Search

COMMENTARY
INFORMATION TECHNOLOGY | Contributed Content, Singapore
Published: 10 Aug 12
919 views


Tommi Lampila

3 challenges in user key management

BY TOMMI LAMPILA

Singapore, as an international city and the regional business and financial hub of Asia Pacific, has been inextricably in line with international standards of excellence.

While the adoption of the PCI-DSS and Sarbanes-Oxley Act (SOX) SOX standards began among North American organizations, multinational companies with global presence are adopting the standards and compliance efforts centred on them are increasing. For example, companies that need to be compliant with PCI-DSS also require their partners that exchange and co-process credit card data, to maintain the compliance.

Early before the development of the compliance requirements, global enterprises have adopted Secure Shell (SSH), a network protocol invented in 1995 for securing data communication. Today over 3000 global organisations use the SSH data-in-transit solution for moving information, including 7 of the Fortune 10 and trends have shown that there is an increase of SSH usage in the financial industry to meet compliance in recent years.

For these enterprises, the most critical enterprise data and applications are often transported and housed on SSH and OpenSSH servers. In order to access the data, user authentication is required. However, in today’s complex enterprise environments, it is nearly impossible to map the trust relationships between individual users, system accounts and application ID’s to their respective targeted destination SSH servers.

Enterprises typically have one or more IMS (Identity Management System) for their users, which usually does not encompass access to all systems and accounts across the enterprise and provides no visibility into user keys keys that provide access to the organizations most sensitive information.

Traditional manual approaches to managing user keys are not only time consuming and expensive; but also easily trigger manual errors in key setups. This not only poses a major security and compliance risk, but has also proven to be cost ineffective.

Challenges in managing keys

1. Compliance
Today the compliance standards are higher and even more specific on user key management. For instance, PCI DSS requires enterprises to “Protect encryption keys issued for encryption of cardholder data against disclosure and misuse.” and “Fully document and implement all key management processes and procedures”.

In addition, the ISO 27001-1 also specifies requirements for key management. Organizations need to expend more effort to comply with the more stringent requirements.

2. High cost
Setting up new keys and trust-relationships in traditionally manual way is complex. It is even more complex to rotate and remove the keys. The more dynamic the environments are, the more key operations are required. The widespread cloud and grid computing adoption has increased the burden of IT departments of many of institutions.

3. Growing risk
According to the IBM X-Force 2011 Trend and Risk Report, there were a large number of automated password guessing attempts directed at secure shell servers in the latter half of 2011.

In addition, the top 10 threat actions types by number of breaches within larger organizations, “Use of stolen login credentials” ranked no. 1, according to 2012 Data Breach Investigations Report by Verizon. The present situation calls for enterprises to seek ways to eliminate complex manual work, reduce risk of unauthorized access, improve visibility and meet compliance.

A logical three phased approach of user keys management The best practice of user keys management to overcome these challenges should include three phrases: discovery, monitoring and management.

First, the legacy environment of existing deployed private and public SSH keys and their associated users are discovered and manual errors and mismanagement in the past are then identified.

Thereafter, this environment is locked down and monitored, and the authorized users are linked to the respective servers via user and group information, as well as the defined access policies.

Finally, the environment is brought under automatic management, and user keys are automatically deployed, revoked, recertified and rotated according to changes in the operational environment and user repositories. 

The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.

Tommi Lampila

Tommi Lampila

Tommi Lampila is the Vice President, APAC, SSH Communications Security. 

Contact Information



Sign up for our newsletter

 

Do you know more about this story? Contact us anonymously through this link.

Click here to learn about advertising, content sponsorship, events & rountables, custom media solutions, whitepaper writing, sales leads or eDM opportunities with us.

To get a media kit and information on advertising or sponsoring click here.

Tags: Tommi Lampila, SSH Communications Security, PCI-DSS Singapore, Singapore's enterprise environment, Identity Management Sytem in Sngapore

PRINT ISSUE »

Subscribe Now
Trains, planes, automobiles and drones

117 views

As goes Hong Kong, so goes Singapore?

970 views

Office property shows no signs of a slowdown

253 views

MOST READ EXCLUSIVES

Singapore’s 20 hotels with most expensive buffet lunches

Singapore’s 20 hotels with most expensive buffet lunches

What is for lunch?

by KRISANA GALLEZO
6 Jun 2014 | 164497 views
 

Singapore’s 20 most expensive hotel suites

Singapore’s 20 most expensive hotel suites

Guess which tops the list at S$20,000 a night.

by KRISANA GALLEZO
30 May 2014 | 139169 views

Singapore’s 18 MBA programmes under $30,000

Singapore’s 18 MBA programmes under $30,000

The cheapest is at SGD15,000.

by KRISANA GALLEZO
17 Jun 2014 | 101719 views
 

10 hottest ad execs and marketers under 40

10 hottest ad execs and marketers under 40

Find out who made it to the list.

by KRISANA GALLEZO
14 May 2014 | 79223 views

Singapore’s 10 most expensive MBA Programmes

Singapore’s 10 most expensive MBA Programmes

The costliest is being offered at over $100,000.

by KRISANA GALLEZO
26 Jun 2014 | 77419 views
 

Singapore’s 10 hottest 40 and under restaurateurs

Singapore’s 10 hottest 40 and under restaurateurs

The list includes a restaurateur as young as 27.

by KRISANA GALLEZO
3 Jul 2014 | 36227 views

Singapore's 7 hot new restaurants in May

Singapore\'s 7 hot new restaurants in May

Have you tried them all?

