News

03:03 PM
Jonathan Camhi
Jonathan Camhi
Slideshows
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

A Growing Security Risk in IT Automation

The increasing use of automated processes could expose organizations to new forms of malware if proper monitoring and controls aren’t put in place.
Previous
3 of 4
Next


Adding to the lack o understanding around this risk, many large organizations don’t have a view of all of their SSH keys, who has access to them and how the processes they secure are connected throughout the IT infrastructure. “A few banks are interested in this area, and they go and pull a report [on all of their keys]. They find they have 1.5 million keys, and a lot of different people with access to those keys,” Thompson reports. “They have to map out: what is this app doing? And who does it talk to? One secure shell key could tunnel through multiple networks and applications.”

The study found that only 34% of the organizations involved that use SSH keys can generate reports on how many SSH keys they have in their server environment and what those keys are used for.

Working to map out all of the keys, centralizing management of access to the keys and putting monitoring in place to detect malware is a project that can take years, Thompson warns. But banks that are already keeping track of access to their SSH keys can significantly cut down the time on such a project, he adds.

 

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Previous
3 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
KBurger
50%
50%
KBurger,
User Rank: Author
3/10/2014 | 1:39:39 PM
re: A Growing Security Risk in IT Automation
I would hope that banking overall is far along with these kinds of efforts, although I would imagine it may be more of a challenge (not just technology, but also awareness/education) for smaller institutions.
Byurcan
50%
50%
Byurcan,
User Rank: Author
3/9/2014 | 2:38:52 AM
re: A Growing Security Risk in IT Automation
Surprising that only 44 percent of organizations polled monitor the logins of their keys' priveleged users, Thompson's comment that most companies haven't thought to much about SSh controls is telling.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Dec. 2, 2014
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.