How to Address the Biggest Hole in Identity and Access Security

Presented by

Tatu Ylonen, Founder & SSH Fellow, SSH Communications Security, Inc.

About this talk

IDC called SSH keys “the gaping hole in your IAM strategy.” For a reason, when many banks and enterprises have literally millions of unaudited credentials granting access to their production servers and use OpenSSH configurations that allow any system administrator to self-provision permanent access to any server they use - for themselves and others - and there is no termination process for this access. It is a fundamental question of Who can access what, of separation of duties, and of enforcing internal boundaries (to PCI systems, financial data, health information, development vs. production, or classified compartments). Every cybersecurity regulation requires basic control of identities and access, and that is where real security starts. Half of the top 10 banks in US and UK have now began addressing the issue. Most other enterprises are only beginning to grasp the problem. This talk explains the issue and how to start addressing it. By the principal author of NIST IR 7966, the NIST guidelines for managing SSH access. About the Presenter: Tatu Ylonen is a cybersecurity pioneer with over 20 years of experience from the field. He invented SSH (Secure Shell), which is the plumbing used to manage most networks, servers, and data centers and implement automation for cost-effective systems management and file transfers. He is has also written several IETF standards, was the principal author of NIST IR 7966, and holds over 30 US patents - including some on the most widely used technologies in reliable telecommunications networks.

Related topics:

More from this channel

Upcoming talks (19)
On-demand talks (3501)
Subscribers (180260)
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.