Search

COMMENTARY
INFORMATION TECHNOLOGY | Contributed Content, Singapore
Published: 10 Aug 12
1036 views


Tommi Lampila

3 challenges in user key management

BY TOMMI LAMPILA

Singapore, as an international city and the regional business and financial hub of Asia Pacific, has been inextricably in line with international standards of excellence.

While the adoption of the PCI-DSS and Sarbanes-Oxley Act (SOX) SOX standards began among North American organizations, multinational companies with global presence are adopting the standards and compliance efforts centred on them are increasing. For example, companies that need to be compliant with PCI-DSS also require their partners that exchange and co-process credit card data, to maintain the compliance.

Early before the development of the compliance requirements, global enterprises have adopted Secure Shell (SSH), a network protocol invented in 1995 for securing data communication. Today over 3000 global organisations use the SSH data-in-transit solution for moving information, including 7 of the Fortune 10 and trends have shown that there is an increase of SSH usage in the financial industry to meet compliance in recent years.

For these enterprises, the most critical enterprise data and applications are often transported and housed on SSH and OpenSSH servers. In order to access the data, user authentication is required. However, in today’s complex enterprise environments, it is nearly impossible to map the trust relationships between individual users, system accounts and application ID’s to their respective targeted destination SSH servers.

Enterprises typically have one or more IMS (Identity Management System) for their users, which usually does not encompass access to all systems and accounts across the enterprise and provides no visibility into user keys keys that provide access to the organizations most sensitive information.

Traditional manual approaches to managing user keys are not only time consuming and expensive; but also easily trigger manual errors in key setups. This not only poses a major security and compliance risk, but has also proven to be cost ineffective.

Challenges in managing keys

1. Compliance
Today the compliance standards are higher and even more specific on user key management. For instance, PCI DSS requires enterprises to “Protect encryption keys issued for encryption of cardholder data against disclosure and misuse.” and “Fully document and implement all key management processes and procedures”.

In addition, the ISO 27001-1 also specifies requirements for key management. Organizations need to expend more effort to comply with the more stringent requirements.

2. High cost
Setting up new keys and trust-relationships in traditionally manual way is complex. It is even more complex to rotate and remove the keys. The more dynamic the environments are, the more key operations are required. The widespread cloud and grid computing adoption has increased the burden of IT departments of many of institutions.

3. Growing risk
According to the IBM X-Force 2011 Trend and Risk Report, there were a large number of automated password guessing attempts directed at secure shell servers in the latter half of 2011.

In addition, the top 10 threat actions types by number of breaches within larger organizations, “Use of stolen login credentials” ranked no. 1, according to 2012 Data Breach Investigations Report by Verizon. The present situation calls for enterprises to seek ways to eliminate complex manual work, reduce risk of unauthorized access, improve visibility and meet compliance.

A logical three phased approach of user keys management The best practice of user keys management to overcome these challenges should include three phrases: discovery, monitoring and management.

First, the legacy environment of existing deployed private and public SSH keys and their associated users are discovered and manual errors and mismanagement in the past are then identified.

Thereafter, this environment is locked down and monitored, and the authorized users are linked to the respective servers via user and group information, as well as the defined access policies.

Finally, the environment is brought under automatic management, and user keys are automatically deployed, revoked, recertified and rotated according to changes in the operational environment and user repositories. 

The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.

Tommi Lampila

Tommi Lampila

Tommi Lampila is the Vice President, APAC, SSH Communications Security. 

Contact Information



Sign up for our newsletter

 

Do you know more about this story? Contact us anonymously through this link.

Click here to learn about advertising, content sponsorship, events & rountables, custom media solutions, whitepaper writing, sales leads or eDM opportunities with us.

To get a media kit and information on advertising or sponsoring click here.

