News

03:03 PM
Jonathan Camhi
Jonathan Camhi
Slideshows
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

A Growing Security Risk in IT Automation

The increasing use of automated processes could expose organizations to new forms of malware if proper monitoring and controls aren’t put in place.
Previous
3 of 4
Next


Adding to the lack o understanding around this risk, many large organizations don’t have a view of all of their SSH keys, who has access to them and how the processes they secure are connected throughout the IT infrastructure. “A few banks are interested in this area, and they go and pull a report [on all of their keys]. They find they have 1.5 million keys, and a lot of different people with access to those keys,” Thompson reports. “They have to map out: what is this app doing? And who does it talk to? One secure shell key could tunnel through multiple networks and applications.”

The study found that only 34% of the organizations involved that use SSH keys can generate reports on how many SSH keys they have in their server environment and what those keys are used for.

Working to map out all of the keys, centralizing management of access to the keys and putting monitoring in place to detect malware is a project that can take years, Thompson warns. But banks that are already keeping track of access to their SSH keys can significantly cut down the time on such a project, he adds.

 

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Previous
3 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
KBurger
50%
50%
KBurger,
User Rank: Strategist
3/10/2014 | 1:39:39 PM
re: A Growing Security Risk in IT Automation
I would hope that banking overall is far along with these kinds of efforts, although I would imagine it may be more of a challenge (not just technology, but also awareness/education) for smaller institutions.
Byurcan
50%
50%
Byurcan,
User Rank: Author
3/9/2014 | 2:38:52 AM
re: A Growing Security Risk in IT Automation
Surprising that only 44 percent of organizations polled monitor the logins of their keys' priveleged users, Thompson's comment that most companies haven't thought to much about SSh controls is telling.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video