The SSH protocol and keys have become a critical security component of digital transformation. Organizations are increasingly migrating IT infrastructure to the cloud and developing apps and services using DevOps methodologies.
Digital strategies were accelerated during 2020 as a response to the challenges introduced by the coronavirus pandemic. As Gartner points out in its recently published Hype Cycle for Identity and Access Management Technologies 2020, “For many enterprises, the global pandemic has compressed years-long strategic change into months, even weeks. For others, it has forced them to adopt approaches that they’d previously been cautious about.”
What is multi-cloud SSH key management?
Multi-cloud key management is the process of centralizing secure key management capabilities in environments where you are using multiple different clouds. Providing consistent key management across several cloud environments will help you scale securely across multiple public cloud and hybrid environments, where each cloud manages keys, secrets and tokenization in a unique way.
Multi-cloud adoption makes SSH key management more complex
Systems administrators use SSH keys as trusted machine identities, which are critical to the success of digital business initiatives. The number of SSH keys owned by businesses has skyrocketed following the increase in the number of machines that must be managed and protected—including mobile devices, virtual machines, APIs, algorithms and containers. However, the increase of SSH machine identities has created new challenges, since SSH keys are difficult to manage and secure because they never expire and are rarely removed.
These business developments together with the adoption of multiple cloud platforms underline the importance of effective SSH key management in the cloud. However, each cloud provider treats these SSH keys differently, increasing the complexity in managing the keys, which is more evident when businesses adopt multi-cloud environments. For example, cloud service providers allow users to either generate new keys or use an existing key pair, while SSH access is configured and managed differently in each cloud environment. As a result, while SSH keys are easy to generate, it is becoming harder to keep an updated inventory of keys and their trust relationships.
The shared responsibility model: How businesses fail to protect their SSH keys in the cloud
The overarching principle in cloud security is the Shared Responsibility Model. The Shared Responsibility Model, in essence, requires cloud service providers like Amazon Web Service (AWS), Microsoft Azure, or Google Cloud Platform (GCP) to survey and address security threats associated with the cloud platform and its fundamental infrastructure. Although some security responsibilities have shifted from the customer to the cloud service provider, it is always the customer’s responsibility to manage, maintain and protect their data, the encryption keys and the SSH keys. To do so, businesses need to ensure consistency of control, policies and visibility across multiple cloud platforms.
Despite their importance, a Venafi study highlighted that CIOs do not understand the scale or potential impact of the security risks connected with their SSH keys:
- 68% of CIOs admit that managing SSH will only become more difficult as digital transformation accelerates.
- Although 96% of CIOs have developed policies that require the removal of SSH keys when employees are terminated or transferred, 40% of them don’t have automated ways to remove unused keys.
- Enterprises have an average of more than 3,000 SSH shared private keys, which is a clear deviation from established best practices.
- Enterprises have an average of more than 10,000 root access orphan keys that can act as backdoors for malicious actors to penetrate the corporate networks and spread SSH malware.
The risks of faulty multi-cloud SSH key management: SSH key sprawl and lack of governance
The key point highlighted in the Venafi survey of 550 CIOs is that there is a growing disconnect between policy and practice. This disconnection is evident from the number of duplicate shared keys, as well as the volume of SSH root access and root access orphan keys on the corporate networks.
The biggest challenge organizations are facing to make their SSH machine identity management programs effective is the lack of required capabilities.
- Lack of visibility. The lack of visibility into the entire SSH keys ecosystem results in failure to acquire the continuous intelligence necessary to understand and mitigate SSH keys risks, monitor and detect anomalies, or achieve and sustain compliance with security and privacy regulations and frameworks.
- Lack of automation. Organizations tend to rely on manual, error prone and time-consuming procedures instead of leveraging automated solutions to streamline and secure SSH key lifecycles and respond quickly to imminent threat events that may impact business-critical assets.
- Lack of policies: A lack of governance in creation and management of SSH keys can lead to the reckless proliferation of keys. And that makes unauthorized access difficult to detect. You also have no way of knowing if SSH keys are being duplicated or shared between users, making the connections less private and more prone to attacks.
- Lack of rapid remediation: It’s almost impossible to react quickly to an SSH security incident when you are faced with a dense and uncontrolled mesh of SSH machine identities. It can easily consume hours or days of costly staffing resources to sort through and clean up thousands of keys. This will only allow cybercriminals extra time to leverage the privileged access they’ve acquired while your administrators are busy attempting to remove all potential access paths.
The impact of these gaps in SSH key lifecycle management will become even more essential as organizations migrate more workloads to multiple clouds and utilize more SSH keys to automate routine tasks.
Best practices for multi-cloud SSH key management
Organizations need to take back control of their SSH keys and below are industry-recommended best practices to help organizations. As you will notice, the secret to these best practices is “automation.”
- Discover all SSH machine identities in the environment. Make this discovery a continuous process to ensure complete SSH inventory by using an automation solution.
- Determine the ownership and use cases for every SSH key leveraging automation.
- Automate the mapping of all trust relationships to users and machines to identify and remove any orphaned, shared or duplicate keys.
- Control and manage SSH identities and authorized keys with the help of automation.
- Control SSH configuration files and known hosts files using automated processes to prevent any tampering.
- Automate the enforcement of clearly defined SSH key management policies and audit against them.
The effective establishment of these best practices require a comprehensive SSH machine identity management solution that provides full visibility and leverages automation to manage and enforce policies. Venafi’s SSH Protect discovers where SSH keys are in your environments, as well as the strengths or weaknesses of their configurations. Automated SSH key lifecycle management empowers you to secure and streamline your SSH keys and the connections they enable.
(This post has been updated. It was originally published on March 11, 2021.)