SECRETIT dirty little‘s

inform

ation

tech

nology

Research brought to you by:

IT admins are leaving open backdoors–full root access–to

almost every server, virtual machine, and cloud service

within the enterprise.

SSH (Secure Shell) is a cryptographic security protocol used to connect administrators and machines. It is used everyday, in every enterprise network.

SSH provides full administrator access over encrypted sessionsthat bypasses network monitoring, perimeter based security solutions, and advanced threat protection systems. SSH keys are not being properly secured and provide unfettered admin access to valuable and sensitive data and valuable intellectual property.

SSH ??

A single SSH-key related security incidentcan cost U.S. organizations as much as

500,000$

PaymentSystems

HealthcareDatabases

Air TrafficControl Systems

Cloud infrastructure-as-a-service systems

SSHis used to connectto systems such as:

EXP. NEVER!

EXP. 1 YEAR

IT administrators, not IT security, are responsible for securing and protecting their SSH keys.

Unlike digital certificates, SSH keys never expire, leaving backdoors open forever!

have no security controls for SSH that provides would-be hackers unfettered, root access.

3 OUT OF 4 ENTERPRISES

Of organizations are leaving a permanent backdoor open.Never changing SSH keys allows ex-staff and previous attackers to gain access.

46%

Either never change their SSH keys or change them, at best, once every 12 months.

The average IT user changes their password every

60-90 days

***************

YET

82%

(at least the ones that know)

OF ORGANIZATIONS REPORT BREACHES DUETO FAILED SSH SECURITY IN THE LAST 24 MONTHS

ALL OF THIS HAS ALREADY LED TO

51%

2 daysthe average enterprise

takes almostto respond to a SSH compromise if it’s detected

THE LACK OF IT SECURITY CAPABILITIES MEANS

60% OF RESPONDENTS REPORTED THAT THEIR ORGANIZATIONS CANNOT DETECT NEW SSH KEYS INTRODUCED ONTO THEIR NETWORKS;

relying on administrators to report and track themmanually and without oversight.

Only 13% of organizations think IT security should be responsible, continuing the insanity - root administrator access is wide open while IT security is scrambling to stop cybercriminal attacks.

It’s no wonder,

76% of enterprisesreport no systems to secure SSH when using the cloud

IT security can’t tolerate this insanity any more. Root level access and SSH will kill everything

else that IT security has worked to build.

CEOs, CIOs, CISOs are tolerating insanityallowing IT admins to run their SSH security

and expecting to stay secure.

For more information visit: www.venafi.com/Ponemon