Over the past few years, servers have changed dramatically. With the accelerated migration of data and services to the cloud, servers are growing and changing in nature, becoming more dynamic and elastic—making their management even more complex. The increase of cloud-based servers combined with existing on-premises servers creates a hybrid environment that puts a lot of pressure on access management. The pressing concern is how to efficiently manage the thousands of privileged access credentials and machine identities, like SSH keys, that grant access to your critical infrastructure in the framework of a Zero Trust architecture.
SSH machine identity management and Zero Trust
Secure Shell protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
SSH offers many benefits to admins and IT managers, hence it has become a favorite tool for managing critical servers spread all over a corporate ecosystem.
- It is the de-facto standard for remote administration of servers, with SSH keys acting as identities to enable automated authentication, encryption, and authorization.
- It is secure, flexible, and easy to use, while it encompasses many other protocols, such as SFTP, SCP and RSYNC.
- It provides a simplified access path to critical systems wherever they are – in the cloud or on-premises.
- SSH keys bear no meta data and never expire.
Besides the benefits, the management of a growing number of SSH keys brings many challenges. Because of the ongoing digital transformation efforts, large enterprises have accumulated tens of thousands of SSH keys in their environment. However, these keys are not associated by default with a human identity. Organizations have no way of tracking how their keys are used—who uses the keys? Which keys should be deleted? Which keys have become obsolete? And so on.
Another problematic area is that most companies manage these SSH keys manually, or even worse, they fail to manage them. Poor SSH key management creates even more problems, including:
- Human error
- Key sprawl
- Risks associated with SSH keys (orphaned keys, duplicate keys, etc.)
- Policy violation
- Compromised SSH keys
- Failed SSH audits
Knowing that SSH provides simplified access to critical systems, it is evident that having a proper SSH machine identity management strategy in place is a vital step towards achieving Zero Trust.
(Re)Defining trust with Zero Trust
In a recent article, Forrester defined modern Zero Trust as:
“An information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices.”
Based on this definition, the fundamentals of Zero Trust can be summarized as:
- Default deny
- Access by policy only
- For data, workloads, users, devices
A Zero Trust approach to cybersecurity is becoming increasingly important as businesses are being transformed into software-defined, boundary-less entities. The notion of a perimeter behind four walls is obscure as is the traditional notion of “trust what’s inside but defend what’s outside.” In cloud-based enterprises, every employee is inside and outside the organization, accessing systems and data through multiple pathways.
“Zero Trust focuses on protecting resources, not network segments, as the network location is no longer seen as the prime component to the security posture of the resource,” specifies NIST SP 800-207 on Zero Trust Architecture.
As a result, identity has emerged as the new frontier to defend. We have to know the identity of each entity requesting access to systems and networks. Each identity, whether a human identity or a machine identity, needs to be authenticated and validated beyond any doubt before being granted access.
An identity-centric Zero Trust security is driven by the exploding number of dynamic cloud-based entities and machines like apps, microservices, and containers. All these workloads need to have a unique identity and security teams need automated ways to manage all these identities to implement the Zero Trust principles as soon as new infrastructure is created.
Managing SSH keys plays a critical role in Zero Trust
Cryptographic assets like SSH keys must be managed effectively and protected from misuse to ensure that every identity can be verified and trusted. SSH machine identity management aims to establish and manage trust in the identity of every machine across your enterprise, enabling your organization to build trust relationships between identities and resources.
Gaining visibility and intelligence into the twisted web of SSH keys that exist in an organization is a crucial step to achieving Zero Trust. A robust SSH machine identity management strategy should focus on the following elements:
- Visibility: The foundation of your strategy. Scan the enterprise environment for SSH keys and inventory the discovered keys.
- Intelligence: Map all keys in inventory to NIST 800-53 to see where there are evident problems with how these keys are being used. This allows companies to track who is accessing their systems via SSH and begin to put policy in place to start eliminating the key sprawl.
- Automation: Automate the SSH key lifecycle so enterprises can begin to cut back on the time it takes to provision and manage keys throughout large environments as well as remove keys from multiple machines with the click of a button, rather than manually, which is error prone and costs time and money.
- SSH Certificates: Issue and provision SSH certificates instead of SSH keys. SSH certificates improve security and policy enforcement by having meta data built-in, so they are harder to exploit and have an expiration date. They also provide better visibility for InfoSec teams by providing insight into who is requesting the certificates.
Venafi Confidential SSH Risk Assessment
For customers interested in starting on the path of Zero Trust for SSH keys, Venafi offers a free SSH risk assessment on a subset of their environment. This includes scanning the subset of servers, discovering the keys on those servers, and mapping out the risks associated with those keys. A report is produced and debriefed with the customer to show the risks that were found along with actionable steps that can be taken to remediate the issues.
Venafi SSH Protect
Venafi SSH Protect gives organizations the tools they need to make intelligent decisions how to remediate their risk and take steps towards achieving Zero Trust, all while increasing business efficiencies via automation for the complicated problem that is SSH machine identity management.