Search

COMMENTARY
INFORMATION TECHNOLOGY | Contributed Content, Singapore
Published: 10 Aug 12
1113 views


Tommi Lampila

3 challenges in user key management

BY TOMMI LAMPILA

Singapore, as an international city and the regional business and financial hub of Asia Pacific, has been inextricably in line with international standards of excellence.

While the adoption of the PCI-DSS and Sarbanes-Oxley Act (SOX) SOX standards began among North American organizations, multinational companies with global presence are adopting the standards and compliance efforts centred on them are increasing. For example, companies that need to be compliant with PCI-DSS also require their partners that exchange and co-process credit card data, to maintain the compliance.

Early before the development of the compliance requirements, global enterprises have adopted Secure Shell (SSH), a network protocol invented in 1995 for securing data communication. Today over 3000 global organisations use the SSH data-in-transit solution for moving information, including 7 of the Fortune 10 and trends have shown that there is an increase of SSH usage in the financial industry to meet compliance in recent years.

For these enterprises, the most critical enterprise data and applications are often transported and housed on SSH and OpenSSH servers. In order to access the data, user authentication is required. However, in today’s complex enterprise environments, it is nearly impossible to map the trust relationships between individual users, system accounts and application ID’s to their respective targeted destination SSH servers.

Enterprises typically have one or more IMS (Identity Management System) for their users, which usually does not encompass access to all systems and accounts across the enterprise and provides no visibility into user keys keys that provide access to the organizations most sensitive information.

Traditional manual approaches to managing user keys are not only time consuming and expensive; but also easily trigger manual errors in key setups. This not only poses a major security and compliance risk, but has also proven to be cost ineffective.

Challenges in managing keys

1. Compliance
Today the compliance standards are higher and even more specific on user key management. For instance, PCI DSS requires enterprises to “Protect encryption keys issued for encryption of cardholder data against disclosure and misuse.” and “Fully document and implement all key management processes and procedures”.

In addition, the ISO 27001-1 also specifies requirements for key management. Organizations need to expend more effort to comply with the more stringent requirements.

2. High cost
Setting up new keys and trust-relationships in traditionally manual way is complex. It is even more complex to rotate and remove the keys. The more dynamic the environments are, the more key operations are required. The widespread cloud and grid computing adoption has increased the burden of IT departments of many of institutions.

3. Growing risk
According to the IBM X-Force 2011 Trend and Risk Report, there were a large number of automated password guessing attempts directed at secure shell servers in the latter half of 2011.

In addition, the top 10 threat actions types by number of breaches within larger organizations, “Use of stolen login credentials” ranked no. 1, according to 2012 Data Breach Investigations Report by Verizon. The present situation calls for enterprises to seek ways to eliminate complex manual work, reduce risk of unauthorized access, improve visibility and meet compliance.

A logical three phased approach of user keys management The best practice of user keys management to overcome these challenges should include three phrases: discovery, monitoring and management.

First, the legacy environment of existing deployed private and public SSH keys and their associated users are discovered and manual errors and mismanagement in the past are then identified.

Thereafter, this environment is locked down and monitored, and the authorized users are linked to the respective servers via user and group information, as well as the defined access policies.

Finally, the environment is brought under automatic management, and user keys are automatically deployed, revoked, recertified and rotated according to changes in the operational environment and user repositories. 

The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.

Tommi Lampila

Tommi Lampila

Tommi Lampila is the Vice President, APAC, SSH Communications Security. 

Contact Information



Sign up for our newsletter

 

Do you know more about this story? Contact us anonymously through this link.

Click here to learn about advertising, content sponsorship, events & rountables, custom media solutions, whitepaper writing, sales leads or eDM opportunities with us.

To get a media kit and information on advertising or sponsoring click here.

Tags: Tommi Lampila, SSH Communications Security, PCI-DSS Singapore, Singapore's enterprise environment, Identity Management Sytem in Sngapore

LATEST INFORMATION TECHNOLOGY JOBS »
  • No jobs posted on this category.
PRINT ISSUE »

Subscribe Now
Singapore singled out in Asia for weak M&A appetite

284 views

Is the KL-Singapore High-Speed Rail project still on the right track?

666 views

The changing taste of Asian art collectors bodes well for the Western art market

44 views

MOST READ EXCLUSIVES

Here are the credit card deals you shouldn't miss during the Great Singapore Sale 2015

Here are the credit card deals you shouldn\'t miss during the Great Singapore Sale 2015

The GSS begins today.

by MARIANNE ESTIOCO
29 May 2015 | 28985 views
 

Check out P&G Singapore’s new office with outdoor working spaces

Check out P&G Singapore’s new office with outdoor working spaces

It occupies 6 contiguous floors within The Metropolis.

by LEE ANNE BABIERRA
30 Apr 2015 | 25370 views

Bosch’s cutting-edge regional HQ is one of the greenest buildings you’ll find in Singapore

Bosch’s cutting-edge regional HQ is one of the greenest buildings you’ll find in Singapore

It boasts an automated sun-shading system.

by MARIANNE ESTIOCO
7 Jul 2015 | 13920 views
 

This retired banker's fintech startup makes complicated wealth management a piece of cake

This retired banker\'s fintech startup makes complicated wealth management a piece of cake

Mesitis provides low-cost aggregated wealth reporting for all investors.

