How to Ensure ICT Security and SOX Compliance

Cyber Security | Co-creation | Published 07. Jul. 16

Share with Your Professional Network

The case company is an international integrated oil and gas provider with services division and back offices needing to meet regulatory requirements like the Sarbanes-Oxley Act (SOX). How has SSH helped with not just its compliance requirements but overall security and operational efficiency goals?

eur-port-1356670_960_720

The Need for Compliance, Security, and Efficiency 

The client company’s primary challenge is how to ensure compliance with the SOX regulatory requirements for its more than 500 servers in their services business production environment. Another is how to improve its overall security posture and operational efficiency. The secure maintenance access and file transfers to the servers are handled with the ubiquitous Secure Shell (SSH) protocol. The access control of the SSH servers must be controlled to guarantee that critical data can only be accessed by authorized personnel and processes. An ideal solution would cater to a multi-vendor environment and provide a SOX-compliant management of privileged ICT infrastructure access.

A Proactive Approach and Universal Solution

The Universal SSH Key Manager® was selected as the solution for managing the client company’s SSH environment. The deployment project was set so that after each stage, the solution benefits were measured, analyzed, and acted on. The client company’s security team worked closely with both SSH Communications Security and its local partner to ensure that all aspects of the client company’s requirements were noted, understood, and catered for in the deployed solution.

The final deliverable was a solution that:

  • Discovers SSH Keys in the Environment – to establish the current state of access.
  • Monitors SSH Use – to gain visibility into SSH authorizations as they happen.
  • Remediates – to apply policy to SSH identities and keys.
  • Manages SSH Use – to  continuously control access and provide reporting.

All Goals Achieved

The client company achieved its primary goal of compliance with SOX. The proactive approach in compliance and security work also rendered subsequent audits effortless and easy. The proactive addressing of the security, identity, and access management issues provided a cost-effective improvement of the client company’s overall security posture and enhanced its operational efficiency – as the automated management of keys reduced the manual workload of IT personnel. The multi-vendor support of the Universal SSH Key Manager also allowed leveraging earlier IT security investments. In similar deployment cases, effective SSH key management has realized annual costs savings in millions of USD.


SSH Communications Security will be attending our 600Minutes Information and Cyber Security event in Finland on the 18th of May 2017 as a solution provider.


The Most Efficient Working Day!

Invited Guests

The most efficient working day. Insights and ideas from the stage and from a network of executives. The best solutions for your business challenges.

Read more »

Solution Providers

Meet executives with investment needs. Bring your solutions and insights to your most potential clients. 11 markets, 20 000 executives, guaranteed meetings.

Read more »

Management Events brings together top-level executives and solution providers, providing high value to both parties. Our concept attracts 20 000 visionary leaders to our events in eleven countries, over 170 times a year. Management Events Surveys provides insights and trends for solution providers and executives, helping them gain deeper understanding of challenges and needs of the largest corporations.

Sorry but your browser screen is too small for this site.