SSH Keys: Security Asset or Liability?

Presented by

Mike Dodson, VP WW Customer Security Strategy & Solutions, Venafi

About this talk

Weak practices around protecting SSH keys expose businesses to costly risk, impacting the most sensitive systems and data. Then incomplete auditing practices allow that risk to go unaddressed. SSH keys are often used for routine administrative tasks by system administrators, and privileged access management (PAM) systems ensure proper oversight. However, SSH keys are also used for secure machine-to-machine automation of critical business functions. PAM solutions don’t help secure these machine identities, and most audit programs overlook this important risk. This session discusses the common mistakes that almost all enterprises make around security, policy and auditing practices when managing SSH keys, including current survey results.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (106)
Subscribers (9946)
There are two actors on a network: people and machines. People rely on usernames and passwords to identify themselves and gain access to machines, applications and devices. Machines use digital keys and certificates to authenticate for secure machine-to-machine communication. While organizations spend billions of dollars each year on identity and access management and protecting usernames and passwords, very little is spent on protecting machine identities, which is essential to securing critical systems and data. The Venafi Platform delivers the machine identity intelligence and automation necessary to automatically safeguard the flow of information to trusted machines and prevent communication with untrusted ones—all at machine speed and scale. Venafi protects the largest, most sensitive networks in the world, and our more than 280 customers include 4 of the Top 5 US Banks, 4 of the Top 5 UK Banks, 5 of the Top 5 US Health Insurers and 4 of the Top 5 US Retailers. Venafi solutions help organizations: - Prevent breaches - Eliminate outages - Orchestrate PKI - Protect SSH access - Pass compliance audits - Automate DevOps Visit