Published 07. Jul. 2016
How to Ensure ICT Security and SOX Compliance
The Need for Compliance, Security, and Efficiency
The client company’s primary challenge is how to ensure compliance with the SOX regulatory requirements for its more than 500 servers in their services business production environment. Another is how to improve its overall security posture and operational efficiency. The secure maintenance access and file transfers to the servers are handled with the ubiquitous Secure Shell (SSH) protocol. The access control of the SSH servers must be controlled to guarantee that critical data can only be accessed by authorized personnel and processes. An ideal solution would cater to a multi-vendor environment and provide a SOX-compliant management of privileged ICT infrastructure access.
A Proactive Approach and Universal Solution
The Universal SSH Key Manager® was selected as the solution for managing the client company’s SSH environment. The deployment project was set so that after each stage, the solution benefits were measured, analyzed, and acted on. The client company’s security team worked closely with both SSH Communications Security and its local partner to ensure that all aspects of the client company’s requirements were noted, understood, and catered for in the deployed solution.
The final deliverable was a solution that:
- Discovers SSH Keys in the Environment – to establish the current state of access.
- Monitors SSH Use – to gain visibility into SSH authorizations as they happen.
- Remediates – to apply policy to SSH identities and keys.
- Manages SSH Use – to continuously control access and provide reporting.
All Goals Achieved
The client company achieved its primary goal of compliance with SOX. The proactive approach in compliance and security work also rendered subsequent audits effortless and easy. The proactive addressing of the security, identity, and access management issues provided a cost-effective improvement of the client company’s overall security posture and enhanced its operational efficiency – as the automated management of keys reduced the manual workload of IT personnel. The multi-vendor support of the Universal SSH Key Manager also allowed leveraging earlier IT security investments. In similar deployment cases, effective SSH key management has realized annual costs savings in millions of USD.
SSH Communications Security will be attending our 600Minutes Information and Cyber Security event in Finland on the 18th of May 2017 as a solution provider.