Traditionally, identity and access management (IAM) has been used to manage the identities assigned to interactive human users. More recently, enterprises are beginning to adopt more and more process automation. As this trend progresses, the number of non-human identities is growing, while the number of identities assigned to human users remains stagnant or, in some cases, is even declining. The typical enterprise often hosts a greater number of identities assigned to automation because those processes drive a majority of the computing in large-scale data centres. Even so, many enterprise IAM deployments neglect this larger set of identities, even though it performs the majority of enterprise computing functions.
IAM solutions provide governance and visibility capabilities that enable organizations to provision and control access to their applications, cloud infrastructure, servers and structured and unstructured data. The majority of identities facilitating machine-to-machine (M2M) processes use Secure Shell for authentication, authorization and encryption for data transfers.
Secure Shell is optimal for these functions for the following reasons:
* It enables facilities to define and limit what functions a process may perform under a Secure Shell authorization. This meets the “need to know, need to do” criteria of basic IAM governance.
* It provides confidentiality of data in transit through encryption.
* Public key (PKI) based authentication supported by Secure Shell enables the process to present its credentials without requiring an interactive user to login via any interactive authentication process.
* The PKI based authentication process used by Secure Shell provides security for the login credentials. The private Secure Shell user key is never sent over the network.
Aside from these clear advantages, there are substantial gaps in IAM governance of identities that use Secure Shell. First, the provisioning of these identities is generally decentralized. Application owners, developers and process owners are able to appoint these identities, which can result in oversight around the creation of identities and their authorizations.
Secondly, the lack of visibility and central management of these identities leaves enterprises uncertain of the total number of Secure Shell identities created, what authorizations they permit and which authorizations are outdated. The typical enterprise server has between 8 and 100 Secure Shell authorizations, with some large enterprises having over a million keys, all contributing to a vast number of unmanaged M2M trust relationships.
The Universal Encryption Struggle
Although Secure Shell is widely used to securely access remote servers, many are surprised to learn that M2M communication makes up the majority – in some cases over 90 percent – of all Secure Shell traffic on their network. Most Secure Shell trust relationships grant access to production servers and transfer highly-sensitive data; including healthcare records, credit card information, intellectual property and other highly critical information.
Surprisingly, access to M2M encrypted channels via Secure Shell almost always lacks proper identity and IAM controls, creating substantial risk and compliance issues for enterprises. Any interactive user who has the proper authorization can manipulate and gain access to these uncontrolled M2M networks. The result is often that valuable information in the enterprise is left victim to unauthorized access.
Although Secure Shell keys enable remote access to critical systems and servers, many have never been changed. Even more shocking, numerous organizations lack procedures in place to approve and enforce who is given root-level access using these keys. A study conducted by a large bank – with over one million keys in use – uncovered that 10 percent of those keys granted unlimited administrative access to production servers; a potentially crippling liability.
Ironically, the very function that thwarts inappropriate access to sensitive data in-transit also prevents systems administrators from identifying when and where information is being accessed improperly using a hijacked key. All data-in-transit encryption, including Secure Shell, blinds layered security defense systems to malicious activity. Unless the organization has implemented encrypted channel monitoring, the security operations and forensics teams are unable to monitor activity. Encrypted channel monitoring allows security intelligence and DLP solutions to inspect, store and stop traffic to make sure hackers cannot use Secure Shell in an untraceable manner. This allows network administrators to monitor what a user is doing within the encrypted channel without exposing data during transmission.
The Evolution of Authentication
Many enterprises are reinforcing interactive user authentication methods in an effort to protect themselves against hacker attacks, as well as security compliance mandates. Some of theses procedures include: enforcing password strength, requiring periodic password changes and implementing two-factor authentication. These methodologies are intended to impede hacker efforts to access interactive accounts. These approaches are considered best practices and are encompassed in compliance requirements like PCI, SOX , FISMA and HIPAA.
Compliance regulations are currently being updated to include other methods of authentication beyond user names and passwords, such as credentials and keys. This will require auditors to flag cases where access is not being controlled via Secure Shell. This is a natural progression for compliance sanctions, particularly when the market is beginning to appreciate that strong standards are necessary to safeguard enterprises’ most critical business information.
Organizations should research, design and deploy IAM strategies that include processes designed specifically for M2M communications to provide the highest levels of security and accountability. A comprehensive, best practices-based IAM program that incorporates regulations for Secure Shell-based M2M security must address both the intelligence and provisioning aspects of IAM across a variety of environments.
Strong authentication practices can be achieved via the following Secure Shell key management best practices:
* Discovery and monitoring of trust relationships and unauthorized key deployments and removals
* Automating key creation, rotation and removal
* Limiting root access to servers so that only the key manager can establish or revoke keys
* Supervising traffic in encrypted channels
* Requiring proper key type, size and version of Secure Shell
* Monitoring where each key can be used from and what commands can be executed using the key
Ensuring that the enterprise’s IAM strategy includes strong Secure Shell access controls in M2M communications is imperative in an environment where more users, devices and machines are connected to the Internet and the company network than ever before. Although a universal encryption solution provides obvious network security advantages, left unmanaged it can present a significant liability. IT security, compliance and audit professionals must address Secure Shell access control and governance issues. The lack of such controls generates security vulnerabilities and can lead to non-compliance, resulting in significant fines. By reevaluating the organization’s Secure Shell environment, IT teams can expose and tackle M2M access control concerns.
Jonathan Lewis is director of product marketing for SSH Communications Security, where he is responsible for communicating the value and importance of effective Secure Shell access governance. Jonathan has diverse experience in the network and security industry including technical and business management roles at companies ranging from start-ups to global enterprises. His technology expertise includes VPN, Firewall, SSL, SSH and DDoS mitigation. Jonathan holds BSc and MSc degrees from McGill University and an MBA from Bentley College.