF REPORTER
19 Aug 2015 | 1453 views
 

PwC Singapore launches its first Investment Fund Centre in Asia

PwC Singapore launches its first Investment Fund Centre in Asia

Expanding its presence in the asset management sector across Asian region.

by LEE ANNE BABIERRA
29 Jun 2015 | 1381 views

Hey, boss: This startup wants to be your all-around sidekick

Hey, boss: This startup wants to be your all-around sidekick

Alpha7 wants SMEs to join the Cloud.

by STAFF REPORTER
16 Jun 2015 | 1362 views
 

How do you like getting cash rebates when shopping online?

How do you like getting cash rebates when shopping online?

ShopBack introduces this concept in Southeast Asia.

by STAFF REPORTER
21 Jul 2015 | 1343 views

Get your head in the game: Testing challenges await the Internet of Things

Get your head in the game: Testing challenges await the Internet of Things

Industry experts share their concerns over security and testing standards.

by LEE ANNE BABIERRA
4 Jun 2015 | 1254 views
 

Out with the old, in with the new: Arcc Offices refurbished its first serviced office in Singapore

Out with the old, in with the new: Arcc Offices refurbished its first serviced office in Singapore

It is designed with break out spaces that are ideal for a collaborative working environment.

by LEE ANNE BABIERRA
17 Aug 2015 | 1219 views

Leave your valuables unattended: This on-demand cleaning service offers $1m liability insurance

Leave your valuables unattended: This on-demand cleaning service offers $1m liability insurance

Book a reliable cleaner in seconds with Helpling.

by MARIANNE ESTIOCO
22 Jun 2015 | 1068 views
 

WeInvest.net simplifies exploration of available investment opportunities

WeInvest.net simplifies exploration of available investment opportunities

It claims to be the world’s first platform allowing investors to take a peek into the restricted funds.

by LEE ANNE BABIERRA
7 Aug 2015 | 1063 views

Almac Group boosts APAC foothold, unveils first clinical packaging facility

Almac Group boosts APAC foothold, unveils first clinical packaging facility

It’s the first to complete the Health Sciences Authority inspection.

by LEE ANNE BABIERRA
5 Aug 2015 | 1023 views
 

Asian corporates face tough balancing act as sustainability issues mount

Asian corporates face tough balancing act as sustainability issues mount

Discover the changing face of Asian CSR.

by MARIANNE ESTIOCO
1 Jul 2015 | 662 views
close Don't Show Again

STAY INFORMED! Get our free weekly newsletter