by KRISANA GALLEZO
5 Jun 2014 | 21800 views
 

Singapore’s 8 hot new restaurants in June

Singapore’s 8 hot new restaurants in June

Have you dropped by to check them out?

by KRISANA GALLEZO
3 Jul 2014 | 20490 views

Korea’s Yoogane to open second outlet in Singapore

Korea’s Yoogane to open second outlet in Singapore

More outlets are soon to come.

by KRISANA GALLEZO
29 May 2014 | 14931 views
 

Pratt & Whitney Singapore office makes you feel like you’re in the outer space

Pratt & Whitney Singapore office makes you feel like you’re in the outer space

Take a sneak peek.

by KRISANA GALLEZO
25 Jun 2014 | 12513 views

Towers Watson Singapore’s Spa Room allows staff to regenerate during lazy hours

Towers Watson Singapore’s Spa Room allows staff to regenerate during lazy hours

Also, check out awesome photos of redesigned meeting rooms and clubhouse.

by KRISANA GALLEZO
9 Jul 2014 | 9538 views
 

Taiwan’s Sufood hit Singapore

Taiwan’s Sufood hit Singapore

Eight more outlets coming in five years.

by KRISANA GALLEZO
12 Jun 2014 | 6745 views

Find out how 3 young men at 20s founded a startup

Find out how 3 young men at 20s founded a startup

At 21, they built a job portal to help young people find their jobs.

by KRISANA GALLEZO
10 Jul 2014 | 3083 views
 

What 3 market leaders can tell you about price comparison sites in Singapore

What 3 market leaders can tell you about price comparison sites in Singapore

Financial price comparison sites face lack of consumer’s confidence.

by KRISANA GALLEZO
10 Jul 2014 | 2675 views

Singapore startup builds world’s first crowdpricing platform

Singapore startup builds world’s first crowdpricing platform

Here’s how you could end up paying less.

by KRISANA GALLEZO
29 May 2014 | 1437 views
 

Meet the man who wants to change mobile networking in Singapore

Meet the man who wants to change mobile networking in Singapore

It’s all about ‘the art of click'.

by STAFF REPORTER
7 May 2014 | 1433 views

RIP Tiger Mandala: What carrier is next to die?

RIP Tiger Mandala: What carrier is next to die?

See why Singapore based carriers are the least advantaged.

by KRISANA GALLEZO
27 Jun 2014 | 1428 views
 

I bet you’ll cry after watching this: Singaporeans say ‘thank you’ to migrant workers

I bet you’ll cry after watching this: Singaporeans say ‘thank you’ to migrant workers

It has been viewed and shared nearly 425,000 times.

by KRISANA GALLEZO
27 Jun 2014 | 1370 views

Might as well say, what the :pluck?

Might as well say, what the :pluck?

Ann Siang Hill and Club Street welcome a new 45-seat dining enclave.

by KRISANA GALLEZO
26 Jun 2014 | 1171 views
 

Singpost acquires Store House in Hong Kong for $12.2m

Singpost acquires Store House in Hong Kong for $12.2m

Here's how management compares HK's self storage market with Singapore's.

by KRISANA GALLEZO
11 Jul 2014 | 1152 views

KepLand in the spotlight: After Equity Plaza, what's next to sell?

KepLand in the spotlight: After Equity Plaza, what\'s next to sell?

Keppel Land determined to hold its stake in MBFC Tower 3.

by KRISANA GALLEZO
26 Jun 2014 | 1123 views
 

See how 99.co plans to pacify exasperated house-hunters in Singapore

See how 99.co plans to pacify exasperated house-hunters in Singapore

Tired of bogus listings?

by CARMINA JARIEL
22 May 2014 | 1119 views

Experience in 3D how your neighborhood will look like if sea levels rise

Experience in 3D how your neighborhood will look like if sea levels rise

This site is hitting almost a million unique visitors already.

by KRISANA GALLEZO
13 Jun 2014 | 981 views
 

Take a tour at Potato Head Folk’s whimsical dining enclave

Take a tour at Potato Head Folk’s whimsical dining enclave

Murals on the walls inspired by 1930s children’s books are fascinating.

by KRISANA GALLEZO
10 Jul 2014 | 971 views

Check out this WhatsApp like program for online chatting

Check out this WhatsApp like program for online chatting

This startup is on its final stages of closing $500,000 fund.

by KRISANA GALLEZO
19 Jun 2014 | 861 views
 

NUS alumni launch Singapore’s first business-sourcing platform

NUS alumni launch Singapore’s first business-sourcing platform

Its total seed funding now exceeded $100,000.

by KRISANA GALLEZO
26 Jun 2014 | 819 views

Check how this campaign compelled many Singaporeans to quit smoking

Check how this campaign compelled many Singaporeans to quit smoking

It claims of reversing five-year upward trend in smoking.

by KRISANA GALLEZO
20 Jun 2014 | 764 views
 

Get a taste of this new food hub offering in-house brewed beer

Get a taste of this new food hub offering in-house brewed beer

See how a game developer and an aircraft engineer pursue their passion for cooking.

by KRISANA GALLEZO
19 Jun 2014 | 700 views

Meet the man behind homegrown K.G. Tan & Co. PAC

Meet the man behind homegrown K.G. Tan & Co. PAC

The rest is history after he founded the firm in 2006.

by KRISANA GALLEZO
25 Jun 2014 | 675 views
 

AdHocSpace creates first short-term space booking portal in Asia

AdHocSpace creates first short-term space booking portal in Asia

Will it become the AirBnB for short-term commercial space rental?

by KRISANA GALLEZO
12 Jun 2014 | 600 views
close Don't Show Again

STAY INFORMED! Get our free weekly newsletter