Tags: Tommi Lampila, SSH Communications Security, PCI-DSS Singapore, Singapore's enterprise environment, Identity Management Sytem in Sngapore

CO-WRITTEN ARTICLES & SPONSOR CONTENT ››

Here's why Concorde Hotel Singapore and Putrajaya International Convention Centre lead the way in technology and building efficiency.
32 views

LATEST INFORMATION TECHNOLOGY JOBS »
PRINT ISSUE »

Subscribe Now
Trains, planes, automobiles and drones

190 views

As goes Hong Kong, so goes Singapore?

1606 views

Office property shows no signs of a slowdown

469 views

MOST READ EXCLUSIVES

13 most exclusive credit cards in Singapore

13 most exclusive credit cards in Singapore

Some of which you’ve probably not heard of.

by KRISANA GALLEZO
27 Aug 2014 | 123595 views
 

Singapore's 12 most influential business professors under 40

Singapore\'s 12 most influential business professors under 40

The youngest is aged 34.

by KRISANA GALLEZO
23 Oct 2014 | 63920 views

11 craziest credit card purchases in Singapore

11 craziest credit card purchases in Singapore

Find out if each is worth the outlay.

by KRISANA GALLEZO
22 Sep 2014 | 43636 views
 

Singapore’s 7 hot new restaurants in September

Singapore’s 7 hot new restaurants in September

Have you checked out a very secretive cafe at 48 ¾ Niven Road?

by KRISANA GALLEZO
6 Oct 2014 | 24549 views

Singapore’s 8 hotels coming your way next year

Singapore’s 8 hotels coming your way next year

A total of 3,458 hotel rooms will soon be available.

by KRISANA GALLEZO
8 Sep 2014 | 22994 views
 

Singapore’s 8 hot new restaurants in August

Singapore’s 8 hot new restaurants in August

Get a taste of an aromatic broken rice dish without MSG.

by KRISANA GALLEZO
4 Sep 2014 | 13101 views

Check out General Motors’ new HQ in Singapore

Check out General Motors’ new HQ in Singapore

A ‘hot desks’ rule is implemented in the new office.

by KRISANA GALLEZO
3 Oct 2014 | 11423 views
 

Have you been to The Providore Warehouse yet?

Have you been to The Providore Warehouse yet?

Check out some photos inside.

by KRISANA GALLEZO
1 Sep 2014 | 11090 views

Singapore’s 10 favorite meals on wheels

Singapore’s 10 favorite meals on wheels

You better cut the pizza: An Italian dish bagged the number 1 spot.

by KRISANA GALLEZO
17 Oct 2014 | 10777 views
 

Have spare time before boarding? Dine in at Old Chang Kee’s first Changi Airport outlet

Have spare time before boarding? Dine in at Old Chang Kee’s first Changi Airport outlet

The new outlet’s construction cost more than half a million dollars.

by KRISANA GALLEZO
11 Sep 2014 | 6517 views

Don’t settle for less: Legendary Hong Kong brings authentic and traditional HK dishes to Singapore

Don’t settle for less: Legendary Hong Kong brings authentic and traditional HK dishes to Singapore

The restaurant’s construction cost over a million dollars.

by KRISANA GALLEZO
3 Nov 2014 | 6016 views
 

5 craziest things you can't imagine founders would do to make their startup successful

5 craziest things you can\'t imagine founders would do to make their startup successful

Will you jump out of the plane flying at over 15K ft  just to catch a potential client?

by KRISANA GALLEZO
3 Sep 2014 | 5835 views

The wait is over: Japanese restaurant chain ON-YASAI finally hits Singapore

The wait is over: Japanese restaurant chain ON-YASAI finally hits Singapore

10 to 15 more outlets coming over the next 5 years.

by KRISANA GALLEZO
28 Aug 2014 | 5002 views
 

Get ready to work and play at Spotify’s regional office

Get ready to work and play at Spotify’s regional office

All the furniture except the bean bags were imported from Sweden.

by KRISANA GALLEZO
23 Sep 2014 | 4771 views

Opera Estate welcomes a little bar simply called ‘Slake’

Opera Estate welcomes a little bar simply called ‘Slake’

It wants to be your living/dining room outside of home.