by MARIANNE ESTIOCO
25 May 2015 | 9174 views

Husband and wife duo ditch plum banking jobs to shake up Singapore’s HR scene

Husband and wife duo ditch plum banking jobs to shake up Singapore’s HR scene

This small start-up has global dreams.

by MARIANNE ESTIOCO
8 Jul 2015 | 8828 views
 

10 smart ways to spend your GST Vouchers

10 smart ways to spend your GST Vouchers

Regardless of how much you spend, aim to spend it well.

by KRISANA GALLEZO-ESTAURA
8 Jul 2015 | 7134 views

Check out this quaint co-working space that occupies 5 conservation shophouses

Check out this quaint co-working space that occupies 5 conservation shophouses

It has private offices, an events space, and even a beer garden.

by MARIANNE ESTIOCO
22 May 2015 | 4729 views
 

TAIGER’s office bids goodbye to claustrophobia-inducing cubicles

TAIGER’s office bids goodbye to claustrophobia-inducing cubicles

Walls and windows function as a big canvas.

by MARIANNE ESTIOCO
15 Jul 2015 | 3872 views

Hootsuite boosts its APAC team opening a new office in Singapore

Hootsuite boosts its APAC team opening a new office in Singapore

Its VP talks about the importance of the company’s culture in line with opening the new space.

by LEE ANNE BABIERRA
18 Jun 2015 | 2855 views
 

Get bitten by the travel bug in Skyscanner’s quirky Asia-Pacific headquarters

Get bitten by the travel bug in Skyscanner’s quirky Asia-Pacific headquarters

Meeting rooms are named after Asian tourist spots.

by MARIANNE ESTIOCO
5 Jun 2015 | 2797 views

Bye bye blurry video calls: Here’s a WebRTC startup that offers close to HD video quality using any device

Bye bye blurry video calls: Here’s a WebRTC startup that offers close to HD video quality using any device

Find out how they are building the next generation of web communications.

by LEE ANNE BABIERRA
2 Jun 2015 | 2278 views
 

HAITE Group launches its first aviation training center in Singapore

HAITE Group launches its first aviation training center in Singapore

It is the first major investment by a Chinese aerospace firm.

by KRISANA GALLEZO-ESTAURA
13 May 2015 | 1915 views

El Mero Mero founder says Mexican food is not just about tacos and burritos

El Mero Mero founder says Mexican food is not just about tacos and burritos

See how a former legal professional pursued his passion for food.

by LEE ANNE BABIERRA
26 May 2015 | 1645 views
 

This bold ad film tells you what happens when maids are not given their due day off

This bold ad film tells you what happens when maids are not given their due day off

‘Mums & Maids’ generated 5 million views in 5 days.

by KRISANA GALLEZO-ESTAURA
7 May 2015 | 1385 views

This handy app lets you book nearly any service under the sun

This handy app lets you book nearly any service under the sun

Find technicians, babysitters and more with Page Advisor.

by MARIANNE ESTIOCO
8 Jun 2015 | 1331 views
 

Singapore retailers turn to technology to boost productivity

Singapore retailers turn to technology to boost productivity

Shopping for the first child is always challenging for the parents.

by STAFF REPORTER
15 May 2015 | 1202 views

This app is out to prove that Singapore is anything but boring

This app is out to prove that Singapore is anything but boring

And Sugar helps SMEs in the process too.

by MARIANNE ESTIOCO
2 Jun 2015 | 1201 views
 

PwC Singapore launches its first Investment Fund Centre in Asia

PwC Singapore launches its first Investment Fund Centre in Asia

Expanding its presence in the asset management sector across Asian region.

by LEE ANNE BABIERRA
29 Jun 2015 | 1156 views

Hey, boss: This startup wants to be your all-around sidekick

Hey, boss: This startup wants to be your all-around sidekick

Alpha7 wants SMEs to join the Cloud.

by STAFF REPORTER
16 Jun 2015 | 1128 views
 

Get your head in the game: Testing challenges await the Internet of Things

Get your head in the game: Testing challenges await the Internet of Things

Industry experts share their concerns over security and testing standards.

by LEE ANNE BABIERRA
4 Jun 2015 | 1051 views

How do you like getting cash rebates when shopping online?

How do you like getting cash rebates when shopping online?

ShopBack introduces this concept in Southeast Asia.

by STAFF REPORTER
21 Jul 2015 | 949 views
 

Need some help? This app lets you book a cleaner in five minutes flat

Need some help? This app lets you book a cleaner in five minutes flat

Sendhelper is the new breed of booking apps.

by MARIANNE ESTIOCO
26 May 2015 | 937 views

Former strategy advisor reveals aspirations with his newest mobile app startup

Former strategy advisor reveals aspirations with his newest mobile app startup

Rediscover and fall in love with your city all over again.

by LEE ANNE BABIERRA
22 May 2015 | 898 views
 

Leave your valuables unattended: This on-demand cleaning service offers $1m liability insurance

Leave your valuables unattended: This on-demand cleaning service offers $1m liability insurance

Book a reliable cleaner in seconds with Helpling.

by MARIANNE ESTIOCO
22 Jun 2015 | 889 views

Asian corporates face tough balancing act as sustainability issues mount

Asian corporates face tough balancing act as sustainability issues mount

Discover the changing face of Asian CSR.

by MARIANNE ESTIOCO
1 Jul 2015 | 504 views
 
close Don't Show Again

STAY INFORMED! Get our free weekly newsletter