For businesses today, encryption keys and digital certificates, used to secure sensitive data, mobile devices, Internet of Things, applications, cloud workloads and virtual machines, are truly the keys to the kingdom. As data and technology grow, the number of cryptographic keys, SSH keys and X.509 certificates continues to expand. Most organizations must manage and protect thousands or even tens of thousands of these keys and certificates. The sheer volume makes it difficult to keep track of where all of these keys and certificates are located, how they are used and when they expire.
Keyfactor says it has the answer, in the form of a major new feature to its Keyfactor Command PKI-as-a-service products to address this issue. SSH Key Manager automates access and distribution of SSH (Secure Shell) keys across machines, applications and devices, and integrates with many Linux and Unix systems.
The solution uses network-based discovery to find and inventory all SSH keys in the environment. Administrators can then map those keys to associated users and machines and continuously monitor their usage. System admins can generate and rotate keys using a simple self-service user interface or API. Keys are automatically provisioned and updated on devices.
The automated approach to key management makes sense, given the explosion of keys and certificates, said Edward Amoroso, CEO at TAG Cyber, a cybersecurity analysis and research firm.
"Most organizations manage keys in an ad hoc manner, often using manual procedures. The problem is that cryptography has spread to so many different organizations that the decision to manage keys is made by different groups with different goals and priorities. Network teams managing SSH keys, for example, might report into a different business unit than the security experts managing TLS keys," he explained.
Automated methods typically will increase accuracy, decrease the number of mistakes and reduce the risk of manual decisions becoming orphaned if a key individual changes position or leaves the company, he said. Automation also addresses security issues around key management by reducing the likelihood that vulnerabilities will created through mistakes in manual setup, administration and support for keys, certificates and other cryptographic artifacts, he added.
Security is a major benefit of the automated approach to key management, agreed Mark Thompson, Keyfactor's senior vice president of product management.
"Most teams aren’t aware of the extent that SSH keys have spread across their network, since responsibility to create and manage SSH keys is mostly left to system admins who prioritize efficiency over security," he said. "These keys provide some of the highest levels of access in the organization, yet they are largely overlooked. Unlike SSL certificates, SSH keys never expire – they often sit unmanaged and unprotected on the network for years, creating potential backdoors for attackers."