by KRISANA GALLEZO
25 Sep 2014 | 4095 views
 

The new Acronis HQ will make you feel like ‘walking into blue space’

The new Acronis HQ will make you feel like ‘walking into blue space’

Also, check out photos of its 7-eleven-like pantry amenities.

by KRISANA GALLEZO
28 Oct 2014 | 4058 views

Sofitel in Sentosa launches world's largest So SPA

Sofitel in Sentosa launches world\'s largest So SPA

Future plans are finally revealed.

by KRISANA GALLEZO
22 Oct 2014 | 3467 views
 

These NUS students boldly suggest removal of Malaysian Airlines' CEO to survive

These NUS students boldly suggest removal of Malaysian Airlines\' CEO to survive

That's just one part of the strategy.

by KRISANA GALLEZO
16 Sep 2014 | 3401 views

Want to know a ‘smart’ way to have your clothes washed?

Want to know a ‘smart’ way to have your clothes washed?

My Laundry Box introduces a smart laundry locker platform that works with an app.

by KRISANA GALLEZO
17 Oct 2014 | 2809 views
 

Will you take up the challenge to live on $5 a day and share the experience?

Will you take up the challenge to live on $5 a day and share the experience?

This campaign already generated over 8,000 followers on Facebook.

by KRISANA GALLEZO
23 Sep 2014 | 2804 views

Could this be the most intelligent phonebook app yet?

Could this be the most intelligent phonebook app yet?

It’s self-updating and removes duplicates for worry-free contacts storage.

by KRISANA GALLEZO
29 Sep 2014 | 2802 views
 

Arete Culture opens first store in Lam Soon Building

Arete Culture opens first store in Lam Soon Building

It's a one-stop shop for your quirky interior decors.

by KRISANA GALLEZO
24 Sep 2014 | 2757 views

Worry about your loved ones’ whereabouts no more

Worry about your loved ones’ whereabouts no more

Folr introduces a real-time geo-location tracking mobile app that also details where they were.

by KRISANA GALLEZO
5 Sep 2014 | 2722 views
 

Noël Caleb Concept Store opens September 29

Noël Caleb Concept Store opens September 29

It targets women wanting to wear designs not found anywhere in the world.

by KRISANA GALLEZO
10 Sep 2014 | 2073 views

Do you want to build your own bike?

Do you want to build your own bike?

This store allows owners to creatively piece bike parts on their own.

by KRISANA GALLEZO
28 Oct 2014 | 1982 views
 

Hippy Tyrwhitt Road welcomes a resto-bar offering an all-day happy hour

Hippy Tyrwhitt Road welcomes a resto-bar offering an all-day happy hour

See how a radio DJ pursued his love for food.

by KRISANA GALLEZO
20 Oct 2014 | 1681 views

Check out the colorful AkzoNobel House designed through Dulux and automotive paints

Check out the colorful AkzoNobel House designed through Dulux and automotive paints

Its color and vibrance is inspired by ‘architecturally interesting’ Arab Street.

by KRISANA GALLEZO
28 Aug 2014 | 1628 views
 

3 men in their 30s built a pro-bono startup incubator

3 men in their 30s built a pro-bono startup incubator

Find out how Angels Gate Advisory plan to make Singapore the next Silicon Valley.

by KRISANA GALLEZO
2 Sep 2014 | 1124 views

CreoPop 3D pen with cool inks raised US$185K in crowdfunding

CreoPop 3D pen with cool inks raised US$185K in crowdfunding

It is so safe that even your children can use it.

by KRISANA GALLEZO
11 Sep 2014 | 1041 views
 

World Cup 2014 might have ended but this anti-gambling campaign is far from over

World Cup 2014 might have ended but this anti-gambling campaign is far from over

Many suggested to put it down amidst criticism, but Goodfellas cannot be stunned.

by KRISANA GALLEZO
15 Oct 2014 | 974 views
close Don't Show Again

STAY INFORMED! Get our free weekly newsletter